Plugin Information
View openid on the plugin site for more information.
The previous versions of this plugin may not be safe to use. Please review the following warnings before use:
The plugin has two somewhat different mode of operations:
On the side mode: Keep the existing security realm and just use OpenID as a way to login without typing a password. That is, Jenkins is still taking user/group information from some source (such as Active Directory, LDAP, etc.), and with this plugin useres can now login to their user accounts by associating OpenID with their accounts.
SSO mode: You’ll designate one OpenID provider as the authoritative source of the user information in Jenkins. The user must login through this OpenID provider, and the user account will be automatically created and linked to it.
Requires JDK 17, Maven 3.9.6 or higher.
mvn -U clean package
If the user needs to disable test just run
mvn -U -DskipTests=true clean package
As of 2.1 this mode is off by default for new installations. Upgrades should retain the configuration as on. In this mode, the user will first associate OpenIDs with their user accounts (by clicking their name on the top right of the page and then ``Configure'', after logging in normally):
image
This will initiate a wizard that allows the user to associate OpenIDs to this account. Once this is setup, the user can login to his/her account with this OpenID, without remembering the password:
image
In this mod ``on the side'' mode, OpenID is just used as a means to bypass the use of password.
This mode makes Jenkins completely rely on single external OpenID provider as the user realm. Use of OpenID in this mode is no longer just a convenience — you have to ``belong'' to the configured OpenID provider to be able to login to Jenkins.
First, the administrator will configure the system and designate the OpenID provider:
image
Here you need to specify which OpenID provider you’ll be delegating authentication to. You do this either by specifing the ``OpenID Provider Endpoint URL'' (as defined by Automatic Read Access
By default, users who authenticate via OpenID have no rights, not even the right to see the Jenkins GUI. To grant a right to all OpenID users, add a user ``authenticated'' and grant them the desired right. Typically this will be Overall/Read.
This implementation supports SSO mode configuration ideas
If you deny the read access to the anonymous user on your Jenkins, people will automatically get authenticated va OpenID whenever they access Jenkins. This is very convenient to keep track of who’s making what changes in Jenkins, but without bothering the user.
You can take it one step further, and grant the read access to specific teams in the OpenID provider. This allows you to restrict the use of Jenkins to a subset of those who have identities on the OpenID provider (as opposed to everyone with an account.)
This plugin supports Google Apps as an OpenID provider. Select ``Google Apps SSO (with OpenID)'' in the UI and type in your domain name. In this way, users must have a valid user account on your domain to be able to login.
Google is phasing out OpenID 2.0 support and will google-login plugin which also supports Google Apps domain restriction.
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1084)
JENKINS-36499 - Updated to use the plugin parent pom
Improved error diagnostics (JENKINS-9163)
Use AX in addition to SReg to retrieve user information (JENKINS-8755)
Initial release
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。