website/integrations: add Jenkins docs (#7882)
* website/integrations: add Jenkins docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * prettier pass Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
parent
14fb34f492
commit
cb906e1913
|
@ -39,7 +39,7 @@ By default, sources are only shown with their icon, which can be changed with th
|
||||||
Furthermore, it is also possible to deselect any [user field option](#user-fields) for an Identification stage, which will result in users only being able to use currently configured sources.
|
Furthermore, it is also possible to deselect any [user field option](#user-fields) for an Identification stage, which will result in users only being able to use currently configured sources.
|
||||||
|
|
||||||
:::info
|
:::info
|
||||||
Starting with authentik 2023.5, when no user fields are selected and only one source is selected, authentik will automatically redirect the user to that source. This only applies when the **Passwordless flow** option is *not* configured.
|
Starting with authentik 2023.5, when no user fields are selected and only one source is selected, authentik will automatically redirect the user to that source. This only applies when the **Passwordless flow** option is _not_ configured.
|
||||||
:::
|
:::
|
||||||
|
|
||||||
## Flow settings
|
## Flow settings
|
||||||
|
|
|
@ -17,7 +17,7 @@ The following placeholders will be used:
|
||||||
- `dokuwiki.company` is the FQDN of the DokiWiki install.
|
- `dokuwiki.company` is the FQDN of the DokiWiki install.
|
||||||
- `authentik.company` is the FQDN of the authentik install.
|
- `authentik.company` is the FQDN of the authentik install.
|
||||||
|
|
||||||
## Service Configuration
|
## DokuWiki configuration
|
||||||
|
|
||||||
In DokuWiki, navigate to the _Extension Manager_ section in the _Administration_ interface and install
|
In DokuWiki, navigate to the _Extension Manager_ section in the _Administration_ interface and install
|
||||||
|
|
||||||
|
|
|
@ -86,7 +86,7 @@ resource "authentik_group" "grafana_viewers" {
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Grafana
|
## Grafana configuration
|
||||||
|
|
||||||
import Tabs from "@theme/Tabs";
|
import Tabs from "@theme/Tabs";
|
||||||
import TabItem from "@theme/TabItem";
|
import TabItem from "@theme/TabItem";
|
||||||
|
|
|
@ -32,7 +32,7 @@ The following placeholders will be used:
|
||||||
- `dc=company,dc=com` the Base DN of the LDAP outpost.
|
- `dc=company,dc=com` the Base DN of the LDAP outpost.
|
||||||
- `ldap_bind_user` the username of the desired LDAP Bind User
|
- `ldap_bind_user` the username of the desired LDAP Bind User
|
||||||
|
|
||||||
## Service Configuration
|
## Jellyfin configuration
|
||||||
|
|
||||||
1. If you don't have one already create an LDAP bind user before starting these steps.
|
1. If you don't have one already create an LDAP bind user before starting these steps.
|
||||||
- Ideally, this user doesn't have any permissions other than the ability to view other users. However, some functions do require an account with permissions.
|
- Ideally, this user doesn't have any permissions other than the ability to view other users. However, some functions do require an account with permissions.
|
||||||
|
|
53
website/integrations/services/jenkins/index.md
Normal file
53
website/integrations/services/jenkins/index.md
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
title: Jenkins
|
||||||
|
---
|
||||||
|
|
||||||
|
<span class="badge badge--secondary">Support level: Community</span>
|
||||||
|
|
||||||
|
## What is Jenkins
|
||||||
|
|
||||||
|
> The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project.
|
||||||
|
>
|
||||||
|
> -- https://www.jenkins.io/
|
||||||
|
|
||||||
|
## Preparation
|
||||||
|
|
||||||
|
The following placeholders will be used:
|
||||||
|
|
||||||
|
- `jenkins.company` is the FQDN of the Service install.
|
||||||
|
- `authentik.company` is the FQDN of the authentik install.
|
||||||
|
|
||||||
|
Create an OAuth2/OpenID provider with the following parameters:
|
||||||
|
|
||||||
|
- **Client Type**: `Confidential`
|
||||||
|
- Scopes: OpenID, Email and Profile
|
||||||
|
- **Signing Key**: Select any available key
|
||||||
|
|
||||||
|
Note the Client ID and Client Secret values for the provider.
|
||||||
|
|
||||||
|
Next, create an application, using the provider you've created above. Note the slug of the application you create.
|
||||||
|
|
||||||
|
## Jenkins Configuration
|
||||||
|
|
||||||
|
Navigate to the Jenkins plugin manager: **Manage Jenkins** -> **Plugins** -> **Available plugins**. Search for the plugin `oic-auth` in the search field, and install the plugin. Jenkins must be restarted afterwards to ensure the plugin is loaded.
|
||||||
|
|
||||||
|
After the restart, navigate to **Manage Jenkins** again, and click **Security**.
|
||||||
|
|
||||||
|
Modify the **Security Realm** option to select `Login with Openid Connect`.
|
||||||
|
|
||||||
|
In the **Client id** and **Client secret** fields, enter the Client ID and Client Secret values from the provider you created.
|
||||||
|
|
||||||
|
Set the configuration mode to **Automatic configuration** and set the **Well-known configuration endpoint** to `https://authentik.company/application/o/<Slug of the application from above>/.well-known/openid-configuration`
|
||||||
|
|
||||||
|
Check the checkbox **Override scopes** and input the scopes `openid profile email` into the new input field.
|
||||||
|
|
||||||
|
Further down the page, expand the **Advanced** section and input the following values:
|
||||||
|
|
||||||
|
- **User name field name**: `preferred_username`
|
||||||
|
- **Full name field name**: `name`
|
||||||
|
- **Email field name**: `email`
|
||||||
|
- **Groups field name**: `groups`
|
||||||
|
|
||||||
|
We also recommend enabling the option **Enable Proof Key for Code Exchange** further down the page.
|
||||||
|
|
||||||
|
Additionally, as a fallback to regain access to Jenkins in the case of misconfiguration, we recommend configuring the **Configure 'escape hatch' for when the OpenID Provider is unavailable** option below. How to configure this option is beyond the scope of this document, and is explained by the OpenID Plugin.
|
|
@ -75,6 +75,7 @@ module.exports = {
|
||||||
"services/fortimanager/index",
|
"services/fortimanager/index",
|
||||||
"services/harbor/index",
|
"services/harbor/index",
|
||||||
"services/hashicorp-vault/index",
|
"services/hashicorp-vault/index",
|
||||||
|
"services/jenkins/index",
|
||||||
"services/minio/index",
|
"services/minio/index",
|
||||||
"services/netbox/index",
|
"services/netbox/index",
|
||||||
"services/opnsense/index",
|
"services/opnsense/index",
|
||||||
|
|
Reference in a new issue