cb906e1913
* website/integrations: add Jenkins docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * prettier pass Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
54 lines
2.3 KiB
Markdown
54 lines
2.3 KiB
Markdown
---
|
|
title: Jenkins
|
|
---
|
|
|
|
<span class="badge badge--secondary">Support level: Community</span>
|
|
|
|
## What is Jenkins
|
|
|
|
> The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project.
|
|
>
|
|
> -- https://www.jenkins.io/
|
|
|
|
## Preparation
|
|
|
|
The following placeholders will be used:
|
|
|
|
- `jenkins.company` is the FQDN of the Service install.
|
|
- `authentik.company` is the FQDN of the authentik install.
|
|
|
|
Create an OAuth2/OpenID provider with the following parameters:
|
|
|
|
- **Client Type**: `Confidential`
|
|
- Scopes: OpenID, Email and Profile
|
|
- **Signing Key**: Select any available key
|
|
|
|
Note the Client ID and Client Secret values for the provider.
|
|
|
|
Next, create an application, using the provider you've created above. Note the slug of the application you create.
|
|
|
|
## Jenkins Configuration
|
|
|
|
Navigate to the Jenkins plugin manager: **Manage Jenkins** -> **Plugins** -> **Available plugins**. Search for the plugin `oic-auth` in the search field, and install the plugin. Jenkins must be restarted afterwards to ensure the plugin is loaded.
|
|
|
|
After the restart, navigate to **Manage Jenkins** again, and click **Security**.
|
|
|
|
Modify the **Security Realm** option to select `Login with Openid Connect`.
|
|
|
|
In the **Client id** and **Client secret** fields, enter the Client ID and Client Secret values from the provider you created.
|
|
|
|
Set the configuration mode to **Automatic configuration** and set the **Well-known configuration endpoint** to `https://authentik.company/application/o/<Slug of the application from above>/.well-known/openid-configuration`
|
|
|
|
Check the checkbox **Override scopes** and input the scopes `openid profile email` into the new input field.
|
|
|
|
Further down the page, expand the **Advanced** section and input the following values:
|
|
|
|
- **User name field name**: `preferred_username`
|
|
- **Full name field name**: `name`
|
|
- **Email field name**: `email`
|
|
- **Groups field name**: `groups`
|
|
|
|
We also recommend enabling the option **Enable Proof Key for Code Exchange** further down the page.
|
|
|
|
Additionally, as a fallback to regain access to Jenkins in the case of misconfiguration, we recommend configuring the **Configure 'escape hatch' for when the OpenID Provider is unavailable** option below. How to configure this option is beyond the scope of this document, and is explained by the OpenID Plugin.
|