Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55065

Support a fallback/backup auth mechanism

    Details

    • Type: New Feature
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Won't Do
    • Component/s: saml-plugin
    • Labels:
      None
    • Similar Issues:

      Description

      When Jenkins is configured with SAML authentication, general access to Jenkins from a stand-alone Windows client that is not "logged in" locally is impossible. Because there is no local login session for Jenkins/SAML to use, Jenkins just shows an error. It would be ideal if, when Jenkins was configured this way, it could optionally fall back to another auth mechanism, such as the local Jenkins user DB. The specific use case we're thinking of is when Jenkins build status or dashboards are displayed on a TV for general viewing, using a stand-alone PC. These systems often are not joined to a corporate LDAP server for security reasons.

        Attachments

          Issue Links

            Activity

            Hide
            ifernandezcalvo Ivan Fernandez Calvo added a comment -

            well, this sounds like something that should be implemented on the core to support several security methods.

            Show
            ifernandezcalvo Ivan Fernandez Calvo added a comment - well, this sounds like something that should be implemented on the core to support several security methods.
            Hide
            therealwaldo Will Freeman added a comment -

            We're facing an issue where we're having to consider removing the SAML plugin, for the same reasons.

            Our use case is the same, our SSO provider does not allow for service users, so a user must manually log in, and it times out regularly forcing a re-login.  That means we cannot use any of the reporting features from Jenkins on our dashboard screens.

            It seems, with this plugin, there is absolutely no mechanism to allow us to view the reports from our monitors, except for granting Anonymous users far more access than is safe.

            While I agree the core should support multiple security methods, that is likely a long way off and a lot of work.

            Is there something we could implement for service users within this plugin that would skip the SAML and use some other basic form of authentication?

            Show
            therealwaldo Will Freeman added a comment - We're facing an issue where we're having to consider removing the SAML plugin, for the same reasons. Our use case is the same, our SSO provider does not allow for service users, so a user must manually log in, and it times out regularly forcing a re-login.  That means we cannot use any of the reporting features from Jenkins on our dashboard screens. It seems, with this plugin, there is absolutely no mechanism to allow us to view the reports from our monitors, except for granting Anonymous users far more access than is safe. While I agree the core should support multiple security methods, that is likely a long way off and a lot of work. Is there something we could implement for service users within this plugin that would skip the SAML and use some other basic form of authentication?
            Hide
            ifernandezcalvo Ivan Fernandez Calvo added a comment -

            As I said to allow several Authentication realms is something to be implemented on the Jenkins Core not in SAML Plugin.

            Show
            ifernandezcalvo Ivan Fernandez Calvo added a comment - As I said to allow several Authentication realms is something to be implemented on the Jenkins Core not in SAML Plugin.

              People

              • Assignee:
                ifernandezcalvo Ivan Fernandez Calvo
                Reporter:
                owenmehegan Owen Mehegan
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: