docs/content/integration/openid-connect/clients/jenkins/index.md
{{% oidc-common %}}
This example makes the following assumptions:
https://jenkins.{{< sitevar name="domain" nojs="example.com" >}}/https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/jenkinsinsecure_secretSome of the values presented in this guide can automatically be replaced with documentation variables.
{{< sitevar-preferences >}}
The following example uses the OpenId Connect Authentication Plugin which is assumed to be installed when following this section of the guide.
To install the OpenId Connect Authentication Plugin for Jenkins via the Web GUI:
Manage Jenkins.Plugins.Available Plugins.oic-auth.To install the OpenId Connect Authentication Plugin for Jenkins using the CLI:
jenkins-plugin-cli --plugins oic-auth
The following YAML configuration is an example Authelia client configuration for use with Jenkins which will operate with the application example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- client_id: 'jenkins'
client_name: 'Jenkins'
client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: 'two_factor'
require_pkce: true
pkce_challenge_method: 'S256'
redirect_uris:
- 'https://jenkins.{{< sitevar name="domain" nojs="example.com" >}}/accounts/authelia/login/callback'
scopes:
- 'openid'
- 'profile'
- 'email'
- 'groups'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
To configure Jenkins there are two methods, using the Configuration File, or using the Web GUI.
To configure Jenkins to utilize Authelia as an OpenID Connect 1.0 Provider, use the following configuration:
jenkins:
systemMessage: "This Jenkins instance was configured using the Authelia example Configuration as Code, thanks Authelia!"
securityRealm:
oic:
clientId: "jenkins"
clientSecret: "insecure_secret"
disableSslVerification: false
emailFieldName: "email"
fullNameFieldName: "name"
groupIdStrategy: "caseSensitive"
groupsFieldName: "groups"
logoutFromOpenidProvider: false
properties:
- "pkce"
- escapeHatch:
group: "admin-users"
secret: "escapeHatch"
username: "escapeHatch"
sendScopesInTokenRequest: true
serverConfiguration:
wellKnown:
scopesOverride: "openid profile email groups"
wellKnownOpenIDConfigurationUrl: "https://{{< sitevar name=\"subdomain-authelia\" nojs=\"auth\" >}}.{{< sitevar name=\"domain\" nojs=\"example.com\" >}}/.well-known/openid-configuration"
userIdStrategy: "caseSensitive"
userNameField: "preferred_username"
To configure Jenkins to utilize Authelia as an OpenID Connect 1.0 Provider, use the following instructions:
Manage Jenkins.Security.Login with Openid Connect in the Security Realm.jenkinsinsecure_secretDiscovery via well-known endpointhttps://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration
Advanced:
openid profile email groupsAdvanced configuration:
User fieldspreferred_usernamenameemailgroups