I am assuming that we have already installed Jenkins server and have admin right to make changes in it. The whole configuration is divided into three easy steps.
1. Create Google OAuth Client Key
Before we start, we need to create a project in Google developer console. In this project, we will generate authentication credentials to enable OAuth API.
To create your project login to Google developer console and in top bar select Create project:
Before we start, we need to create a project in Google developer console. In this project, we will generate authentication credentials to enable OAuth API.
To create your project login to Google developer console and in top bar select Create project:
In the pop-up window specify your project name it can be any name which is more meaning full to you. Here I have created a project named Jenkins OAuth. In the advanced section, you can select app engine geographical location:
It will take few minutes to create your project. Once it completes, on the left sidebar under API Manager select Credentials and then click on Create Credentials:
In Create Credentials drop-down menu there are three options. We will choose the OAuth client ID to create a client id. It will generate API credentials and these credentials are required to configure in Jenkins in the last step:
As we are going to integrate this in Jenkins and it is a web service, So in application type select Web application:
As we are going to integrate this in Jenkins and it is a web service, So in application type select Web application:
In the next section, Register Jenkins URI from was we allowed to access the Google APIs. We have to provide Jenkins server detail. You can replace jenkins.mydimain.com with your own Jenkins URI. This will be the landing page of your Jenkins server. Once you hit this page it will be redirected to google for the authentication:
The authorized redirect URIs is required to redirect you after successful login. It is the combination of your Jenkins landing page and a suffix string to validate you are a logged-in user. As we want to land user to Jenkins dashboard, so it has the same URI which we mentioned in the previous step and don’t forget to include securityRealm/finishLogin at the end:
Here we have Client ID and Client Secret. Copy and save these credential as these will be used to enable Google APIs in Jenkins:
2. Install Google Login Plugin
In Jenkins, there is no mechanism to configure OAuth but there are many plugins are available and we are using Google Login plugin. We can easily install this plugin from Manage Jenkins –> Manage Plugins –> Available and search for “Google Login”. Select the plugin. There is no need to restart to install this plugin. This plugin allows for the register Google OAuth and performs authentication:
In Jenkins, there is no mechanism to configure OAuth but there are many plugins are available and we are using Google Login plugin. We can easily install this plugin from Manage Jenkins –> Manage Plugins –> Available and search for “Google Login”. Select the plugin. There is no need to restart to install this plugin. This plugin allows for the register Google OAuth and performs authentication:
3. Configure Jenkins
In this step, we will set up Google security credentials in the installed plugin. Navigate to manage Jenkins –> Configure Global Security and select Login with Google under Security Realm paste credentials generated in the first step. In the last field do not forget to enter your domain name it allows you to restrict access to the given domain name:
In this step, we will set up Google security credentials in the installed plugin. Navigate to manage Jenkins –> Configure Global Security and select Login with Google under Security Realm paste credentials generated in the first step. In the last field do not forget to enter your domain name it allows you to restrict access to the given domain name:
Immediately after saving changes, Jenkins will allow access to all users in your domain. Now, try to login to your Jenkins it will redirect you to the Google Authentication page. If everything is set up properly you will be logged in but just in case you’re still facing any problem go back and check each step. The logged-in user can do anything and if you want to restrict users you can implement Matrix-based security.
No comments:
Post a Comment
If you have any doubts or questions, please let us know.