Story: Where I work, the Jenkins server uses the Active Directory plugin for authentication. I was tired of having to log back in every 10 minutes (if I went to do something else), so I started looking for a Single Sign On solution. I tried the KerberosSSO before seeing the fine print that they have not gotten it working on Windows yet. I tried for a bit, and was never successful. In looking for other possibilities, I found Waffle (https://github.com/dblock/waffle), and decided to see if I could do some code modification to the KerberosSSO plugin to make it use Waffle instead of the Java GSSPI. It turned out that the Waffle code already had a filter, so I copied the code entry side to the KerberosSSO plugin to a separate plugin, since configuration was also very different.
What I have: A working single sign on plugin that will authenticate against Active Directory (when running on Windows) with minimal configuration. The way it ties into Jenkins is identical to how the KerberosSSO plugin ties in. -Waffle is Windows ONLY. It does not work on Linux. -Necessary configuration is to make sure that appropriate HTTP/computer.domain.com SPNs exist on Active Directory, and that Jenkins is running as a service with user Local System. -It uses a modified NegotiateSecurityFilter from Waffle - the modifications were to pass the authentication information to Jenkins. In terms of testing, it works with Firefox, Internet Explorer, and Chrome on Windows, and with Safari and Chrome on Mac OS X. I don't have access to a Linux system (with a GUI) at work. The question I have: Where does this belong? - Should it be put into the KerberosSSO plugin for a Windows-specific configuration? - Should this be tied into the Windows-only configuration available with the Active Directory plugin? - Should it be a new, separate plugin? I don't care which way it goes, I just think it should be made publicly available. I'm not going to make the code publicly available in the short run, unless there's some agreement that it should be a separate plugin. Also, since the KerberosSSO plugin is MIT licensed and Waffle is EPLv1.0, and I did copy some code from Waffle, I am assuming that any release of my modified source code would need to be under the EPL license. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
