To close the loop on this... It looks like the API keys for SAML generated users are persisted /somewhere/ in jenkins.
However, the permissions associated with the API key do not seem to get persisted - unless the user is directly in the permissions matrix, and doesn't get permissions as part of a group. There seems to be zero documentation on how this works. On Thursday, 27 April 2017 10:44:03 UTC+1, James Masson wrote: > > > Thanks for the reminder about API keys - I'd forgotten about them - works > perfectly. > > However.... > > How does the API key for a SAML authed user get persisted?is it just in > memory? If I restart Jenkins, does it get reset? > > I notice there are no user config.xml files created by Jenkins for SAML > users. > > James M > > On Tuesday, 25 April 2017 21:14:49 UTC+1, Ivan Fernandez Calvo wrote: >> >> HI, >> >> It is not possible to use two authentication plugins/methods at the same >> time, but you could use the API token as authentication method for scripts >> or other automated tasks, for more information you can take a look at >> https://wiki.jenkins-ci.org/display/JENKINS/Authenticating+scripted+clients >> >> El martes, 25 de abril de 2017, 13:48:28 (UTC+2), James Masson escribió: >>> >>> >>> Hi list, >>> >>> I've successfully got SAML integration working with Jenkins & OneLogin, >>> through the normal SAML plugin. >>> >>> What I'm struggling with now is finding a solution to authenticate the >>> Jenkins Swarm slave plugin, and a few other automation tools that operate >>> via standard HTTP auth. >>> >>> Has anyone done this? >>> >>> Ideally I'd use PAM auth for the automation, and SAML just for users - >>> but this doesn't seem to be possible? >>> >>> thanks >>> >>> James M >>> >>> >>> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6e8da12e-0f3c-4026-a4ae-b30ea3b39e23%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
