Again, for the record. We had difficulties with authentication sessions timing out (we'd need to logout and login again to our Microsoft accounts). Also, the FederatedMetadata.xml would occasionally be updated (on the Microsoft end). As the plugin can not read the update from the URL, we would need to turn-off global security, update the SAML configuration and then reconfigure role assignments.
We instead switched to authenticating in apache with mod_auth_openidc and using the Jenkins Reverse Proxy Auth plugin. On Thursday, 6 April 2017 12:42:00 UTC+10, Evan Greensmith wrote: > > > For the record. In the end we used the SAML Plugin > <https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin> along with the > following instructions to setup SAML Auth in Azure AD: > > > https://blogs.msdn.microsoft.com/tsmatsuz/2016/12/29/azure-ad-saml-federation-application-tutorial/ > > > > We found we needed to set the Entity ID in the SSO config to be the same > as the Reply URL. > > > On Wednesday, 16 November 2016 15:07:41 UTC+11, Evan Greensmith wrote: >> >> >> We're moving from Google accounts to Microsoft online accounts. Currently >> our Jenkins is setup to use the Google Login Plugin to allow 2-factor login >> using staff Google accounts (and Google Authenticator). We'd like to have a >> similar setup (with 2-factor auth) using staff Microsoft online accounts >> (and Windows Authenticator). >> >> login.microsoftonline.com provides an oauth end-point that could be used >> to provide 2-factor authentication, but I can't find any microsoft/generic >> OAuth Login plugin (the Google Login Plugin appears to hard-code the google >> OAuth end-points). Using LDAP/AD would be an option, but not sure how we >> could get the 2-factor authentication setup (using Windows Authenticator). >> Our current fall-back is to opt for LDAP login but have more restricted >> access to the Jenkins box. >> >> I'd be interested to hear any stories of looking at login via Microsoft >> online accounts. Or any useful pointers. >> >> Cheers, >> Evan. >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/9071accf-3d1e-4d3a-b0a0-132e69fa66f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
