I need to setup multi factor authentication on users who login to Jenkins, using Google Authenticator. I looked on the internet and couldn't find any solution or jenkins plugin to achieve this.
Does anyone have an idea about how to do this?
You could test:
OpenId Connect Authentication plugin
OpenID plugin
Both supports Google OpenId endpoint
As discussed in jenkinsci/oic-auth-plugin issue 25, that would bypass the MFA (Multi-Factor Authentication) though.
Related
I am looking for enabling MFA to our Jenkins .I haven't found any plugin or procees to enable 2FA .Please anybody suggest any plugin or process (preferred open source)
AFAIK you can't implement advanced security features like MFA just with Jenkins. The recommendation is to either use OIDC or SAML with SSO(Single Sign On) and implement MFA in the IDP(Identity Provider) itself. If you don't have an in-house IDP you can use Google, Facebook, or any other Opensource IDP.
OIDC - https://plugins.jenkins.io/oic-auth/
SAML - https://plugins.jenkins.io/saml/
I am creating website using Spring Boot, Spring MVC and spring-security-oauth2 and I am trying to authenticate my locally stored users against Google, Facebook, GitHub ... OAuth2 services. I also have standard username-password for them.
My idea is to store pair of [OAuth2_provider_type,OAuth2_subjectId] for each user to local database from the first success oauth login and then use this pair to find correct user when user authenticate himself by Google (or FB...) again. I have correctly authenticate with Google/Facebook but I don't know how to connect my local stored users to Spring OAuth2 Security and get them to SecurityContext.
Could somebody point me to some example or integration test where I can see something similar?
I am scanning spring-security-oauth2 sourcecode and I am confused little bit - do I need OAuth2 AuthorizationServer or ResourceServer for that?
Thanks for any help!
We are currently using IdentityServer3 for authentication and authorization with our asp.net MVC(angular.js) and webapi clients. We are about to bring on a new customer that uses PingIdentity for their Single Sign On(SSO). The customer would like to be able to integrate their SSO into our application.
Is this possible with IdentityServer3?
Thanks in advance!
You should be able to leverage the WS-Federation capabilities that both products have to integrate them. IdentityServer3 playing the Service Provider (or: RP) role, the customer playing the Identity Provider (or: IP) role.
Have you looked into KentorIT Authservices? It's a SAML plugin for IdentityServer3. I was able to add OneLogin SAML authentication with this plugin.
-Scott
I want to use the bitbucket pull request plugin with jenkins. It works great without two factor authentication. But with two factor authentication enabled it does not work.
Has anybody got it to work with TFA enabled, or is this just not supported?
If you're using 2FA in Bitbucket Cloud, you'll need to change the repository configuration in Jenkins to use App Passwords. If Jenkins is currently checking out using your account password, 2FA will prevent that by definition, but if you configure the repo with an app password it should all just work.
I am trying to access Salesforce through my Mule flows using "sfdc:config-with-oauth". Is there any way I can achieve this without redirecting the user to a Login page? I know there is a SSO login dance which I have to do manually, but was hoping it was simpler than that. I found this documentation http://mulesoft.github.io/salesforce-connector/mule/sfdc-config-with-oauth.html. It shows "sfdc:authorize/", but that is not accurate. sfdc:authorize has DISPLAY as a required attribute. What is the meaning of "IMMEDIATE" attribute? Is it possible, somehow, to give Username/Password along with Consumer Key/Secret to "sfdc:config-with-oauth"?
My Mule flow already has User credentials.
I am using Mule Studio 3.5.0
I have also asked the question on salesforce.stacktrace but no response. https://salesforce.stackexchange.com/questions/34693/mule-sfdc-connector-without-user-interaction-using-sfdcconfig-with-oauth
Use the SFDC connector without OAuth:
http://mulesoft.github.io/salesforce-connector/6.1.0/mule/sfdc-config.html
You can then configure username and password in the connector's config.