As part of your Jenkins security standards, you might want people to log in via there AD credentials instead of a Jenkins login. To do this you need to follow the below steps:

Based on this its best practise to to load in the “Active Directory Plugin” when you plan on using AD for your login management with that, head to:

Jenkins -> Manage Jenkins -> Manage Plugins and search for “Active Directory Plugin”

jenkinsad01

Install the plugin and restart the service.

 

Part 1 Connect to Active Directory

Now we need to configure the new security settings via:

Jenkins -> Manage Jenkins -> Configure Global Security

Tick the “Enable Security” checkbox at the top of the screen. Then Select “Active Directory” from the Access Control Security Realm

If you have a single domain you can move on to part 2. If you have trusted domain or work in different forest to the domain the server is on. you can add the domain via “Add Domain” and enter the details of the

Domain Name (ie “MyDomain.local”)

Domain Controller (either IP address or DNS name works)

NOTE DO NOT PRESS SAVE AT THIS POINT!

jenkinsad05
Part 2 Enable Group Based Security

Before Saving you will first need to enable Anonymous logins will full permissions

Go to Authorisation and select “Matrix-based security” or “Project-Based Matrix Authorisation Strategy”

jenkinsad04

If you dont and simply add the group you wish to have full permissions on you may see something like below, were I added the “jenkins_admin” group which exists in AD but doesn’t show up in Jenkins yet. This is because I needed to Save the AD connection before it would connect. (And ended up locking me out! Check out Part 3 Oh Sh$t Im Locked out if get into trouble)
jenkinsad04

Once you have given Anonymous full access Click Save, Then go back in and Add the AD group you want to have full permissions on in and click Save

jenkinsad06
Note how it now shows the Jenkins admin group correctly. without the line though.  You can now login in via a member of that group and start to build out a more secure or group defined privileges.

Part 3 Oh Sh$t Im Locked out

So your here because you tried Part 1 / 2 and something went wrong! Dont worry it did for me to and rather worryingly its really easy to reset access to Jenkins

When i first tried to update my security i ended up with this error:
jenkinsad03

To reset Jenkins security back to Not enabled, anyone can login and hense you can try again with your attempt to implement security.

Turn off the service for Jenkins and open your favourite XML editor. Traverse to the Config.xml file in your Jenkins installation. For me this was at:

C:\Program Files (x86)\Jenkins.Config.xml

Open the file and Edit the value in useSecurity from true to false

jenkinsad07

<useSecurity>false</useSecurity>

Save the file and restart the Jenkins service. you will now be able to connect without any login.

Advertisements