Skip to main content

Jenkins OIDC

Casdoor can use OIDC protocol as IDP to connect various applications. Here we will use Jenkins as an example to show you how to use OIDC to connect to your applications.

The following are some of the names in the configuration:

CASDOOR_HOSTNAME: Domain name or IP where Casdoor server is deployed.

JENKINS_HOSTNAME: Domain name or IP where Jenkins is deployed.

Step1. Deploy Casdoor and Jenkins

Firstly, the Casdoor and Jenkins should be deployed.

After a successful deployment, you need to ensure:

  1. Set Jenkins URL(Manage Jenkins -> Configure System -> Jenkins Location) to JENKINS_HOSTNAME. Jenkins URL
  2. Casdoor can be logged in and used normally.
  3. Set Casdoor's origin value (conf/app.conf) to CASDOOR_HOSTNAME. Casdoor conf

Step2. Configure Casdoor application

  1. Create or use an existing Casdoor application.
  2. Add a redirect url: http://JENKINS_HOSTNAME/securityRealm/finishLoginCasdoor Application Setting
  3. Add provider you want and supplement other settings.

Not surprisingly, you can get two values ​​on the application settings page: Client ID and Client secret like the picture above, we will use them in the next step.

Open your favorite browser and visit: http://CASDOOR_HOSTNAME/.well-known/openid-configuration, you will see the OIDC configure of Casdoor.

Step3. Configure Jenkins

First, we need to install OpenId Connect Authentication, Jenkins does not natively support OIDC.

After completing the installation, go to Manage Jenkins -> Configure Global Security. jenkins global security

tip

Back up the Jenkins config.xml file, and use it to recover in case of setup errors.

  1. In Access Control, Security Realm select Login with Openid Connect.
  2. In Client ID, specify the Client ID noted above.
  3. In Client secret, specify the Client secret noted above.
  4. In Configuration mode, select Automatic configuration and fill in http://CASDOOR_HOSTNAME/.well-known/openid-configuration into Well-known configuration endpoint.Jenkins' Setting

If your casdoor is deployed locally, you may need to select Manual configuration and input some information:

  • Token server url: http://CASDOOR_HOSTNAME/api/login/oauth/access_token
  • Authorization server url: http://CASDOOR_HOSTNAME/login/oauth/authorize
  • UserInfo server url: http://CASDOOR_HOSTNAME/api/get-account
  • Scopes: address phone openid profile offline_access emailManual configuration
  1. Click Advanced setting, fill in the following:
  • In User name field, specify name
  • In Full name field, specify displayName
  • In Email field, specify emailUserinfo Field Setting
  1. In the Authorization section, check “Logged-in users can do anything”. Disable “Allow anonymous read access”. You can configure more complex authorization later, for now check if OpenID actually works.

Log out of Jenkins, it should now redirect you to Casdoor for authentication. Jenkins Login Page