Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-15063

support for multiple security realms with failover

    • Icon: New Feature New Feature
    • Resolution: Unresolved
    • Icon: Major Major
    • core

      It should be possible to configure multiple security realms at once with a specified order or preference.

      Examples of usage:
      failover between multiple ldap instances
      failover from ldap to basic auth

          [JENKINS-15063] support for multiple security realms with failover

          Mark Chester added a comment -

          Up-voted. My team has the need to authorize internal users with SAML, and authenticate external users, automation and other services with the internal Jenkins database or LDAP.  I also need to be able to modify the authentication/authorization configuration without the risk of losing access to the instance.  I cannot enable anonymous access because the instance is publicly accessible.

          Mark Chester added a comment - Up-voted. My team has the need to authorize internal users with SAML, and authenticate external users, automation and other services with the internal Jenkins database or LDAP.  I also need to be able to modify the authentication/authorization configuration without the risk of losing access to the instance.  I cannot enable anonymous access because the instance is publicly accessible.

          Loren Alatan added a comment -

          I upvoted this one. Hopefully, this can be prioritized soon.

          Loren Alatan added a comment - I upvoted this one. Hopefully, this can be prioritized soon.

          We use OIDC with Jenkins and we need restricted automation accounts too.

           

          Dmitrii Shiriaev added a comment - We use OIDC with Jenkins and we need restricted automation accounts too.  

          We are using Okta and we need restricted automation accounts to integrate external systems. Voted for this one too.

          Susanta Chattopadhyay added a comment - We are using Okta and we need restricted automation accounts to integrate external systems. Voted for this one too.

          Oleg Popov added a comment -

          ^^ same reason, oidc, saml, ldap etc.

          Oleg Popov added a comment - ^^ same reason, oidc, saml, ldap etc.

          I have the same issue as many: I need to enable regular authentication that works with Google Authentication.

          Is there any chance to see this feature working?

          Thanks a lot, Davide.

          Davide Gurgone added a comment - I have the same issue as many: I need to enable regular authentication that works with Google Authentication. Is there any chance to see this feature working? Thanks a lot, Davide.

          Jeffrey added a comment -

          We need this as we have this option in other tools

          Jeffrey added a comment - We need this as we have this option in other tools

          cool added a comment -

          Is this going on?
          Isn't there any way to implement multiple authentication backend in Jenkins today?

          cool added a comment - Is this going on? Isn't there any way to implement multiple authentication backend in Jenkins today?

          Mark Waite added a comment -

          Isn't there any way to implement multiple authentication backend in Jenkins today?

          The answer on stackoverflow is still correct as far as I know. Multiple authentication backends are not supported with Jenkins.

          There is a plugin that attempts to mix security realms in order to allow multiple authentication backends, but it has very few installations and several open issues.

          Mark Waite added a comment - Isn't there any way to implement multiple authentication backend in Jenkins today? The answer on stackoverflow is still correct as far as I know. Multiple authentication backends are not supported with Jenkins. There is a plugin that attempts to mix security realms in order to allow multiple authentication backends, but it has very few installations and several open issues .

          cool added a comment -

          Yeah I saw it, too many issues and unmaintained unfortunately.
          I took for granted that most software supporting LDAP  and SSO protocols would provide both and provide options to configure which would be available on login page. Especially when implemented in Java with Spring Security providing this.

          I realize SonarQube has the issue as well.

          Thanks for confirming though.

          cool added a comment - Yeah I saw it, too many issues and unmaintained unfortunately. I took for granted that most software supporting LDAP  and SSO protocols would provide both and provide options to configure which would be available on login page. Especially when implemented in Java with Spring Security providing this. I realize SonarQube has the issue as well. Thanks for confirming though.

            Unassigned Unassigned
            liamjbennett liamjbennett
            Votes:
            136 Vote for this issue
            Watchers:
            97 Start watching this issue

              Created:
              Updated: