It should be possible to configure multiple security realms at once with a specified order or preference.
Examples of usage:
failover between multiple ldap instances
failover from ldap to basic auth
- is blocking
-
JENKINS-41075 Cannot login to jenkins - socket time out - github.com is working
-
- Closed
-
- is duplicated by
-
JENKINS-38257 Feature to define non-actual user
-
- Reopened
-
- is related to
-
-
- Closed
-
-
-
- Open
-
[JENKINS-15063] support for multiple security realms with failover
liamjbennett
created issue -
Sunchan Lee
added a comment - I'm using active directory plugin for security realm.
But I couldn't login and do anything about jenkins management when some problems occurred on our AD server.
So multiple security realms should be supported I think.
Sunchan Lee
added a comment - I'm using active directory plugin for security realm.
But I couldn't login and do anything about jenkins management when some problems occurred on our AD server.
So multiple security realms should be supported I think. 
Alex Ouzounis
added a comment - I would also be interested in this. Any activity ?
I've put $500 toward adding this on FreedomSponsors.org:
https://freedomsponsors.org/issue/546/support-for-multiple-security-realms-with-failover?show_sponsor=true&c=s
I'm not specialist on Atlassian products, but probably Crowd may do this, have you looked on it?
Steve Taylor
added a comment - I would like to see this also. It would be especially useful for testing role security and permissions with custom groups, test users, and machine accounts. I've recently placed a Jenkins farm with LDAP and it's authoritative for users, but the firm's use of groups is really quite simplistic.
What might be nice is a number next to each choice signifying the order it checks and then a flag determining the "base case" default, e.g.:
Order | Provider | Condition
0 | Active Directory | x
0 | Delegate to servlet container | x
2 | Jenkins’ own user database | NECESSARY
1 | LDAP | SUFFICIENT
So the first provider it would check would be LDAP and that's sufficient to provide identity. If that fails it falls to the next which is the Jenkins' database and since that's necessary it must end there. The "x" on ADDS and container just means it doesn't matter what is selected there.
I'm only using numbers because I think it would be easier to implement than drag and drop in order. And the numbers would be unique (save zero) so there are no ties between providers.
Thanks!
Steve Taylor
added a comment - I would like to see this also. It would be especially useful for testing role security and permissions with custom groups, test users, and machine accounts. I've recently placed a Jenkins farm with LDAP and it's authoritative for users, but the firm's use of groups is really quite simplistic.
What might be nice is a number next to each choice signifying the order it checks and then a flag determining the "base case" default, e.g.:
Order | Provider | Condition
0 | Active Directory | x
0 | Delegate to servlet container | x
2 | Jenkins’ own user database | NECESSARY
1 | LDAP | SUFFICIENT
So the first provider it would check would be LDAP and that's sufficient to provide identity. If that fails it falls to the next which is the Jenkins' database and since that's necessary it must end there. The "x" on ADDS and container just means it doesn't matter what is selected there.
I'm only using numbers because I think it would be easier to implement than drag and drop in order. And the numbers would be unique (save zero) so there are no ties between providers.
Thanks! Not possible without new core APIs and rework of existing security realm plugins to use them.
| Labels | New: api security |
| Link |
New:
This issue is related to |
I have similar requirement, e.g.:
There are 2 user groups using 1 jenkins instance. one of the our group use the MS AD to perform authen, while the other group will use LDAP server.