I looked at the doc a bit, and the new scheme seems to require a client ID and secret. I wonder if it means every Jenkins instance needs to be registered separately.

do you really need to move to G+ sign-in or would migrating to OAuth 2.0 login (OpenID Connect) be an alternative?

We currently use the OpenID plugin at my organization with Google Apps and I'm unable to create a new Jenkins server and have it authenticate with Google Apps SSO as its already been shutdown to allow new registrations as of April 2014. Do we have any ETA on when this may be worked out, or any other alternative for people who are in the same boat as I am?

Would like to add support to what Ray said, even I am facing this.. Is there a way to get the OpenID provider to work instead?

I would prefer having OpenID Connect working. This seems to be the future in OpenID.

Has anyone who is watching this ticket done any research into a solution? If not, I can try to do some. As Kohsuke points out, if we don't get a solution in place early enough, people will end up locked out of their Jenkins installs and working around that is annoying. Let's try to collaborate on a solution so we don't all get burned.

Is it safe to look to implement OpenID Connect here?

Kohsuke Kawaguchi added a comment - 13/Jun/14 5:45 PM
I looked at the doc a bit, and the new scheme seems to require a client ID and secret. I wonder if it means every Jenkins instance needs to be registered separately.

From what I can gather, every Jenkins instance was registered separately already using the deprecated method of authentication. That is the reason that OpenID fails to work with new Jenkins instances when set to Google Apps and your google domain, Google shut off new server registrations in April 2014.

Also, from what I have read, changing the current authentication method to G+ in the code should resolve the issue as the authentication will then register the Jenkins instance (server) with Google and again allow SSO usage.

Unfortunately I am not a java coder, otherwise I would try to do this myself, as it is I have an internal developer at my company trying to do just that, but he is also having issues as he is not very familiar with Google authentication methods.

Reference URL about switching OAuth 2.0 to G+: https://developers.google.com/accounts/docs/OAuth2LoginV1

Thanks

Like others here (and probably many others who haven't found this and commented) I just learned that a newly added Jenkins instance with OpenID plugin won't work with Google, as they are no longer allowing new endpoints.

It appears that OpenID Connect would get through until April 2015, then it's all out in favor of their new G+-centric thing. This is clearly a Google-led problem, but certainly and workarounds or other ways to achieve smooth Google auth integration from the Jenkins end would be much appreciated.

I saw that, and also this variation that works with BitBucket:

https://wiki.jenkins-ci.org/display/JENKINS/Bitbucket+OAuth+Plugin

recampbell says he has a working prototype of the Google+ auth which works. It requires you to create a Google+ Application, I think. Perhaps he can elaborate here.

We are using Jenkins Google Apps SSO (with OpenID) and since last few days, we started getting the following message while logging in into Jenkins: "Important notice: OpenID2 for Google accounts is going away on April 20, 2015". Switching to any other Access Control in Jenkins would really be a pain.

A fix from Jenkins to accommodate the changes made by Google will really be appreciated.

I created a google-login plugin (using oauth 2.0 apis) and released 1.0. It should be appearing in an update center near you over the next day or so.

I'll be so audacious as to resolve this issue since the new plugin appears to work ok.

It is ok that the plugin exists here https://wiki.jenkins-ci.org/display/JENKINS/Google+Login+Plugin but it's still not available in jenkins Available plugins section? The plugin page doesn't show any Plugin Information either.

The plugin has now appeared as an installable plugin on our jenkins system and after install, I'm able to login using G+.

Many thanks to recampbell!

It's working for me too! Thanks a ton recampbell!

Has anyone gotten the new Google Login Plugin working with the Matrix Authorization and the default authenticated pseudo-group?

My own account already had an entry, and another user who tried this weekend got an "Access Denied, <user> is missing the Overall/Read permission" even though that is checked for the authenticated psuedo-group.

This was fixed in head, and is now released as 1.1.

Please don't use this ticket as bug reports for the new plugin. Instead, please raise them in the google-login-plugin component in JIRA.