-
Bug
-
Resolution: Unresolved
-
Major
-
None
We use kerberos-sso, ldap plugin, and role strategy for authentication and authorization.
A freeipa is configured as ldap server.
Authorization work well with kerberos login. However, with basic authentication, ldap plugin doesn't return indirect groups of user for authorization.
Attached files:
test.groovy: script for check return authorities of login
ldap-plugin.conf: a part of ldap plugin config
0001-Fix-bug-basic-authentication-can-t-work-with-group-m.patch: a temporary solution
[JENKINS-41914] Basic authentication with group membership strategy and FreeIPA
Toan Pham
created issue -
Toan Pham
made changes -
| Attachment | New: 0001-Fix-bug-basic-authentication-can-t-work-with-group-m.patch [ 35871 ] |
Toan Pham
made changes -
| Description |
Original:
We use kerberos-sso, ldap plugin, and role strategy for authentication and authorization. A freeipa is configured as ldap server. Authorization work well with kerberos login. However, with basic authentication, ldap plugin doesn't return indirect groups of user for authorization. Attached files: test.groovy: script for check return authorities of login 0001-Fix-bug-basic-authentication-can-t-work-with-group-m.patch: a temporary solution |
New:
We use kerberos-sso, ldap plugin, and role strategy for authentication and authorization. A freeipa is configured as ldap server. Authorization work well with kerberos login. However, with basic authentication, ldap plugin doesn't return indirect groups of user for authorization. [^0001-Fix-bug-basic-authentication-can-t-work-with-group-m.patch] Attached files: test.groovy: script for check return authorities of login 0001-Fix-bug-basic-authentication-can-t-work-with-group-m.patch: a temporary solution |
Toan Pham
made changes -
| Attachment | New: test.groovy [ 35872 ] |
Toan Pham
made changes -
| Attachment | New: ldap-plugin.conf [ 35873 ] |
Toan Pham
made changes -
| Description |
Original:
We use kerberos-sso, ldap plugin, and role strategy for authentication and authorization. A freeipa is configured as ldap server. Authorization work well with kerberos login. However, with basic authentication, ldap plugin doesn't return indirect groups of user for authorization. [^0001-Fix-bug-basic-authentication-can-t-work-with-group-m.patch] Attached files: test.groovy: script for check return authorities of login 0001-Fix-bug-basic-authentication-can-t-work-with-group-m.patch: a temporary solution |
New:
We use kerberos-sso, ldap plugin, and role strategy for authentication and authorization. A freeipa is configured as ldap server. And [^ldap-plugin.conf] Authorization work well with kerberos login. However, with basic authentication, ldap plugin doesn't return indirect groups of user for authorization. Attached files: test.groovy: script for check return authorities of login ldap-plugin.conf: a part of ldap plugin config 0001-Fix-bug-basic-authentication-can-t-work-with-group-m.patch: a temporary solution |
Toan Pham
made changes -
| Description |
Original:
We use kerberos-sso, ldap plugin, and role strategy for authentication and authorization. A freeipa is configured as ldap server. And [^ldap-plugin.conf] Authorization work well with kerberos login. However, with basic authentication, ldap plugin doesn't return indirect groups of user for authorization. Attached files: test.groovy: script for check return authorities of login ldap-plugin.conf: a part of ldap plugin config 0001-Fix-bug-basic-authentication-can-t-work-with-group-m.patch: a temporary solution |
New:
We use kerberos-sso, ldap plugin, and role strategy for authentication and authorization. A freeipa is configured as ldap server. Authorization work well with kerberos login. However, with basic authentication, ldap plugin doesn't return indirect groups of user for authorization. Attached files: test.groovy: script for check return authorities of login ldap-plugin.conf: a part of ldap plugin config 0001-Fix-bug-basic-authentication-can-t-work-with-group-m.patch: a temporary solution |
Markus Winter
made changes -
| Component/s | Original: role-strategy-plugin [ 15758 ] |
| Component/s | Original: kerberos-sso-plugin [ 21725 ] |
