Status: Open (View Workflow)
Jenkins version: 2.150.2
Keycloak plugin version: 2.3.0
We want to start Jenkins-Jobs remotely via shell-scripts and REST-API.
For other similar use cases where we call REST-Apis using Keycloak authentication the scripts
- fetch an access token (type bearer) from Keycloak. Either using username/password or an offline token
- then this bearer token is used to call the Rest-APIs. The bearer token is added as header in the HTTP-Request (e.g. -H "Authorization: Bearer $ACCESS_TOKEN" using curl)
We would like to do this also with Jenkins and the Keycloak plugin.
I do not know enough about Jenkins plugins and Keycloak to provide a decent implementation, but I created a working quick and dirty one:
It adds a filter that checks for an authorization header with a bearer token. If one is found, the token is checked and the login is set.