website/integrations: add Jenkins docs (#7882)

* website/integrations: add Jenkins docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * prettier pass Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-12-14 20:38:34 +01:00 · 2023-12-14 20:38:34 +01:00 · cb906e1913
parent 14fb34f492
commit cb906e1913
6 changed files with 58 additions and 4 deletions
--- a/website/docs/flow/stages/identification/index.md
+++ b/website/docs/flow/stages/identification/index.md
@ -39,7 +39,7 @@ By default, sources are only shown with their icon, which can be changed with th
 Furthermore, it is also possible to deselect any [user field option](#user-fields) for an Identification stage, which will result in users only being able to use currently configured sources.

 :::info
-Starting with authentik 2023.5, when no user fields are selected and only one source is selected, authentik will automatically redirect the user to that source. This only applies when the **Passwordless flow** option is *not* configured.
+Starting with authentik 2023.5, when no user fields are selected and only one source is selected, authentik will automatically redirect the user to that source. This only applies when the **Passwordless flow** option is _not_ configured.
 :::

 ## Flow settings
--- a/website/integrations/services/dokuwiki/index.md
+++ b/website/integrations/services/dokuwiki/index.md
@ -17,7 +17,7 @@ The following placeholders will be used:
 -   `dokuwiki.company` is the FQDN of the DokiWiki install.
 -   `authentik.company` is the FQDN of the authentik install.

-## Service Configuration
+## DokuWiki configuration

 In DokuWiki, navigate to the _Extension Manager_ section in the _Administration_ interface and install

--- a/website/integrations/services/grafana/index.mdx
+++ b/website/integrations/services/grafana/index.mdx
@ -86,7 +86,7 @@ resource "authentik_group" "grafana_viewers" {

 ```

-## Grafana
+## Grafana configuration

 import Tabs from "@theme/Tabs";
 import TabItem from "@theme/TabItem";
--- a/website/integrations/services/jellyfin/index.md
+++ b/website/integrations/services/jellyfin/index.md
@ -32,7 +32,7 @@ The following placeholders will be used:
 -   `dc=company,dc=com` the Base DN of the LDAP outpost.
 -   `ldap_bind_user` the username of the desired LDAP Bind User

-## Service Configuration
+## Jellyfin configuration

 1. If you don't have one already create an LDAP bind user before starting these steps.
    - Ideally, this user doesn't have any permissions other than the ability to view other users. However, some functions do require an account with permissions.
--- a/website/integrations/services/jenkins/index.md
+++ b/website/integrations/services/jenkins/index.md
@ -0,0 +1,53 @@
+---
+title: Jenkins
+---
+
+<span class="badge badge--secondary">Support level: Community</span>
+
+## What is Jenkins
+
+> The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project.
+>
+> -- https://www.jenkins.io/
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `jenkins.company` is the FQDN of the Service install.
+-   `authentik.company` is the FQDN of the authentik install.
+
+Create an OAuth2/OpenID provider with the following parameters:
+
+-   **Client Type**: `Confidential`
+-   Scopes: OpenID, Email and Profile
+-   **Signing Key**: Select any available key
+
+Note the Client ID and Client Secret values for the provider.
+
+Next, create an application, using the provider you've created above. Note the slug of the application you create.
+
+## Jenkins Configuration
+
+Navigate to the Jenkins plugin manager: **Manage Jenkins** -> **Plugins** -> **Available plugins**. Search for the plugin `oic-auth` in the search field, and install the plugin. Jenkins must be restarted afterwards to ensure the plugin is loaded.
+
+After the restart, navigate to **Manage Jenkins** again, and click **Security**.
+
+Modify the **Security Realm** option to select `Login with Openid Connect`.
+
+In the **Client id** and **Client secret** fields, enter the Client ID and Client Secret values from the provider you created.
+
+Set the configuration mode to **Automatic configuration** and set the **Well-known configuration endpoint** to `https://authentik.company/application/o/<Slug of the application from above>/.well-known/openid-configuration`
+
+Check the checkbox **Override scopes** and input the scopes `openid profile email` into the new input field.
+
+Further down the page, expand the **Advanced** section and input the following values:
+
+-   **User name field name**: `preferred_username`
+-   **Full name field name**: `name`
+-   **Email field name**: `email`
+-   **Groups field name**: `groups`
+
+We also recommend enabling the option **Enable Proof Key for Code Exchange** further down the page.
+
+Additionally, as a fallback to regain access to Jenkins in the case of misconfiguration, we recommend configuring the **Configure 'escape hatch' for when the OpenID Provider is unavailable** option below. How to configure this option is beyond the scope of this document, and is explained by the OpenID Plugin.
--- a/website/sidebarsIntegrations.js
+++ b/website/sidebarsIntegrations.js
@ -75,6 +75,7 @@ module.exports = {
                        "services/fortimanager/index",
                        "services/harbor/index",
                        "services/hashicorp-vault/index",
+                        "services/jenkins/index",
                        "services/minio/index",
                        "services/netbox/index",
                        "services/opnsense/index",