From cb906e19131a321cbdee0940e6d9ee11721463eb Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 14 Dec 2023 20:38:34 +0100 Subject: [PATCH] website/integrations: add Jenkins docs (#7882) * website/integrations: add Jenkins docs Signed-off-by: Jens Langhammer * Apply suggestions from code review Co-authored-by: Tana M Berry Signed-off-by: Jens L. * prettier pass Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer Signed-off-by: Jens L. Co-authored-by: Tana M Berry --- .../docs/flow/stages/identification/index.md | 2 +- .../integrations/services/dokuwiki/index.md | 2 +- .../integrations/services/grafana/index.mdx | 2 +- .../integrations/services/jellyfin/index.md | 2 +- .../integrations/services/jenkins/index.md | 53 +++++++++++++++++++ website/sidebarsIntegrations.js | 1 + 6 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 website/integrations/services/jenkins/index.md diff --git a/website/docs/flow/stages/identification/index.md b/website/docs/flow/stages/identification/index.md index 8bf0e6f49..f911fc4f8 100644 --- a/website/docs/flow/stages/identification/index.md +++ b/website/docs/flow/stages/identification/index.md @@ -39,7 +39,7 @@ By default, sources are only shown with their icon, which can be changed with th Furthermore, it is also possible to deselect any [user field option](#user-fields) for an Identification stage, which will result in users only being able to use currently configured sources. :::info -Starting with authentik 2023.5, when no user fields are selected and only one source is selected, authentik will automatically redirect the user to that source. This only applies when the **Passwordless flow** option is *not* configured. +Starting with authentik 2023.5, when no user fields are selected and only one source is selected, authentik will automatically redirect the user to that source. This only applies when the **Passwordless flow** option is _not_ configured. ::: ## Flow settings diff --git a/website/integrations/services/dokuwiki/index.md b/website/integrations/services/dokuwiki/index.md index 7b7e27e4c..b84dd50a2 100644 --- a/website/integrations/services/dokuwiki/index.md +++ b/website/integrations/services/dokuwiki/index.md @@ -17,7 +17,7 @@ The following placeholders will be used: - `dokuwiki.company` is the FQDN of the DokiWiki install. - `authentik.company` is the FQDN of the authentik install. -## Service Configuration +## DokuWiki configuration In DokuWiki, navigate to the _Extension Manager_ section in the _Administration_ interface and install diff --git a/website/integrations/services/grafana/index.mdx b/website/integrations/services/grafana/index.mdx index e6cc7a5a8..a79730ea0 100644 --- a/website/integrations/services/grafana/index.mdx +++ b/website/integrations/services/grafana/index.mdx @@ -86,7 +86,7 @@ resource "authentik_group" "grafana_viewers" { ``` -## Grafana +## Grafana configuration import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; diff --git a/website/integrations/services/jellyfin/index.md b/website/integrations/services/jellyfin/index.md index c92e21f52..5de18d3b4 100644 --- a/website/integrations/services/jellyfin/index.md +++ b/website/integrations/services/jellyfin/index.md @@ -32,7 +32,7 @@ The following placeholders will be used: - `dc=company,dc=com` the Base DN of the LDAP outpost. - `ldap_bind_user` the username of the desired LDAP Bind User -## Service Configuration +## Jellyfin configuration 1. If you don't have one already create an LDAP bind user before starting these steps. - Ideally, this user doesn't have any permissions other than the ability to view other users. However, some functions do require an account with permissions. diff --git a/website/integrations/services/jenkins/index.md b/website/integrations/services/jenkins/index.md new file mode 100644 index 000000000..a8b4388ab --- /dev/null +++ b/website/integrations/services/jenkins/index.md @@ -0,0 +1,53 @@ +--- +title: Jenkins +--- + +Support level: Community + +## What is Jenkins + +> The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project. +> +> -- https://www.jenkins.io/ + +## Preparation + +The following placeholders will be used: + +- `jenkins.company` is the FQDN of the Service install. +- `authentik.company` is the FQDN of the authentik install. + +Create an OAuth2/OpenID provider with the following parameters: + +- **Client Type**: `Confidential` +- Scopes: OpenID, Email and Profile +- **Signing Key**: Select any available key + +Note the Client ID and Client Secret values for the provider. + +Next, create an application, using the provider you've created above. Note the slug of the application you create. + +## Jenkins Configuration + +Navigate to the Jenkins plugin manager: **Manage Jenkins** -> **Plugins** -> **Available plugins**. Search for the plugin `oic-auth` in the search field, and install the plugin. Jenkins must be restarted afterwards to ensure the plugin is loaded. + +After the restart, navigate to **Manage Jenkins** again, and click **Security**. + +Modify the **Security Realm** option to select `Login with Openid Connect`. + +In the **Client id** and **Client secret** fields, enter the Client ID and Client Secret values from the provider you created. + +Set the configuration mode to **Automatic configuration** and set the **Well-known configuration endpoint** to `https://authentik.company/application/o//.well-known/openid-configuration` + +Check the checkbox **Override scopes** and input the scopes `openid profile email` into the new input field. + +Further down the page, expand the **Advanced** section and input the following values: + +- **User name field name**: `preferred_username` +- **Full name field name**: `name` +- **Email field name**: `email` +- **Groups field name**: `groups` + +We also recommend enabling the option **Enable Proof Key for Code Exchange** further down the page. + +Additionally, as a fallback to regain access to Jenkins in the case of misconfiguration, we recommend configuring the **Configure 'escape hatch' for when the OpenID Provider is unavailable** option below. How to configure this option is beyond the scope of this document, and is explained by the OpenID Plugin. diff --git a/website/sidebarsIntegrations.js b/website/sidebarsIntegrations.js index bc857116b..4c89585b4 100644 --- a/website/sidebarsIntegrations.js +++ b/website/sidebarsIntegrations.js @@ -75,6 +75,7 @@ module.exports = { "services/fortimanager/index", "services/harbor/index", "services/hashicorp-vault/index", + "services/jenkins/index", "services/minio/index", "services/netbox/index", "services/opnsense/index",