That was my hope, however I haven't found it to be the case so far. Maybe
I've got something simple wrong on the Tomcat side. Here is what I tried:
1.) Start with clean installation of Jenkins on a clean installation of
Tomcat. Ensured everything is working properly.
2.) Manage Jenkins -> Configure System, enable security, set security
realm to "Delegate to servlet container", set authorization to "Logged-in
users can do anything" (for now)
3.) In Tomcat conf\tomcat-users.xml I add:
<role rolename="jenkins"/>
...
<user username="jenkins-admin" password="secret" roles="jenkins,admin"/>
4.) In Tomcat conf\web.xml I add the following in an attempt to put
everything in this instance behind BASIC auth. (This is fine for my
purposes here, Jenkins is the only thing on this instance)
<security-constraint>
<web-resource-collection>
<web-resource-name>Basic Authentication</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>jenkins</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
5.) Save everything, close all browsers, restart Tomcat. Attempt to
access http://localhost:8888/jenkins
6.) For whatever reason, I don't initially get a BASIC auth prompt. Nor
do I get the normal Jenkins "dashboard" page. I am instead taken to the
Jenkins login page. However it is a jacked up version of it (presumably
because all of images, javascript, css, etc. are being blocked by the BASIC
auth).
If I enter in credentials for the user I created above and click the "log
in" button, THEN I am presented with an HTTP Basic Auth prompt. If I enter
the same credentials into that prompt, I end up at a HTTP 404 Tomcat page
saying:
type Status report
message /j_security_check
description The requested resource (/j_security_check) is not available.
So not sure what's going on. If I leave out the BASIC auth stuff from
conf\web.xml, then everything works as expected. That is to say that I can
log into Jenkins via the login page as the user/password I created in the
Tomcat security realm. But what I'd like to do is take the Jenkins login
page out of the loop and use BASIC auth instead. I just want Jenkins to
recognize that the user is logged in via Basic Auth.
On Thursday, December 20, 2012 2:12:59 PM UTC-6, DarkRift wrote:
>
> As fas as I can tell, it's quite possible to do that in the following way
> (have not tested myself)
>
> 1. Configure tomcat to do BASIC auth
> 2. Configure jenkins to delegate the authentication to the container
>
> This would probably do the trick.
>
>
> On Thu, Dec 20, 2012 at 3:07 PM, bm38 <bmoff...@yahoo.com <javascript:>>wrote:
>
>> Anyone know or is there a good reference on how one would go about doing
>> the following?
>>
>> Want to deploy Jenkins to Tomcat and not only delegate to Tomcat's
>> security realm, but also let Tomcat's HTTP Basic Auth serve as the
>> authentication mechanism? That is, have the entire Jenkins app behind HTTP
>> Basic Auth (configured via Tomcat) such that once the user supplies
>> credentials via HTTP Basic Auth, Jenkins recognizes them as logged in with
>> the username they used for the basic auth. Seems like there is ample
>> documentation about how to do a similar kind of thing when you are running
>> Apache in conjunction with Tomcat (Reverse Proxy Auth Plugin). This is
>> exactly the behavior I want, but I'm wanting to know if it's possible in a
>> Tomcat-only scenario. Anything I've been able to find has indicated that
>> this is somewhat difficult to achieve and what I have tried has been
>> unsuccessful, but I was hoping I was just missing something.
>>
>> Thanks.
>>
>
>
>
> --
> Richard Lavoie
> IT consultant / consultant en informatique
>
