More I don't want you to think I am promising something that I am not. Or to phrase it another way... it solves a problem that may or may not be your actual problem... but for sure it is not the problem you originally asked... but then the problem you originally asked may or may not be your actual problem ;-)
On 22 November 2013 07:17, Steffen Breitbach <steffen.breitb...@1und1.de>wrote: > Don't worry, I wasn't going to run around begging for money ;-) > > I just have heard "...or you could use the enterprise version" one too > many times, so I think I'll give it a closer look (for real this time). > > -----Ursprüngliche Nachricht----- > Von: jenkinsci-users@googlegroups.com [mailto: > jenkinsci-users@googlegroups.com] Im Auftrag von Stephen Connolly > Gesendet: Donnerstag, 21. November 2013 16:31 > An: jenkinsci-users@googlegroups.com > Betreff: Re: Use different backend (plug in) for authentication and > authorization? > > Try a 30 day evaluation license first... I am worried that you might be > confused about how the RBAC's local groups work... you are still going to > be limited by what the Security Realm you choose can provide... but one of > the reasons for RBAC was to allow Jenkins to manage its own internal group > details... > > e.g. before I started at cloudbees, the problem I had when running Jenkins > is we needed to authenticate against corporate AD but we didn't want to > deal with the heavyweight corp IT process to create and maintain groups in > AD, so being able to have local groups was a critical requirement in any > RBAC authorization strategy, hence I baked it in as an *Additional* layer > > > On 21 November 2013 14:34, Steffen Breitbach <steffen.breitb...@1und1.de> > wrote: > > > I think I might have to convince middle management to buy a > license ;-) > > -----Ursprüngliche Nachricht----- > Von: jenkinsci-users@googlegroups.com [mailto: > jenkinsci-users@googlegroups.com] Im Auftrag von Stephen Connolly > Gesendet: Donnerstag, 21. November 2013 11:56 > An: jenkinsci-users@googlegroups.com > Betreff: Re: Use different backend (plug in) for authentication > and authorization? > > > you could certainly write such a Security Realm implementation... > but be warned that Security Realm implementations are probably among the > more complex to write (i.e. it can be easy to fuck them up) > > The user and group information is all provided by the single > Security Ream component, so they both have to come from a single plugin. > > An alternative is the commercial CloudBees Enterprise RBAC plugin > which lets you define and manage groups *within* jenkins... that gives you > an additional layer for group information (i.e. your CAS Security realm > would not be providing RBAC with "external" group information and it will > not - in and of itself - go and ask your LDAP server about groups... if you > configured the LDAP security realm, however, then the RBAC plugin would get > the LDAP group info... but you wouldn't have the CAS authentication then > ;-) ) > > > On 21 November 2013 10:18, Steffen Breitbach < > steffen.breitb...@1und1.de> wrote: > > > Hi everyone! > > In our company one can use CAS as an authentication > service for single sign on purposes. Unfortunately, however, that is all it > does. The response contains information about the user (like email address) > but not about the roles he is in. This has to be done e.g. trough LDAP. > > Is there a way to use two different plug ins for > authentication and authorization in Jenkins? > > Regards > Steffen > > -- > You received this message because you are subscribed to > the Google Groups "Jenkins Users" group. > > To unsubscribe from this group and stop receiving emails > from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com<mailto: > jenkinsci-users%2bunsubscr...@googlegroups.com> <mailto: > jenkinsci-users%2bunsubscr...@googlegroups.com <mailto: > jenkinsci-users%252bunsubscr...@googlegroups.com> > . > > For more options, visit > https://groups.google.com/groups/opt_out. > > > > -- > You received this message because you are subscribed to the Google > Groups "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, > send an email to jenkinsci-users+unsubscr...@googlegroups.com <mailto: > jenkinsci-users%2bunsubscr...@googlegroups.com> . > For more options, visit https://groups.google.com/groups/opt_out. > > -- > You received this message because you are subscribed to the Google > Groups "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, > send an email to jenkinsci-users+unsubscr...@googlegroups.com <mailto: > jenkinsci-users%2bunsubscr...@googlegroups.com> . > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
