Everyone, I have recently installed Jenkins SAML plug-in to log into Jenkins using ADFS. We can successfully login with our ADFS users and have our permissions managed using Project Matrix. However, we do use a local service admin to perform administrative tasks such updates hitting the cli endpoint as: http://localhost:8080/cli
Whenever we trigger a rest/cli action via curl -vL --user admin: PASSWORD_REDACTED http://localhost:8080/cli We get <title>Error 401 Invalid password/token for user: admin</title> </head> <body><h2>HTTP ERROR 401 Invalid password/token for user: admin</h2> <table> I clearly understand that this is the result of SAML plugin overriding the auth in favour of SAML discarding the use of local service users. >From my research over the net, I'm not the first experiencing this issue. I'm aware of https://github.com/wenjunxiao/mixing-security-realm-plugin but this is not an official and vetted Jenkins plugin and therefore is out of the table. >From further reading trough the web... Active Directory has a fallback user to be used as local admin https://plugins.jenkins.io/active-directory/ Fall-back user Since the version 2.5 of the AD plugin, you can define a user to fall back in case there is a communication issue between Jenkins and the AD server. On this way, this admin user can be used to continue administering Jenkins in case of communication issues, where usually you were following the link Disable security. The password of this user is automatically synced with the Jenkins Internal Database by this feature. In order to configure this new feature you should enable Use Jenkins Internal Database in the AD configuration under Manage Jenkins → Configure Global Security and specify a SINGLE user by its username. Are any future plans to have the same capability with SAML/ADFS plugin or anything else down the line planned in Jenkins Core to overcome this scenario? Phillip -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/f4b85604-9d56-ad75-8559-59bb979a1053%40bailey.st.
