Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Jenkins is running as a service
  • Jenkins is on a Windows system
  • Jenkins is authenticating using the Active Directory plugin
  • Service account that Jenkins uses must have kerberos authentication privileges on the domain (see SPN information here)
  • Windows system account (on the domain) must be configured to allow kerberos authentication (HTTP SPNs)
  • Clients accessing Jenkins must be on the same domain (Not tested in a cross-domain environment)
  • Access to Jenkins using a web browser on the hosting system is recommended during initial configuration (as is leaving "Allow Localhost" checked until it all works)
  • If you see HTTP 413 errors when using this plugin, you might need to increase the request header size. This is done by editing %JENKINS_HOME%\jenkins.xml and adding "--requestHeaderSize=16384" to the Jenkins command-line argument.

Notes

For this plugin to work, Jenkins needs to be running as a service that has permission to perform kerberos authentication, and the system needs to have a domain configuration that allows kerberos authentication. See https://github.com/dblock/waffle/blob/master/Docs/Troubleshooting.md for some tips on this.

...

  • Adjust the logging
  • Reduced the number of times the user is actually authenticated from all requests that should be authenticated to only on requests that should be authenticated when the user session has not been authenticated.
  • Update to plugin pom 2.11
  • Make sure the settings UI always has the correct information
  • Fix JENKINS-32197 More URLs that NegSecFilter should not secure
  • Fix JENKINS-30095 Make Jenkins 1.586 the minimum version (Dependency version issue)
  • Fix JENKINS-30116 NegSecFilter should not secure notifyCommit URLs
  • Remove use of functions only present in Java 1.8
  • Update to plugin pom 2.3 (but build against Jenkins 1.586)
  • Mirror the method that Jenkins uses to determine if a URI managed by a plugin should be secured (avoid needing to explicitly list each path that shouldn't be secured)

...