{jenkins-plugin-info:reverse-proxy-auth-plugin} |
This plugin lets you delegate the authentication to the reverse proxy that you run in front of Jenkins. It also includes Authorisation, which is done via LDAP groups loaded from the HTTP header or LDAP search - based on the username. |
The default values for the HTTP header fields are:
<VirtualHost *:80> ProxyPreserveHost On ProxyRequests Off AllowEncodedSlashes NoDecode Timeout 5400 ProxyTimeout 5400 <Proxy "*"> Order deny,allow Allow from all Authtype BASIC AuthName "Please sign in with your Apache user name and password" # file created with htpasswd AuthUserFile /usr/local/apache2/conf/passwd Require valid-user # Remove these header before to set the right value after, it prevent the client from setting this header RequestHeader unset "X-Forwarded-User" RequestHeader unset "X-Forwarded-Groups" # Remove the basic authorization header to avoid to use it in Jenkins RequestHeader unset "Authorization" # Adds the X-Forwarded-User header that indicates the current user name. # this portion came from http://old.nabble.com/Forcing-a-proxied-host-to-generate-REMOTE_USER-td2911573.html#a2914465 RewriteEngine On # User to use to login in Jenkins RequestHeader set "X-Forwarded-User" "%{RU}e" # Groups are separated by | RequestHeader set "X-Forwarded-Groups" "%{RU}e|users" # strip the REALM of Kerberos Login # RequestHeader edit X-Forwarded-User "@REALM$" "" # see the Apache documentation on why this has to be lookahead RewriteCond %{LA-U:REMOTE_USER} (.+) # this actually doesn't rewrite anything. what we do here is to set RU to the match above # "NS" prevents flooding the error log RewriteRule .* - [E=RU:%1,NS] </Proxy> # send you to the Jenkins instance ProxyPass "/jenkins" "http://jenkins.example.com:8282/jenkins" nocanon ProxyPassReverse "/jenkins" "http://jenkins.example.com:8282/jenkins" </virtualhost> |
PR #24 - Add configuration option for groupNameAttribute to use fields other than CN as group lookup
PR #25 - Add support of custom log output redirect
PR #26 - Add support of custom login URL
PR #33 - Plugin now requires Jenkins core 1.625.3 or above
For more details, please checked the closed pull requests on Github: https://github.com/jenkinsci/reverse-proxy-auth-plugin/pulls