-
Notifications
You must be signed in to change notification settings - Fork 84
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use JMESPath for extracting idtoken and userinfo fields (#281)
- Loading branch information
1 parent
62720cf
commit 0332677
Showing
12 changed files
with
285 additions
and
236 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
357 changes: 163 additions & 194 deletions
357
src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -52,5 +52,4 @@ public boolean isCredentialsNonExpired() { | |
public boolean isEnabled() { | ||
return true; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 5 additions & 2 deletions
7
src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-groupsFieldName.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,11 @@ | ||
<div> | ||
Not required. If the field exists in the token and is an array of strings, then each string is added as a group. | ||
Not required. The field specification must be a valid <a href="https://jmespath.org/" target="_blank">JMES Path</a>. | ||
|
||
If the field exists in the token and is an array of strings, then each string is added as a group. | ||
This allows groups based authorization in Jenkins. The SSO server will need to add the field with the list of groups in | ||
the token. For example in Keycloak, this can be done with a 'Group Membership' mapper in the configuration of the client. | ||
|
||
If the SSO server adds the groups as an array of maps instead, then specify the group field as "groups[].name" where "groups" | ||
But if, by example, the SSO server adds the groups as an array of maps instead, then specify the group field as "groups[].name" where "groups" | ||
is the field containing the array of maps, and "name" it the name of the key in the map that holds the group name. | ||
|
||
</div> |
5 changes: 3 additions & 2 deletions
5
src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-tokenFieldToCheckKey.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
<div> | ||
Optional. The name of the field to check. | ||
Optional. The name of the field to chek, which must be a valid <a href="https://jmespath.org/" target="_blank">JMES Path</a>. | ||
|
||
If specified, users are required to have this field match the value to successfully login | ||
</div> | ||
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters