Search Knowledge Base by Keyword
This page will guide you on the installation of the WinKK Passport authentication for Jenkins using the SAML 2.0 standard.
The basic installation process is quite straightforward and described in the official guide.
Make sure that Java 8 runtime environment is installed in a target server. In Ubuntu systems this can be done with the following command:
sudo apt-get install default-jre
To install Jenkins in Ubuntu systems the following commands should be executed:
wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add - sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list' sudo apt-get update sudo apt-get install jenkins
Next a certificate and its private key should be prepared and placed somewhere in the server to make Jenkins run under the secured SSL connection required for SAML integration.
Then the Jenkins config file should be edited (/etc/default/jenkins in Ubuntu systems) to set ports, the certificate with its private key and to open Jenkins for the external network. All these configs can be provided in the bottom line, which will look like the following:
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=-1 --httpsPort=8081 --httpsCertificate=/path_to_certificate/domain_ssl_certificate.cer --httpsPrivateKey=/path_to_pkey/domain_private_key.key --httpListenAddress=0.0.0.0"
After that Jenkins can be restarted (sudo systemctl restart jenkins in Ubuntu systems) and instantly configured. This configuration goes in a web browser at the URL of Jenkins and is very straightforward.
WinKK Passport Configuration
- Open passport.winkk.com/partner, login with your profile, and open the Applications tab.
- Add a new application
- Name – doesn’t matter,
- URL – an endpoint to your Jenkins, for example https://demo.winkk.com:8081,
- Interface – SAML2,
- Authentication type – doesn’t matter,
- Audience – https://demo.winkk.com:8081/securityRealm/finishLogin,
- ACS URL – https://demo.winkk.com:8081/securityRealm/finishLogin,
- where https://demo.winkk.com:8081 – the endpoint to Jenkins with its port, if it’s not default:
- Click Save.
- After these steps the application id will be generated and located in the application’s page header:
- Go to the plugins management screen: https://demo.winkk.com:8081/pluginManager
Here and after https://demo.winkk.com:8081 points to the configurable Jenkins location and of course will differ in your configuration.
- Open the Available tab, find and install the SAML plugin and restart Jenkins:
- Open the global security settings: https://demo.winkk.com:8081/configureSecurity
- Check Enable security.
- Select SAML 2.0 as the Security Realm.
- Go to passport.winkk.com/saml2a/metadata.xml and copy this XML metadata into the IdP Metadata field. Make sure to change the Location attribute of two SingleLogoutService tags to https://passport.winkk.com/saml2a/YOUR_APPLICATION_ID/logout and the Location attribute of two SingleSignOnService tags to https://passport.winkk.com/saml2a/YOUR_APPLICATION_ID/auth with YOUR_APPLICATION_ID replaced to the actual application ID, obtained during the WinKK Passport configuration.
- Fill the Logout URL with https://passport.winkk.com/saml2a/logout?client_id=YOUR_APPLICATION_ID&RelayState=https://demo.winkk.com:8081, where YOUR_APPLICATION_ID is the same one as in the previous step and RelayState should provide some page to be redirected to after the successful logout.
- Click Save button and check whether the SAML authentication works by logging out and logging in.