代码改变世界

jenkins添加私域登录

2021-03-31 09:19  Tanwheey  阅读(441)  评论(0编辑  收藏  举报

1.在https://wiki.jenkins.io/display/JENKINS/Script+Security+Realm下载插件script-realm.hpi 到本地。

script-realm.hpi获取地址:

复制这段内容后打开百度网盘App,操作更方便哦。

链接:https://pan.baidu.com/s/1sxnjAdtfqLlCfuSiRDrW0w 

提取码:z3Os

 

2.登录jenkins在插件管理里面,离线安装插件。

3.安装成功后,进入配置页面,配置验证权限的代码,user.py。就可以实现sso登录了

user.py:

import os
import json
import urllib
import urllib2
import hashlib
env_dist = os.environ
username = env_dist.get('U')
password = env_dist.get('P')
md5_password =  hashlib.md5(password).hexdigest()
url = 'http://xxx.xxx.xxx/sso/verify'  //填写私域单点登录url
req = urllib2.Request(url, urllib.urlencode({'username': username, 'password': md5_password}))  //填写私域单点登录用户名及密码,按定义规则填写
response = urllib2.urlopen(req)
res = json.loads(response.read())["REQ_DATA"]
if res:
    os._exit(0)
else:
    os._exit(1)

 

此处一定注意:全局角色admin不能删除,且必须在全局角色中创建一个只有Overall/Read的角色,这个角色是分配给下面的项目角色使用的,否则,分配了项目角色的用户登录后会提示“ 用户名 is missing the Overall/Read permission”。如出现“ 用户名 is missing the Overall/Read permission”问题,请进入jenkins home文件夹中,将config.xml备份后新建内容进行解决。

config.xml:

任意访问允许

<?xml version='1.1' encoding='UTF-8'?>
<hudson>
  <disabledAdministrativeMonitors/>
  <version>1.0</version>
  <numExecutors>2</numExecutors>
  <mode>NORMAL</mode>
  <useSecurity>true</useSecurity>
  <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
  <securityRealm class="hudson.security.SecurityRealm$None"/>
  <disableRememberMe>false</disableRememberMe>
  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
  <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULL_NAME}</workspaceDir>
  <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
  <jdks/>
  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
  <clouds/>
  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
  <views>
    <hudson.model.AllView>
      <owner class="hudson" reference="../../.."/>
      <name>all</name>
      <filterExecutors>false</filterExecutors>
      <filterQueue>false</filterQueue>
      <properties class="hudson.model.View$PropertyList"/>
    </hudson.model.AllView>
  </views>
  <primaryView>all</primaryView>
  <slaveAgentPort>0</slaveAgentPort>
  <label></label>
  <crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer">
    <excludeClientIPFromCrumb>false</excludeClientIPFromCrumb>
  </crumbIssuer>
  <nodeProperties/>
  <globalNodeProperties/>
</hudson>