jenkins添加私域登录
2021-03-31 09:19 Tanwheey 阅读(441) 评论(0) 编辑 收藏 举报script-realm.hpi获取地址:
复制这段内容后打开百度网盘App,操作更方便哦。
链接:https://pan.baidu.com/s/1sxnjAdtfqLlCfuSiRDrW0w
提取码:z3Os
2.登录jenkins在插件管理里面,离线安装插件。
3.安装成功后,进入配置页面,配置验证权限的代码,user.py。就可以实现sso登录了
user.py:
import os import json import urllib import urllib2 import hashlib env_dist = os.environ username = env_dist.get('U') password = env_dist.get('P') md5_password = hashlib.md5(password).hexdigest() url = 'http://xxx.xxx.xxx/sso/verify' //填写私域单点登录url req = urllib2.Request(url, urllib.urlencode({'username': username, 'password': md5_password})) //填写私域单点登录用户名及密码,按定义规则填写 response = urllib2.urlopen(req) res = json.loads(response.read())["REQ_DATA"] if res: os._exit(0) else: os._exit(1)
此处一定注意:全局角色admin不能删除,且必须在全局角色中创建一个只有Overall/Read的角色,这个角色是分配给下面的项目角色使用的,否则,分配了项目角色的用户登录后会提示“ 用户名 is missing the Overall/Read permission”。如出现“ 用户名 is missing the Overall/Read permission”问题,请进入jenkins home文件夹中,将config.xml备份后新建内容进行解决。
config.xml:
任意访问允许
<?xml version='1.1' encoding='UTF-8'?> <hudson> <disabledAdministrativeMonitors/> <version>1.0</version> <numExecutors>2</numExecutors> <mode>NORMAL</mode> <useSecurity>true</useSecurity> <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/> <securityRealm class="hudson.security.SecurityRealm$None"/> <disableRememberMe>false</disableRememberMe> <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/> <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULL_NAME}</workspaceDir> <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir> <jdks/> <viewsTabBar class="hudson.views.DefaultViewsTabBar"/> <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/> <clouds/> <scmCheckoutRetryCount>0</scmCheckoutRetryCount> <views> <hudson.model.AllView> <owner class="hudson" reference="../../.."/> <name>all</name> <filterExecutors>false</filterExecutors> <filterQueue>false</filterQueue> <properties class="hudson.model.View$PropertyList"/> </hudson.model.AllView> </views> <primaryView>all</primaryView> <slaveAgentPort>0</slaveAgentPort> <label></label> <crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer"> <excludeClientIPFromCrumb>false</excludeClientIPFromCrumb> </crumbIssuer> <nodeProperties/> <globalNodeProperties/> </hudson>