I am very beginner of keycloak. I need some help.
I have SSO solution and I want to integrate it with jenkins. In this point, I want to permit some users based role.
OpenID -- keycloak -- jenkins : all users who are in openid can login jenkins (I don't want)
OpenID -- keycloak (check role) -- jenkins : all users who are in openid and also have specific role in keycloak can login jenkins (I want)
I think this is very simple and common example of using keycloak, but I can't find the solution.
steps I did are here.
(refer. https://wiki.jenkins.io/display/JENKINS/keycloak-plugin)
now, I can login jenkins successfully.
select realm role and check required
It's done, but it does not works.
I managed it the following way (Using Keycloak 8.0.1, Jenkins 2.208):
Keycloak:
Jenkins
Switch authorization mode to Role-Based Strategy by going in "Configure Global Security" - Select "Authorization": "Role-Based Strategy" and then click on save
Add Keycloak authentication JSON by going to "Manage Jenkins" - "Configure System" - "Global Keycloak Settings" and paste the previously copied JSON (Keycloak step 3) to "Keycloak JSON" Area
Verify that an admin role is present by going to "Manage Jenkins" - "Manage and Assign Roles" - "Manage Roles" - "Global Roles". If not present, add the role "admin" with all checkboxes selected; then click on SAVE
Add a "read_only" role by going to "Manage Jenkins" - "Manage and Assign Roles" - "Manage Roles" - "Global Roles" and add role "read_only" with "Overall Read" selected; then click on SAVE
Create group "jenkins_admin" and assign to "admin" role by going to "Manage Jenkins" - "Manage and Assign Roles" - "Assign Roles" and add group "jenkins_admin" to global roles; then select "admin" and click on SAVE
Create group "jenkins_readonly" and assign to "read_only" role by going to "Manage Jenkins" - "Manage and Assign Roles" - "Assign Roles" and add group "jenkins_readonly" to global roles; then select "read_only" and click on SAVE
Change the "Security Realm" to Keycloak Authentication Plugin by going to "Configure Global Security" and selecting "Security Realm": "Keycloak Authentication Plugin", then click on save.
Logout
Now, when you try to perform a login, you should be redirected to the Keycloak login page. Try to log in as admin with admin rights, and as named user with read only rights.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With