Google Login Plugin 插件不允许来自多个域的用户
Google Login Plugin plugin does not allow users from multiple domains
我正在使用 Jenkins 的 Google login plugin for user authentication. I've installed and configured the plugin as mentioned in documentation and working as well. However users from only one google app domain can login to jenkins and access it(jira link)。我们有来自几个域的用户。此插件的另一个问题是 - 无法控制用户授权。所有用户都可以做任何事情。我附上了显示 jenkins google 登录插件配置
的屏幕截图
对此有任何解决方法或替代方法吗?
根据 Google Cloud Platform,这是不可能的,唯一的建议是如果您使用多个域,则设置 "Allow anyone with a Google account":
Understanding authentication for your end-users
...
Allow only members of a Google Apps domain to access the application. This is ideal for “intranet” applications where access is
limited to the users in your domain.
This method can only restrict to a single Google Apps domain. This
will not work if you use multiple domains with Google apps. If you are
using multiple domains, then select “Allow anyone with a Google
account” and extend your application code to restrict access to
end-users that are from your set of Google Apps domains. Your
application can use the value of the user_organization of the
signed-in user (rather than parsing the email address) to determine
the domain name of the user.
此外,此问题已在 https://issues.jenkins-ci.org/browse/JENKINS-32536 中注册,但仍 未解决
自版本 1.3(2016 年 11 月 21 日)起,google 登录插件允许多个域以逗号分隔。
检查更新日志:
https://wiki.jenkins.io/display/JENKINS/Google+Login+Plugin
以及公关:
https://github.com/jenkinsci/google-login-plugin/pull/3
我正在使用 Jenkins 的 Google login plugin for user authentication. I've installed and configured the plugin as mentioned in documentation and working as well. However users from only one google app domain can login to jenkins and access it(jira link)。我们有来自几个域的用户。此插件的另一个问题是 - 无法控制用户授权。所有用户都可以做任何事情。我附上了显示 jenkins google 登录插件配置
的屏幕截图对此有任何解决方法或替代方法吗?
根据 Google Cloud Platform,这是不可能的,唯一的建议是如果您使用多个域,则设置 "Allow anyone with a Google account":
Understanding authentication for your end-users
...
Allow only members of a Google Apps domain to access the application. This is ideal for “intranet” applications where access is limited to the users in your domain.
This method can only restrict to a single Google Apps domain. This will not work if you use multiple domains with Google apps. If you are using multiple domains, then select “Allow anyone with a Google account” and extend your application code to restrict access to end-users that are from your set of Google Apps domains. Your application can use the value of the user_organization of the signed-in user (rather than parsing the email address) to determine the domain name of the user.
此外,此问题已在 https://issues.jenkins-ci.org/browse/JENKINS-32536 中注册,但仍 未解决
自版本 1.3(2016 年 11 月 21 日)起,google 登录插件允许多个域以逗号分隔。
检查更新日志: https://wiki.jenkins.io/display/JENKINS/Google+Login+Plugin
以及公关: https://github.com/jenkinsci/google-login-plugin/pull/3