yep, it is not possible to retrieve the groups from the IdP because the API token authentication it is a local authentication with a non password key so when you login you only have the permissions that you grant directly to the user more less because it depends a little of your permissions plugin (role based, matrix, ...), I am working on some kind of cache that should be configured to allow to use full grant authorities even do you use the API Token.
El viernes, 28 de abril de 2017, 11:04:29 (UTC+2), James Masson escribió: > > > To close the loop on this... > > It looks like the API keys for SAML generated users are persisted > /somewhere/ in jenkins. > > However, the permissions associated with the API key do not seem to get > persisted - unless the user is directly in the permissions matrix, and > doesn't get permissions as part of a group. > > There seems to be zero documentation on how this works. > > > > On Thursday, 27 April 2017 10:44:03 UTC+1, James Masson wrote: >> >> >> Thanks for the reminder about API keys - I'd forgotten about them - works >> perfectly. >> >> However.... >> >> How does the API key for a SAML authed user get persisted?is it just in >> memory? If I restart Jenkins, does it get reset? >> >> I notice there are no user config.xml files created by Jenkins for SAML >> users. >> >> James M >> >> On Tuesday, 25 April 2017 21:14:49 UTC+1, Ivan Fernandez Calvo wrote: >>> >>> HI, >>> >>> It is not possible to use two authentication plugins/methods at the same >>> time, but you could use the API token as authentication method for scripts >>> or other automated tasks, for more information you can take a look at >>> https://wiki.jenkins-ci.org/display/JENKINS/Authenticating+scripted+clients >>> >>> El martes, 25 de abril de 2017, 13:48:28 (UTC+2), James Masson escribió: >>>> >>>> >>>> Hi list, >>>> >>>> I've successfully got SAML integration working with Jenkins & OneLogin, >>>> through the normal SAML plugin. >>>> >>>> What I'm struggling with now is finding a solution to authenticate the >>>> Jenkins Swarm slave plugin, and a few other automation tools that operate >>>> via standard HTTP auth. >>>> >>>> Has anyone done this? >>>> >>>> Ideally I'd use PAM auth for the automation, and SAML just for users - >>>> but this doesn't seem to be possible? >>>> >>>> thanks >>>> >>>> James M >>>> >>>> >>>> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6502fa2a-25a8-4e01-8b00-eb86b6b1f09e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
