Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Documented way to look into inward tokens and results of lookup in userInfo endpoint #479

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Documented way to look into inward tokens and results of lookup in userInfo endpoint #479

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7032ea9
Create DEBUG_IDP.md
arymkus Dec 14, 2024
fe68984
Update README.md
arymkus Dec 14, 2024
0b8fed9
Update DEBUG_IDP.md
arymkus Dec 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions docs/howto/DEBUG_IDP.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Debug tokens from IDP

## When/why?

When it's not really well documented on IDP's side which specific fields names should be used in plugin's attribute mapping.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most common Idps do document this somewhere.
Perhaps it would be worth creating a table of common values for well known Idps


Jenkins might throw an NPE without any clarification which exact field it was unable to lookup in incoming token/s.

## Enabling debug logging

Go to System Log and create a new logger with these classpaths and log levels:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, but could potentially leak sensitive information unencrypted on disk.

Perhaps worth mentioning in an admonition that this should be used for a unique test account that should be removed after setup, or only enabled for a short time and log files deleted


- org.pac4j - ALL
- org.jenkinsci.plugins.oic - ALL
- org.jenkinsci.plugins.oic.ssl - ALL

Refresh log's page and seek into either `userinfo` responce's fields or inward token/s and update your mapping.
2 changes: 1 addition & 1 deletion docs/howto/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@
The following Linux HOWTOs are currently available:

- [Associate group(s) to user](GROUPS_FROM_IDP.md): grant rights to user based on providers' groups

- [Debug IDP data](DEBUG_IDP.md): Look into inward tokens' field names or results of userInfo lookups
Loading