Hanzo
PlatformHanzo IAMIntegrationsJava

Jenkins plugin

Using the Hanzo IAM plugin for Jenkins security

The Hanzo IAM Jenkins plugin lets users sign in to Jenkins via Hanzo IAM. This guide configures the plugin.

The following are some of the configuration settings:

IAM_HOSTNAME: The domain name or IP where the Hanzo IAM server is deployed.

JENKINS_HOSTNAME: The domain name or IP where Jenkins is deployed.

Step 1: Deploy Hanzo IAM and Jenkins

Deploy Hanzo IAM and Jenkins.

After a successful deployment, ensure the following:

  1. Set the Jenkins URL (Manage Jenkins -> Configure System -> Jenkins Location) to JENKINS_HOSTNAME. Jenkins URL
  2. Verify that Hanzo IAM can be logged in and used normally.
  3. Set the origin value of Hanzo IAM (conf/app.conf) to IAM_HOSTNAME. Hanzo IAM conf

Step 2: Configure the Hanzo IAM Application

  1. Create a new Hanzo IAM application or use an existing one.
  2. Add a redirect URL: http://JENKINS_HOSTNAME/securityRealm/finishLogin Hanzo IAM Application Setting
  3. Add the desired provider and provide any additional settings.

Note Client ID and Client secret from the application page for the next step.

Open your favorite browser and visit http://IAM_HOSTNAME/.well-known/openid-configuration to view the OIDC configuration of Hanzo IAM.

Step 3: Configure Jenkins

Install the Hanzo IAM plugin from the Jenkins marketplace or by uploading the plugin JAR.

After the installation is complete, go to Manage Jenkins -> Configure Global Security.

Suggestion: Back up the Jenkins config.xml file and use it for recovery in case of setup errors.

Jenkins' Setting

  1. In the Security Realm section, select "Hanzo IAM Authentication Plugin".
  2. In the Hanzo IAM Endpoint field, enter the IAM_HOSTNAME mentioned earlier.
  3. In the Client ID field, enter the Client ID mentioned earlier.
  4. In the Client secret field, enter the Client secret mentioned earlier.
  5. JWT Public Key: In Hanzo IAM open Cert, edit your application’s cert, and copy the public key. JWT Public Key
  6. Organization Name and Application Name are optional; use them to restrict verification to specific orgs/apps. If empty, the plugin uses the default organization and application.
  7. In the Authorization section, check "Logged-in users can do anything". Disable "Allow anonymous read access".
  8. Click Save.

Jenkins will now automatically redirect you to Hanzo IAM for authentication.

How is this guide?

Last updated on

Jenkins (OIDC)

Use Hanzo IAM as the OIDC IdP for Jenkins sign-in.

Connecting applications with OIDC protocol - Confluence

Learn how to use OIDC protocol as IDP to connect Confluence and other applications.

On this page

Step 1: Deploy Hanzo IAM and Jenkins
Step 2: Configure the Hanzo IAM Application
Step 3: Configure Jenkins