TeamCity plugin which supports authentication via Microsoft Azure Active Directory.
The plugin is compatible with TeamCity server 10.0+
Download the plugin and install it as an additional TeamCity plugin.
Register a new Azure Active Directory application for your TeamCity server with the following parameters:
Parameter | Value |
---|---|
Application type | Web |
Redirect URIs | %TEAMCITY_URL%/overview.html |
%TEAMCITY_URL%/aadAuth.html |
Note: Redirect URIs could be set in the application settings (Authentication\Web).
Add the 'Microsoft Azure Active Directory' HTTP authentication module to your authentication configuration.
Specify valid 'OAuth 2.0 authorization endpoint (v1)' and 'Application ID' retrieved from the Azure Portal.
Note: The OAuth 2.0 authorization endpoint URL could be retrieved from the Endpoints available on the App registrations page in the Azure portal. 'OAuth 2.0 authorization endpoint (v2)' is currently unsupported).
After that the 'Log in using Azure Active Directory' link will be available on the Login page.
After successful authentication browser will be redirected to '%TEAMCITY_URL%/overview.html' page by default. This prevents TeamCity from automatic switching to the new UI.
To fix that:
%TEAMCITY_URL%/aadAuth.html
to Redirect URIs list teamcity.aad.endpoint.type=dedicated
Property should be set after applying changes to Azure portal. No TeamCity server restart is requred.
To fix that, specify the internal property rest.cors.origins=https://login.microsoftonline.com
403 Forbidden: Responding with 403 status code due to failed CSRF check: request's "Origin" header value "null" does not match Host/X-Forwarded-Host header values or server's CORS-trusted hosts, consider adding "Origin: %TEAMCITY_URL%" header.
Modern browsers can set Origin: null
and Upgrade-Insecure-Requests
headers while replying from HTTPS Azure endpoint to the HTTP URL of the TeamCity server due to security reasons.
Possible solutions:
rest.cors.origins=null
(insecure, don't use it in production)This plugin uses the OAuth 2.0 OpenID Connect authentication protocol and works as follows:
This project uses gradle as the build system. You can easily open it in IntelliJ IDEA or Eclipse.
Issue the build
command from the root project to build your plugin. The resulting package will be placed in the distributions
directory.
Please follow IntelliJ Coding Guidelines.
Please submit your questions/bugs/feature requests in the issues.
Note: This is not a bundled plugin, please do not use the TeamCity official channels to provide feedback for this plugin.