search

jenkinsci / oidc-provider-plugin

OpenID Connect Provider Plugin for Jenkins
https://plugins.jenkins.io/oidc-provider/
MIT License
22 stars 13 forks source link

Host OIDC configuration for non-default issuer #26

Open Shurgentum opened 1 year ago

Shurgentum commented 1 year ago

What feature do you want to see added?

When a jenkins endpoint is publicly unavailable, it creates a need to host the jwks and openid-configuration files separately. Unfortunately, this approach is difficult/impossible to automate and avoid manual file uploads.

There is a more practical approach - so that with a non-default Issuer, you can configure a proxy or Load Balancer with a different domain name and filter traffic using the url path.

Proposal

Add a checkbox when creating OpenID Credentials, upon activation of which Jenkins will host files on its own, even with non-default Issuer.

Upstream changes

No response

dee-kryvenko commented 9 months ago

It's always been a common understanding that Jenkins typically has two endpoints, one main UI for the users and another public but restricted to things like /github-webhook, /buildStatus and so on. Historically all plugins, from github, bitbucket, build status etc etc - all supported this concept. Even official helm chart has two ingress for that reason. This plugin should really stick to that common wisdom...