How LDAP plugin works on CJOC SSO context?

Issue

How the LDAP plugin works when SSO is configured in CJOC

Environment

Resolution

When SSO is configured in the Operations Center (CJOC) the login process happens against the CJOC unless it is down. On this case, there is an offline fallback mechanism which allows users to continue loging into the instance through the masters. This fallback mechanism will only work in case the authentication plugin used in CJOC is also installed in the same version in the masters.

In case you selected SSO in the CJOC there is no cache in the masters as the auth is done on CJOC - cache is only done in CJOC, so caching will only start on the masters once CJOC is dead and master uses the fallback. When the fallback happens, the masters will connect to the LDAP server as a fallback and then it will cache these responses in the LDAP lookup. When CJOC comes back it will no longer query the ldap server.

The size and TTL of cache depends on how it is configured in the LDAP plugin configuration under Manage Jenkins -> Configure Global Security

Have more questions?

0 Comments

Please sign in to leave a comment.