Package com.cloudforge.core.oidc

Class JenkinsOidcIntegration

java.lang.Object
com.cloudforge.core.oidc.JenkinsOidcIntegration
All Implemented Interfaces:
OidcIntegration
public class JenkinsOidcIntegration extends Object implements OidcIntegration
OIDC integration for Jenkins using the OpenID Connect Authentication Plugin.

Jenkins requires the "oic-auth" plugin for OIDC support. This integration configures Jenkins to authenticate users against AWS Cognito or IAM Identity Center.

Supported OIDC Providers:

  • Amazon Cognito
  • IAM Identity Center
  • Any OIDC-compliant provider

Features:

  • Auto-create users on first login
  • Group/role mapping from OIDC claims
  • Full user information synchronization
  • Token-based session management

Required Plugin:

  • OpenID Connect Authentication Plugin (oic-auth)
See Also:

  • Constructor Details

    • JenkinsOidcIntegration

      public JenkinsOidcIntegration()

  • Method Details

    • isSupported

      public boolean isSupported()
      Description copied from interface: OidcIntegration
      Returns whether this application supports OIDC integration.
      Specified by:
      isSupported in interface OidcIntegration
      Returns:
      true if application has OIDC support

    • getIntegrationMethod

      public String getIntegrationMethod()
      Description copied from interface: OidcIntegration
      Returns the OIDC integration method for this application.

      Examples:

      • jenkins: OIDC Plugin
      • gitlab: Built-in OmniAuth
      • grafana: Built-in generic_oauth
      • sonarqube: OIDC Plugin
      Specified by:
      getIntegrationMethod in interface OidcIntegration
      Returns:
      integration method description

    • getEnvironmentVariables

      public Map<String,String> getEnvironmentVariables(OidcConfiguration config)
      Description copied from interface: OidcIntegration
      Returns environment variables needed for OIDC configuration.

      These are passed to the container or EC2 userdata script.

      Example for Grafana:

       GF_AUTH_GENERIC_OAUTH_ENABLED=true
 GF_AUTH_GENERIC_OAUTH_NAME=Cognito
 GF_AUTH_GENERIC_OAUTH_CLIENT_ID=${clientId}
 GF_AUTH_GENERIC_OAUTH_AUTH_URL=${authUrl}
      Specified by:
      getEnvironmentVariables in interface OidcIntegration
      Parameters:
      config - OIDC configuration from provider
      Returns:
      map of environment variable name to value

    • getConfigurationFile

      public String getConfigurationFile(OidcConfiguration config)
      Description copied from interface: OidcIntegration
      Returns configuration file content for OIDC setup.

      Some applications require configuration files instead of environment variables.

      Example for GitLab gitlab.rb:

       gitlab_rails['omniauth_enabled'] = true
 gitlab_rails['omniauth_providers'] = [
   {
     name: 'openid_connect',
     args: { ... }
   }
 ]
      Specified by:
      getConfigurationFile in interface OidcIntegration
      Parameters:
      config - OIDC configuration from provider
      Returns:
      configuration file content (optional)

    • getConfigurationFilePath

      public String getConfigurationFilePath()
      Description copied from interface: OidcIntegration
      Returns the file path where configuration should be written.

      Only used if getConfigurationFile() returns non-null.

      Specified by:
      getConfigurationFilePath in interface OidcIntegration
      Returns:
      configuration file path (optional)

    • getUserDataCommands

      public List<String> getUserDataCommands(OidcConfiguration config, Ec2Context context)
      Description copied from interface: OidcIntegration
      Returns UserData commands for setting up OIDC integration.

      These commands are added to the EC2 userdata script to configure OIDC integration during instance initialization.

      Specified by:
      getUserDataCommands in interface OidcIntegration
      Parameters:
      config - OIDC configuration from provider
      context - EC2 context with stack information
      Returns:
      list of shell commands

    • getContainerStartupCommand

      public String getContainerStartupCommand()
      Description copied from interface: OidcIntegration
      Returns the application startup command for Fargate containers.

      This command is used to start the application after the OIDC configuration file has been created. Each application has a different startup script.

      Examples:

      • Jenkins: /usr/local/bin/jenkins.sh
      • GitLab: /assets/wrapper
      • Grafana: /run.sh
      • Mattermost: /mattermost/bin/mattermost (distroless - Go binary)
      Specified by:
      getContainerStartupCommand in interface OidcIntegration
      Returns:
      startup command path

    • supportsCognito

      public boolean supportsCognito()
      Description copied from interface: OidcIntegration
      Returns whether this application supports Cognito as an identity provider.

      Cognito provides:

      • User pool with email/password authentication
      • MFA support (TOTP, SMS)
      • OAuth 2.0 / OIDC endpoints
      • Hosted UI for login
      Specified by:
      supportsCognito in interface OidcIntegration
      Returns:
      true if Cognito OIDC is supported (default: true)

    • supportsIdentityCenterSaml

      public boolean supportsIdentityCenterSaml()
      Description copied from interface: OidcIntegration
      Returns whether this application supports IAM Identity Center SAML.

      IAM Identity Center (formerly AWS SSO) provides:

      • SAML 2.0 authentication
      • Enterprise directory integration
      • Group-based access control
      • Centralized user management

      Applications that use SAML (Mattermost, Metabase) support this. Applications that only use OIDC may not.

      Specified by:
      supportsIdentityCenterSaml in interface OidcIntegration
      Returns:
      true if IAM Identity Center SAML is supported (default: false)

    • getAuthenticationType

      public String getAuthenticationType()
      Description copied from interface: OidcIntegration
      Returns the authentication type this integration uses.
      Specified by:
      getAuthenticationType in interface OidcIntegration
      Returns:
      "OIDC" or "SAML"

    • getPostDeploymentInstructions

      public String getPostDeploymentInstructions()
      Description copied from interface: OidcIntegration
      Returns post-deployment instructions for completing OIDC setup.

      Some applications require manual steps after deployment (e.g., installing plugins).

      Specified by:
      getPostDeploymentInstructions in interface OidcIntegration
      Returns:
      human-readable instructions (optional)