使用Sharepoint Client Web部件登录 [英] Login using Sharepoint Client Web Part

问题描述

我遇到一个使用Sharepoint客户端Webpart登录到Jenkins的问题.

I am facing an issue to login into the Jenkins using Sharepoint client webpart.

Jenkins方面的安全性:使用Azure AD插件，用户现在可以使用Office 365凭据登录.

Security on Jenkins Side : using the Azure AD plugin, user can now login using the Office 365 credentials.

在云上:使用以下重定向URI创建应用注册-https://{JenkinsDomain}/securityRealm/finishLogin

On the cloud: Created an App Registration with the redirect URI as - https://{JenkinsDomain}/securityRealm/finishLogin

现在，我正在创建客户端WebPart，并且尝试从Web部件访问URL-https:///api/json?tree = jobs [name，color]，它显示为错误403-禁止访问" ，尽管当我在新标签中尝试使用相同的网址时，它会给我答复.

Now I am creating a client WebPart, and I am trying to access the URL - https:///api/json?tree=jobs[name,color] from the web part, it says 'Error 403 - Forbidden', although when I try the same URL from new tab, it gives me response.

我尝试过的事情:

const msalConfig = {
  auth: {
    clientId: "api://<client>/",
    // authority: "https://login.microsoftonline.com/common",
    authority : "https://login.microsoftonline.com/<tenantID>/",
    scopes: ['https://graph.windows.net/Directory.Read.All'],
    redirectUri : 'https://<tenantName>.sharepoint.com/'
  }
};
var userAgentApplication = new Msal.UserAgentApplication(msalConfig)

userAgentApplication.loginPopup().then(function (id_token) {
  console.log(id_token);
  var user = userAgentApplication.getAccount();
  console.log(user);
  if (user) {

  }
})

此代码给我错误:

AADSTS50011:请求中指定的回复URL与 回复为应用程序配置的URL: 'api://{clientID}/'.

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'api://{clientID}/'.

我是否可以通过客户端Web部件启用Azure AD来访问Jenkins API? 任何帮助表示赞赏.谢谢

Is there any way that I can access Jenkins API with Azure AD enabled through the Client Web Part? Any help is appreciated. Thanks

推荐答案

下面给出了从代码(无论是Javascript/Java)中调用Jenkins REST API所遵循的步骤.

Below given are the steps that we follow to invoke a Jenkins REST API from within the code, be it Javascript / Java.

1. 使用SSO或Jenkins登录名登录到Jenkins服务器(您的广告将对您进行身份验证并将您带到主页)
2. 登录后，转到管理用户"
3. 在管理用户中，对于选定用户还是超级管理员用户，我们必须选择进入用户详细信息页面的设置.通常我们有一个管理员用户，我们为其配置令牌.
4. 在该页面中，我们必须提供令牌的名称并生成一个新令牌.
5. 此令牌将被复制并放置在安全的位置
6. 完成后，保存个人资料

7. 现在，从javascript/java代码中，使用usename:token的格式，并获取此值的base64字符串.下面给出了示例Java代码段

1. Login to the Jenkins Server using the SSO or Jenkins Login (In your case your AD will authenticate you and take you to the home page)
2. Once logged-in, go to Manage Users
3. In the manage users, either for a selected user or for a super admin user, we have to choose the settings which takes to the user details page. we normally have a admin user for which we configure the tokens.
4. In that page, we have to provide a name for the token and generate a new token.
5. This token is to be copied and placed in a secure location
6. Once done, save the profile

7. Now, from the javascript / java code, use the format of usename:token and get the base64 string of this value. Example java code snippet is given below

String secureToken = Base64.getEncoder().encodeToString((user +:" + key).getBytes());

String secureToken = Base64.getEncoder().encodeToString((user + ":" + key).getBytes());

然后，在Authorization标头中设置secureToken，就像下面为Java给出的那样

After this, set the secureToken in the Authorization header like the one given below for Java

httpGet.setHeader(HttpHeaders.AUTHORIZATION，"Basic" + secureToken);

httpGet.setHeader(HttpHeaders.AUTHORIZATION, "Basic " + secureToken);

现在，您可以使用这种方法来调用Jenkins REST API，例如获取构建统计信息，触发构建等.

Now, you can make calls to the Jenkins REST API like getting build statistics, triggering a build etc with this approach.

我将从Jenkins那里收集一些有用的链接，并进行进一步的阅读，因为安全地使用了安全令牌，并且出于安全原因，它们必须经过一段时间后轮换使用(因为这些会使这篇文章变得很长，我跳过这些要点在这里.)

I will gather some useful links from Jenkins and post for further reading because the security token's are to be securely used and they have to rotated after some time for security reasons (since these will make this a very long post, i am skipping these points here).

我有以下链接，将提供更多详细信息

I have the below links which will give bit more details

https://wiki.jenkins.io/display/JENKINS/Remote + access + API

https://www.decodingdevops.com/jenkins- authentication-token-jenkins-rest-api/

另外，我得到了这段代码，我们很久以前就使用它来让node.js与jenkins对话，希望这对您有用

Also, I got this code that we used long back for node.js to talk to jenkins, hope this may be useful for you

const options = {
    hostname: process.env.JENKINS_HOST,
    port: process.env.JENKINS_PORT,
    path: `${jenkinsBuildUrl}?param1=${param1}&param2=${params.Key}&operation=${operation}`,
    method: "POST",
    headers: {
        'Authorization': 'Basic '+ Buffer.from('admin'+':'+process.env.AUTH_TOKEN).toString('base64')
    }
};

const jr = https.request(options, jres => {
    jres.on("data", chunk => {
        console.log(`BODY: ${chunk}`);
    });
    jres.on("end", () => {
        console.log("Request completed with no data.");
    });
});
jr.on("error", e => {
    console.log(
        `Something went wrong when triggering the build in Jenkins Server in the current request: ${e.message}`
    );
});
jr.end();

HTH

这篇关于使用Sharepoint Client Web部件登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！