Jenkins Service Provider

Step 2: Download and install the plugin in Jenkins.

    To Setup the miniorange saml SP plugin follow the path:

  • Download miniorange_saml.hpi file.
  • Login to your Jenkins Admin Account.


  • manage jenkins-1

  • Go to Manage Jenkins option from the left pane, and open Manage Plugins tab.


  • manage plugins-2

  • Go to the advanced tab and upload the hpi file.


  • upload plugin-3

  • Follow the instructions shown on screen and restart the Jenkins.


  • install plugins-4

Step 3: Activate the plugin

  • Open Manage Jenkins and select Configure Global Security.


  • configure security-5

  • Set the Security Realm as miniorange SAML 2.0.


  • security realm-6

  • Make sure that Enable Security checkbox is checked.
Manual Configuration

To Configure IDP enter the following details and press apply and save the settings.

  • IDP Entity ID
  • Single Sign On URL
  • Name ID Format
  • X.509 Certificate
  • Username Attribute
  • Email Attribute
idp metadata -6

SP Configurations

  • To Configure SP Settings at IDP copy below URL and paste in respective fields at IDP end.
    • ACS URL: https://your-jenkins-domain/securityRealm/moSamlAuth
    • Audience URI: https://your-jenkins-domain
    • SP Entity ID: https://your-jenkins-domain
    • sp metadata -7


If you want to auto create users through Single Sign On, check Do you want to create users? check box.


Manual Configuration

To Configure IDP enter the following details and press apply and save the settings.

  • IDP Entity ID
  • Single Sign On URL
  • Single Logout URL
  • Name ID Format
  • X.509 Certificate
  • Username Attribute
  • Email Attribute
  • idp metadata -6


Attribute Mapping

  • Attribute Mapping feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at Jenkins.
  • In Jenkins miniOrange SAML SP plugin, go to Attribute Mapping section and fill up the following fields.
    • Username Attribute
    • Email Attribute
    • Full Name Attribute
    • attribute mapping-8
  • Select the option as username/email in Login Jenkins Account by: as per your account in Jenkins.
  • If you don't want existing users attribute to update keep the Do not update Attributes of existing users checkbox unchecked.
  • To Add custom Attribute select Add option.
    • Set Attribute Name as the one set in IDP eg. lname
    • Set display name in user proprties as one you want it appear in jenkins user's config.xml file and in user's configure tab.
  • Paste URL that users will be redirected after logout in Custom Logout URL tab.


SP Configurations

  • To Configure SP Settings at IDP copy below URL and paste in respective fields at IDP end.
    • SP Entity ID: https://your-jenkins-domain/securityRealm/moSamlAuth
    • Audience URI: https://your-jenkins-domain/securityRealm/moSamlAuth
    • ACS URL: https://your-jenkins-domain
    • sp metadata -7


Advanced Settings

    advance settings -9
  • Binding Types for Authentication and Logout Request:
    • Set the binding type as Http-Redirect or Http-Post to send requests in redirect or post format.
  • Keep the check boxes for signed request and user creation as per your requirement.
  • Auto-Redirection from Jenkins Login:
    • If do you want to Auto Redirect to IDP option is enabled, any unauthenticated user trying to access the default Jenkins login page will get redirected to the IDP login page for authentication. After successful authentication, they will be redirected back to the Jenkins base URL.
    • Copy backdoor URL and save it for emergency.