Jenkins Application Configuration in SafeNet Trusted Access

Perform the following steps to configure the Jenkins application in SafeNet Trusted Access (STA):

1. On the Add Application window, select Jenkins (from the list of available applications) or search for Jenkins.

   

2. Enter a Display Name (any name can be used) for the application, and click Add.

   

3. Under Application Setup, perform the following steps:

   1. In the PUBLIC URI field, enter the name of your protected application hosted at the internal server.

      You can enter a forward slash (/) to protect all the applications.

      > PUBLIC URI must be unique for all the sub-applications of a parent application.
      > The application name must not start with a forward slash (/).
      

   2. In the INTERNAL URL field, enter the internal server hosting URL of the Jenkins application. If the port number is different from the default port 443 or 80, then append the port number in the URL (https://<internalhost>:<portnumber>). It is recommended to use https. For example, https://internal-abc.example.com:8000/

      > If Fully Qualified Domain Name (FQDN) is used as an Internal URL, then the Internal URL must be in lower case and the DNS server IP address must be entered in the Use Custom Domain Name Servers field given under Network Settings of the Application Gateway admin console.
      > The Internal URL must be same for all sub-applications of the parent application.
      

   3. In the AUTHENTICATION SCHEME field, select either HTTP BASIC or FORM AUTHENTICATION.

   4. If you select FORM AUTHENTICATION as an authentication scheme, in the LOGIN URL field, enter the login URL. You can obtain the login URL by performing the steps mentioned in the Obtaining the Login URL section.

   5. In the LOGOUT URL field, enter /logout.

   6. Click Add Attributes to add a header attribute. Additional required parameters can be passed to the protected application in the form of header, cookie, params, and form.

      1. From the TYPE dropdown, select the required option. The following options are available:

         > Header: Allows to send request in the form of header.

         > Cookie: Allows to send values in the form of cookies.

         > Params: Allows to send values in the form of a query string.

         > Form: While login, it sends the mapped values in the form body. If the custom value attribute is mapped as $password, then during login, the agent replaces it with the actual user password before sending it to the protected application.

         The Form type will only be available for the form-based authentication scheme.

      2. For the Header, Cookie, or Parms authentication type,

         > In the NAME field, enter a name for the attribute.

         > From the VALUE dropdown, select the attribute to be mapped with the header attribute parameter. The Header attribute value represents the login ID of the user on the application and is sent as a part of the authentication process.

         For the Form authentication type, enter the attributes' names and values as given in the below table:

         Type	Name	Value	Additional Information
         Form	j_username	SAS User ID
         Form	j_password	Custom Value	$password

         

         In case of Custom Value, you can enter a value of your choice in the ADDITIONAL INFORMATION field.

         • Click to delete a particular header attribute.
           
         • Click to add another header attribute.

   7. Click Save And Continue.

      

Obtaining the Login URL

The login URL is applicable for the FORM AUTHENTICATION. Perform the following steps to obtain the login URL:

1. In a web browser, enter your Jenkins application URL, https://<Jenkins Server Host>:<Port Number> to open the Jenkins login page.

2. On the login page, go to Browser Settings > Developer Tools.

3. Enter your Jenkins username and password, and click Login.

4. After successful login, under developer tools, go to the Network tab > Headers tab, locate the request which has Status Code 302, and click on it.

5. In the left pane, click on the request name (for example, j_acegi_security_check). In the right pane, you should see Request Method as POST.

6. From the RequestURL field value, extract the highlighted part (in blue color) as shown in the below screenshot. The highlighted part (for example, /j_acegi_security_check) is your login URL.