Page MenuHomePhabricator
Create Task
Maniphest T198814

Enable MFA on Jenkins
Closed, DuplicatePublic
Actions

Description

We should look at enabling MFA in Jenkins

I'm guessing there should be some plugins to allow us to do this.

Reference: https://support.cloudbees.com/hc/en-us/articles/216559477-Multi-factor-Authentication

Related Objects

Event Timeline

Reedy created this task.Jul 4 2018, 8:45 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 4 2018, 8:45 PM
Reedy updated the task description. (Show Details)Jul 4 2018, 8:46 PM
hashar added a project: Release Pipeline.Jul 5 2018, 6:06 AM
hashar added a subscriber: hashar.

What is MFA?

Krenair added a subscriber: Krenair.Jul 5 2018, 7:45 AM

https://en.wikipedia.org/wiki/Multi-factor_authentication

hashar updated the task description. (Show Details)Jul 5 2018, 8:03 AM
greg added a subscriber: greg.Jul 6 2018, 7:32 PM

Looks like that linked article actually says that Jenkins doesn't do MFA itself and users of Jenkins should instead integrate Jenkins with a Single Sign-On solution that supports MFA. So this seems blocked on that, correct?

thcipriani removed a project: Release Pipeline.Jul 16 2018, 7:24 PM
thcipriani added a subscriber: thcipriani.Jul 17 2018, 6:30 PM
In T198814#4404361, @greg wrote:

Looks like that linked article actually says that Jenkins doesn't do MFA itself and users of Jenkins should instead integrate Jenkins with a Single Sign-On solution that supports MFA. So this seems blocked on that, correct?

That was my reading of the article as well. After a quick search of Jenkins plugins I didn't find anything related to TOTP, 2-Factor auth, or MFA other than that article.

thcipriani triaged this task as Medium priority.Aug 13 2018, 5:01 PM
greg moved this task from INBOX to Backlog on the Release-Engineering-Team board.Nov 21 2018, 12:34 AM
greg edited projects, added Release-Engineering-Team (Backlog); removed Release-Engineering-Team.
Phabricator_maintenance edited projects, added Release-Engineering-Team-TODO; removed Release-Engineering-Team (Backlog).Jun 12 2019, 11:52 PM
Phabricator_maintenance moved this task from Should be empty (use Release-Engineering-Team) to Later / Need volunteer on the Release-Engineering-Team-TODO board.Jun 12 2019, 11:55 PM
greg added a project: Release-Engineering-Team.Jun 21 2019, 10:35 PM
greg edited projects, added Release-Engineering-Team (CI & Testing services); removed Release-Engineering-Team.Jun 24 2019, 7:51 PM
hashar added a comment.May 19 2020, 1:34 PM

I have read again the blog post which is merely a FAQ entry. There are plugins for SAML, OpenID, Oauth, Google or Github.

We have a tracking / epic task to add single sign on / MFA for every system T189531: All Wikimedia developer services should use single sign-on and some progress at T233921: Further steps for CAS/web SSO

That is not going to be achieved Continuous-Integration-Infrastructure but instead integrate with whatever global solution we end up having. So I am declining in favor of the epic task above.

hashar closed this task as a duplicate of T189531: All Wikimedia developer services should use single sign-on.May 19 2020, 1:34 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL