Jan 15, 2015
PINGACCESS IN ACTION Peter Motykowski
Sr. Product Engineering Manager
Copyright © 2014 Ping Identity Corp. All rights reserved. 2
Web & API Access Management
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 3
The 5Ws
Confidential — do not distribute
• Who – users of Jenkins, the continuous integration server • What – Jenkins and PingAccess, PingFederate • When – live! • Where – localhost, because WiFi is unreliable • Why – because we’re tired of signing-in, again • How – using PingAccess as an identity-enabled HTTP reverse
proxy
Copyright © 2014 Ping Identity Corp. All rights reserved. 4
Overview of PingAccess / Jenkins Deployment
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 5
Decomposing the PingAccess / Jenkins scenario
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 6
• HTTP Reverse Proxy deployment, therefore Jenkins is a Site.
• Jenkins is comprised of several URLs that will be defined as Resources within an Application.
• Jenkins is equipped with a plugin[1] for authentication using HTTP Headers via a Reverse Proxy. This is accomplished using Identity Mappings.
[1]https://wiki.jenkins-ci.org/display/JENKINS/Reverse+Proxy+Auth+Plugin
Jenkins
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 7
The PingAccess / Jenkins Deployment recipe
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 8
A Virtual Host, an Identity Mapping, an OpenID Connect Provider (PingFederate), a Web Session, a Site, and an Application. And a dash of PKI and Policy.
Securing the PingAccess / Jenkins Deployment
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 9