Check on SAML plugin #221
Comments
|
oic-auth plugin seems more active since. |
By 1 single contributor unfortunately, and 0 public track record that they would handle a security issue properly. Given the criticality of the provided feature, I'd still put my bet on the SAML plugin as it's being maintained by CloudBees (and commercial support probably being sold on it). |
|
IMO only one contributor is fine there are so many open-source projects with so few contributors. I preferred look at the repository activity, commits, tags, but also answers in issues which is the case. In term of security the plugin mainly rely on google-oauth-client, but yes security hole can exist, even in a saml plugin. I would never bet on SAML, when most companies are trying to get ride of it. It's only a matter of time. 🤞 |
https://plugins.jenkins.io/saml/
https://support.cloudbees.com/hc/en-us/articles/227202668-SAML-Plugin-Basics
This could replace direct ldap connection. Allows Jenkins setup outside of LAN where LDAP is reachable. Plugin is supported by Cloudbees whereas OPenIDConnect plugin (https://plugins.jenkins.io/oic-auth/) is more or less dead (no update in 2y).
The text was updated successfully, but these errors were encountered: