Skip to content

Latest commit

 

History

History
58 lines (44 loc) · 2.77 KB

INSTALL.md

File metadata and controls

58 lines (44 loc) · 2.77 KB

Okta oauth plugin for GoCD

Requirements

Installation

Copy the file build/libs/okta-oauth-authorization-plugin-VERSION.jar to the GoCD server under ${GO_SERVER_DIR}/plugins/external and restart the server. The GO_SERVER_DIR is usually /var/lib/go-server on Linux and C:\Program Files\Go Server on Windows.

Configuration

!!! Note that the configuration for Okta might be slightly different in case you have a corporate account setup.

Configure Okta API Issuer

  1. Sign in to Okta API credentials
  2. Click on API > Authorization Servers
  3. Click on default as that will be your Authorization Server
  4. Navigate to Scopes > Add Scope
  5. Create a scope with name groups and select Include in public metadata
  6. Navigate to Claims > Add Claim
  7. Create a claim with name groups as following:
    1. Choose the Token type to be: ID Token
    2. Select Value type: Groups
    3. Set the Filter to: Regex and value: .* (there is a dot in there)

Configure Okta Application

  1. Sign in to Okta API credentials
  2. Click on Applications and from there Add Application.
  3. Select type Web.
  4. Fill in the Login redirect URI as follows: https://{your_base_url}/go/plugin/cd.go.authorization.okta/authenticate
  5. Click Save and afterwards change the Initiate login URI to: https://{your_base_url}/go/plugin/cd.go.authorization.okta/login

Create Authorization Configuration

  1. Login to GoCD server as admin and navigate to Admin > Security > Authorization Configuration.
  2. Click on Add to create new authorization configuration.
    1. Specify id for auth config.
    2. Select Okta oauth authorization plugin for GoCD for Plugin id
    3. Specify your Okta API Issuer: https://{your_okta_url}/oauth2/default
    4. Specify Client ID and Client Secret that come from the Application.
    5. Save your configuration and you'll be redirected to GoCD login page.
  3. Click on the Okta button and you should be logged in.

Create Role Configuration

  1. Login to GoCD server as admin and navigate to Admin > Security > Role Configuration.
  2. Click on Add to create new role configuration.
    1. Select Plugin Role as the type of role.
    2. Specify the name of the role in Role name.
    3. (Optional) Use Okta Groups to choose which groups will use this role.
    4. (Optional) Use Okta Users to choose which users will use this role.
  3. All your users matching the criteria will have this role associated with their account in GoCD.