Okta expired and can no longer login to jenkins

the okta account i used when setting up okta for login to jenkins has expired
how do i setup jenkins to allow me to login via the local user so i can resetup okta again?

when i go to the jenkins url it auto redirects to this okta page that is now expired

is there a file i can edit to change the auth back to local user? so i can reclaim the jenkins?

please help

thanks

I assume you have shell access to the jenkins home directory. I’m also assuming that you do not use Configuration as Code, as it would rewrite your controller’s configuration.

To fix this issue go to the home directory of the controller, you will find a config.xml file. This is pretty much what store most of the settings you can tune under Manage Jenkins.

First make a backup copy of config.xml, preferably to an other volume.

You will find <useSecurity>true</useSecurity>, replace it with <useSecurity>false</useSecurity> and restart the java process.

Your jenkins instance will now have zero security and anyone reaching it will be an admin (IIRC).

There are safer and more secure approaches such as replacing <securityRealm ...> with something else but if your instance is not on the public internet that should be the fastest way to regain UI access.

Note that the above is mostly from memory, so I might have some details wrong.

For example here is an extract of config.xml on an internal test instance with no Okta integration:

  <useSecurity>true</useSecurity>
  <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
    <denyAnonymousReadAccess>true</denyAnonymousReadAccess>
  </authorizationStrategy>
  <securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
    <disableSignup>true</disableSignup>
    <enableCaptcha>false</enableCaptcha>
  </securityRealm>

I took a look at one of our instances hooked to okta and it uses an additional saml-idp-metadata.xml for the okta details. You might be able to update that directly with the proper okta settings.

this did it, and now am in

thanks a lot!!!