"SAML" plugin fallback to basic

I want to use the “saml” plugin which should be simple enough for us to connect.
My issue is that there is no way of a fallback when SAML breaks. Or is there?

I have looked at the source code (no java expertise here) and could not find any url to fallback to basic user db.
From other SAML integrations I know fallback urls that allow for emergency access when SSO is unavailable or broken.

Is there any way here?

Thanks in advance-

Jenkins only supports one athn and authz method. In theory, a plugin could provide an auth method which configures multiple auth methods. Currently one doesn’t exist.

There is this plugin Mixing Security Realm | Jenkins plugin but it does not seem to work form me and many others.
I have no option to allow the native jenkins user db beside SAML

Ah that’s new since I last looked into it. Good to know. The builtin realm should behave similarly as any other security realm. It might be worthwhile to file a ticket with that project as it might be an oversight.

Hello @cfoellmann and welcome to this community. :wave:

Reading Introducing the Jenkins SAML SSO plugin - Simplifying Authentication for Jenkins Users I can see :

Emergency Backdoor URL Login :sos::
Administrators can use the Backdoor Login URL to log in to their Jenkins account via basic authentication in case of SSO failure. This ensures that you never lose access to your Jenkins admin account

Isn’t it what you’re looking for?

yes, that is what I “want”.
But we are not willing wo pay for this feature. I know people need to get paid for their work but jenkins is only limit to a very small number of users and we are very light users of jenkins (at the moment) so we will stay with internal auth if “all things fail”.

(Easy) Fallback should be a very hard must have in SSO connections. Right?

My bad, I hadn’t seen this wasn’t an OSS plugin. :man_facepalming:

No problemo.

If I had any idea about java I would have a look at the Mixing Security Realm plugin and check for “bugs”. But java is sooo far out of my purview.

I will create an issue on the plugin tracker