Skip to content

JumpServer Single Sign-On

Overview

This article describes how to log in to JumpServer through BambooCloud IDaaS.

There are currently two methods: OIDC and CAS. You only need to choose one.

CAS Authentication

JumpServer official CAS documentation

BambooCloud IDaaS Configuration

  1. Add the pre-integrated application JumpServer CAS.

  2. Configure the callback address: http://{jumpserver-access-address}/core/auth/cas/login/?next=%2F

    Application logout address: JumpServer CAS logout address, fill in http://{jumpserver-service-address}//core/auth/cas/logout/

  3. User authorization: Authorization Management > Application Account > Add Account.

JumpServer Configuration

  1. Log in to the console as an administrator, go to System Settings, and select Authentication Settings > CAS Authentication.

  2. Configure parameters and submit.

    ParameterDescription
    Enable CAS AuthenticationCheck to enable CAS authentication
    Server Addresshttps://{BambooCloud IDaaS tenant domain}.bccastle.com/api/ams/cas/
    Proxy Service AddressJumpServer access address
    Version3
    Synchronous LogoutCheck to log out BambooCloud IDaaS session synchronously when logging out of JumpServer
    Username AttributeDefault uid
    Enable Attribute MappingCheck
    User Attribute MappingDefault {"uid":"username"}
    Create User (If Not Exists)Check

Login Verification

  1. Access the JumpServer address and select CAS authentication.

  2. You will be redirected to the BambooCloud IDaaS authentication interface. Authorized users authenticate and log in.

  3. After successful authentication, enter JumpServer.

  4. The administrator views the user.

OIDC Authentication

JumpServer official OpenID documentation

BambooCloud IDaaS Configuration

  1. Add the pre-integrated application JumpServer OIDC.

  2. Configure the callback address.

    ParameterDescription
    Redirect URICallback address, fill in http://{jumpserver-service-address}/core/auth/openid/callback
    LogoutURLFill in http://{jumpserver-service-address}/core/auth/openid/logout/
    Authorization Code ModeEnable
    Implicit Authorization ModeDisable
    *TOKEN Signature AlgorithmRS256
    *Access Token Validity PeriodDefault two hours
    *Refresh Token Validity PeriodDefault 0
  3. User authorization: Authorization Management > Application Account > Add Account.

  4. Enter the application details to obtain clientId and ClientSecret.

  5. Go to Settings > Service Configuration > OIDC to view OIDC settings.

JumpServer Configuration

  1. Log in to the console as an administrator, go to System Settings, and select Authentication Settings > OIDC Authentication.

  2. Configure parameters and submit.

    ParameterDescription
    Enable OIDC AuthenticationCheck
    JumpServer AddressJumpServer access address
    Client IDBambooCloud IDaaS application clientId
    Client SecretBambooCloud IDaaS application clientSecret
    Use KeycloakDo not check
    Endpoint Addresshttps://{BambooCloud IDaaS tenant domain}.bccastle.com/api/v1/oauth2/
    Authorization Endpoint Addresshttps://{BambooCloud IDaaS tenant domain}.bccastle.com/api/v1/oauth2/authorize
    Token Endpoint Addresshttps://{BambooCloud IDaaS tenant domain}.bccastle.com/api/v1/oauth2/token
    JWKS Endpoint Addresshttps://{BambooCloud IDaaS tenant domain}.bccastle.com/api/v1/oauth2/keys
    User Info Endpoint Addresshttps://{BambooCloud IDaaS tenant domain}.bccastle.com/api/v1/oauth2/userinfo
    Logout Session Endpoint Addresshttps://{BambooCloud IDaaS tenant domain}.bccastle.com/api/v1/logout
    Signature AlgorithmRS256
    Signature KeyThe key corresponding to the RS256 algorithm in https://{BambooCloud IDaaS tenant domain}.bccastle.com/api/v1/oauth2/keys
    Connection Scopeopenid
    Token Validity TimeDefault 60
    ClaimsChecked by default
    Usage StatusChecked by default
    Temporary UseChecked by default
    Always Update User InfoChecked by default
    Ignore SSL Certificate VerificationChecked by default
    Share SessionChecked by default

Login Verification

  1. Access the JumpServer address and select OIDC authentication.

  2. You will be redirected to the BambooCloud IDaaS authentication interface. Authorized users authenticate and log in.

  3. After successful authentication, enter JumpServer.

  4. The administrator views the user.

Appendix

If you enter JumpServer by clicking the JumpServer Logo in the BambooCloud IDaaS User Center, the following configuration is required.

CAS

In the BambooCloud IDaaS Enterprise Center, enter the application details Login Configuration > Website Application, modify the Mount URL, copy the CAS address of the JumpServer login page, and paste it here.

OIDC

In the BambooCloud IDaaS Enterprise Center, enter the application details Login Configuration > Website Application, modify the Mount URL, copy the OpenID address of the JumpServer login page, and paste it here.

BambooCloud IDaaS Open Platform