Signing in to CloudBees CD/RO

3 minute readDeveloper productivity

To sign in, copy https://<webHostName>/flow/ into a browser window, then enter your CloudBees CD/RO web host name as the "<webHostName>".

One of the following sign-in pages displays, based on the server’s single sign-on (SSO) setting. For information about enabling SSO at your enterprise, refer to Configuring single sign-on for CloudBees Software Delivery Automation.

If you experience page redirect problems during SSO login, modify the session.cookie_samesite setting by:

  1. Opening the /opt/electriccloud/electriccommander/apache/conf/php.ini file.

  2. Changing the session.cookie_samesitesetting value to "Lax".

  3. Restarting your {PROD/UCT} Web server.

SSO enabled

The sample sign-in page below is SSO-enabled with GSuite and Kerberos SSO. Your page may be enabled with other SSO identity providers, such as Okta.

SSO enabled
Figure 1. SSO enabled

From here, use one of the following methods to sign in:

  • Select Sign in with Google: The credentials are authenticated via the Google identify provider, and if successful, you are redirected to the home page.

  • Select Sign in with Kerberos: This system has additionally been enabled with Kerberos SSO. The credentials are authenticated, and if successful, you are redirected to the home page.

  • Enter a Username and Password for local authentication. Then select Sign in. If successful, you are redirected to the home page.

If you do not already have an active session, you are unable to sign in through the CloudBees CD/RO server when the CloudBees CD/RO server is being upgraded. The following message appears on the sign-in screen until the CloudBees CD/RO server upgrade is complete: “Server is starting. Please wait.”

SSO disabled

This sign-in page has SSO disabled:

SSO disabeld
Figure 2. SSO disabled

From here, enter a Username and Password and then select Sign in. If successful, you are redirected to the home page.

For a new installation, the default admin account username is admin, and the password is changeme. You should change the default admin password as soon as possible.

Generate a SSO session ID token

You have the ability to generate a secured session ID token, which allows you to run CloudBees CD/RO API commands. To do this, use your SSO login credentials to generate a session ID token, then use ectool or curl to execute permission-based CloudBees CD/RO commands, such as "getProjects", at a command line.

Use these steps to generate a session ID token.

  1. Run the loginSso command.

    ectool loginSso
  2. Copy and paste the sign in URL into a web browser.

    SSO token web address
    Figure 3. SSO login response web address
  3. Enter your CloudBees CD/RO Web Server address as the "webHostName"

  4. Login using an SSO method such as SAML, OpenIDConnect or Kerberos.

    SSO enabled
    Figure 4. SSO sign in
  5. Copy the session ID token.

    SSO enabled
    Figure 5. SSO User Access Token

Use session ID token with ectool

Use the generated session ID token to exectute CloudBees CD/RO API command using ectool.

  1. Use one of the following methods to log in:

    • Paste your generated session ID token into Type the token here: field, then press enter.

      SSO enabled
      Figure 6. Paste token here
    • Run the loginSso command in ectool.

      ectool loginSso --token PasteTokenHere
  2. A login response displays.

    SSO enabled
    Figure 7. Token login response
  3. Test your access by running this API command.

    ectool getProjects
  4. A similar API command response displays.

    SSO enabled
    Figure 8. Successful API command response

Revoke session ID token using ectool

Use these options to revoke a session ID token.

  • Revoke your session ID token.

    ectool revokeToken
  • Admin user can revoke a user’s token one of the following ways:

    • Revoke a token using the user name.

      ectool revokeToken --userName TypeUserNameHere
    • Revoke a token using the session ID token.

      ectool revokeToken --token TypeUserTokenHere

Use session ID token with curl

Use generated session ID token to execute CloudBees CD/RO API commands using curl.

All curl commands must contain the session ID argument:

--cookie "sessionId=TypeSessionIdHere"
  1. Copy the generated session ID token.

  2. Use the copied session ID token argument to run a test curl command.

    curl --cookie "sessionId=TypeSessionIdHere" -k -X GET "https://localhost/rest/v1.0/projects" -H "accept: application/json"