Signing in to CloudBees CD/RO

4 minute readDeveloper productivity

To sign in, copy https://<webHostName>/flow/ into a browser window, then enter your CloudBees CD/RO web host name as the <webHostName>.

One of the following sign-in pages displays, based on the server’s single sign-on (SSO) setting. For information about enabling SSO at your enterprise, refer to Configuring single sign-on for CloudBees Software Delivery Automation.

If you experience page redirect problems during SSO sign in, you can modify the session.cookie_samesite setting by completing the following steps:

  1. Open the /opt/electriccloud/electriccommander/apache/conf/php.ini file.

  2. Change the session.cookie_samesitesetting value to Lax.

  3. Restart your CloudBees CD/RO web server.

SSO enabled

The sample sign-in page below is SSO-enabled with GSuite and Kerberos SSO. Your page may be enabled with other SSO identity providers, such as Okta.

SSO enabled
Figure 1. SSO enabled

From here, use one of the following methods to sign in:

  • Select Sign in with Google: The credentials are authenticated via the Google identify provider, and if successful, you are redirected to the home page.

  • Select Sign in with Kerberos: This system has additionally been enabled with Kerberos SSO. The credentials are authenticated, and if successful, you are redirected to the home page.

  • Enter a Username and Password for local authentication. Then select Sign in. If successful, you are redirected to the home page.

If you do not already have an active session, you are unable to sign in through the CloudBees CD/RO server when the CloudBees CD/RO server is being upgraded. The following message appears on the sign-in screen until the CloudBees CD/RO server upgrade is complete: “Server is starting. Please wait.”

SSO disabled

This sign-in page has SSO disabled:

SSO disabeld
Figure 2. SSO disabled

From here, enter a Username and Password and then select Sign in. If successful, you are redirected to the home page.

For a new installation, the default admin account username is admin, and the password is changeme. You should change the default admin password as soon as possible.

Generate an access token via ectool

You have the ability to generate a secured access token, which allows you to run CloudBees CD/RO API commands. To do this, use your SSO login credentials to generate an access token, then use ectool or curl to execute permission-based CloudBees CD/RO commands, such as "getProjects", at a command line.

Use these steps to generate an access token.

  1. Run the loginSso command.

    ectool loginSso
  2. Copy and paste the sign in URL into a web browser.

    ectool loginSso
    To sign in, use a web browser to open the page https://{webServerHost}/flow/#access-tokens/generate-token
    Type the token here:
  3. Enter your CloudBees CD/RO Web server address as the "webHostName"

    To configure the web server name. Navigate to Administration > Server Settings > System settings. Then enter your CloudBees CD/RO Web Server address into the Web Server Host field.
  4. Login using an SSO method such as SAML, OpenIDConnect, or Kerberos.

    SSO enabled
    Figure 3. SSO sign in
  5. Copy the access token.

    SSO enabled
    Figure 4. SSO User Access Token

Use access token with ectool

Use the generated access token to exectute CloudBees CD/RO API command using ectool.

  1. Use one of the following methods to log in:

    • Paste your generated acess token into Type the token here: field, then press enter.

      SSO enabled
      Figure 5. Paste token here
    • Run the loginSso command in ectool.

      ectool loginSso --token PasteTokenHere
  2. A login response displays.

    SSO enabled
    Figure 6. Token login response
  3. Test your access by running this API command.

    ectool getProjects
  4. A similar API command response displays.

    SSO enabled
    Figure 7. Successful API command response

Review tokens via ectool

An admin user can set default token timeout, minimum token timeout, maximum token time out, and maximum number of tokens per user. Configure these options by navigating to Administration > Server settings > Security settings.

Use these options to view tokens.

Review tokens one of the following ways.

  • View your access token using the token name.

    ectool getUserAccessToken TypeTokenName```
  • View all of your access tokens.

    ectool getUserAccessTokens
  • Admin user can view a user’s token one of following ways:

    • View a user’s token using the token name.

      ectool getUserAccessToken tokenName --userName TypeuserName```
    • View all of a user’s tokens.

      ectool getUserAccessTokens --userName TypeUserName

Modify token name or description via ectool

  • Change the name of your token.

    ectool modifyUserAccessToken --userAccessTokenName TypeCurrentTokenName --newName  TypenNewName
  • Change the description of your token.

    ectool modifyUserAccessToken --userAccessTokenName TypeTokenName --description TypenNewDescription

Revoke access tokens using ectool

Use these options to revoke an access token.

  • Revoke your access token using the token name.

    ectool revokeUserAccessToken tokenName```
  • Revoke all of your tokens.

    ectool revokeUserAccessTokens
  • Admin user can revoke a user’s token one of the following ways:

    • Revoke a user’s token using the token name.

      ectool revokeUserAccessToken tokenName --userName userName```
    • Revoke all of a user’s tokens using the user name.

      ectool revokeUserAccessTokens --userName TypeUserName

Use access token with curl

Use generated access token to execute CloudBees CD/RO API commands using curl.

All curl commands must contain the session ID argument:

--cookie "sessionId=TypeSessionIdHere"
  1. Copy the generated access token.

  2. Use the copied access token argument to run a test curl command.

    curl --cookie "sessionId=TypeSessionIdHere" -k -X GET "https://localhost/rest/v1.0/projects" -H "accept: application/json"