Grab latest version of plugin from link and install it to Teamcity following https://confluence.jetbrains.com/display/TCD10/Installing+Additional+Plugins
Plugin support authentication using:
-
GitHub
-
Bitbucket
-
Google
-
Azure Active Directory
-
any custom oAuth server
Login as administrator and go to Administration > Authentication
Switch to advanced mode and add module HTTP-OAUTH.v2.
You need to specify your client id, client secret and scope.
If you want to use GitHub you need an application to be created https://github.com/settings/applications/new. Authorization callback URL
should be homepage of TeamCity.
You should use the user
scope for github
-
OAuth 2.0 authorization endpoint should be https://git.yourcompany.com/login/oauth/authorize
-
OAuth 2.0 token endpoint should be https://git.yourcompany.com/login/oauth/access_token
-
OAuth 2.0 user endpoint should be https://git.yourcompany.com/api/v3/user Note that the api endpoint will be specific to your implication. It could be something like https://api.yourgit.com/user as well
-
Client Id, Client Secret, and scope are all equivalent of the github applcation above
-
Also, like above, when you create your github oauth applicaiton, your authorization callback url is just https://teamcity.yourcompany.com/
You should create an application in Azure: https://apps.dev.microsoft.com. You need to set Redirect URLs
to the homepage of TeamCity.
You should use the openid https://graph.microsoft.com/user.read
scope for Azure
Note that by default, any Microsoft live account can register with OAuth. To restrict this to a specific Active Directory instance, (find your tenant ID)[https://support.office.com/en-us/article/find-your-office-365-tenant-id-6891b561-a52d-4ade-9f39-b492285e2c9b], select Preset: Custom
and use the following endpoints:
Authorization: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize
Token: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
User: https://graph.microsoft.com/v1.0/me
If you don’t enable "Allow creating new users on the first login" only users that already exist in Teamcity can login. It means that you need account with the same name as user login name in oauth.
If you specify an "Email Domain", only users whose email is at that domain will be able to log in.
If you specify a value in "Organizations", only users with the specified organizations will be authenticated. You can specify more than one organization by separating them with a comma.
You can decide if you want to hide user/password form on login screen (worth leaving unchecked when you test it).
You can consider to disable also "Allow user registration from the login page" in "Built-in" module.
Save and test out.
Login at your Teamcity host.
Plugin can be build and deployed by gradle deployToTeamcity
Teamcity instance for testing can be setup by docker-compose up