[According to this posting by the lead Jenkins developer, Kohsuke Kawaguchi, in 2009](http://jenkins.361315.n4.nabble.com/Users-Groups-td383878.html), there is no group support for the built-in Jenkins user database. Group support is only usable when integrating Jenkins with LDAP or Active Directory. This appears to be the same in 2012.

However, as Vadim wrote in his answer, you don&#39;t need group support for the built-in Jenkins user database, thanks to the [Role strategy plug-in](https://wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin).


You could use [Role Strategy plugin][1] for that purpose. It works like a charm, just setup some roles and assign them. Even on project-specific level.


  [1]: https://wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin

I installed the Role plugin under Jenkins-3.5, but it does not show the &quot;Manage Roles&quot; option under &quot;Manage Jenkins&quot;, and when one follows the security install page from the wiki, all users are locked out instantly. I had to manually shutdown Jenkins on the server, restore the correct configuration settings (/me is happy to do proper backups) and restart Jenkins.

I didn&#39;t have high hopes, as that plugin was last updated in 2011

I am trying to center a image horizontally using css.

I am displaying my image on the screen with the following HTML code:

    &lt;div id=&quot;loading&quot; class=&quot;loading-invisible&quot;&gt;  
        &lt;img class=&quot;loading&quot; src=&quot;logo.png&quot;&gt;
    &lt;/div&gt;

I am croping my image as I only want to display some of the image and I am using the following css:

    img.loading 
    {
    position:absolute;
    clip:rect(0px,681px,75px,180px);
    }

however I can&#39;t work out how to center the image once it has been croped.

Anyone able to help ?

Center an image horizontally using CSS

In the Chrome developer panel, this tool...

![enter image description here][1]

lets you select elements and go directly to them in the DOM view, and see their CSS attributes.

Safari has the same tool.

Is there a keyboard shortcut to activate that tool (once you have the panel open)?


  [1]: http://i.stack.imgur.com/wUTvM.jpg

In the Chrome developer panel, is there a keyboard shortcut for the element selector?

I choose to use &quot;Jenkins&#39;s own user database&quot; security realm for user login as I couldn&#39;t use LDAP in my company.  And Google&#39;s OpenID has issue when you decided to change the hostname or port number to something else.

And I use &quot;Project-based Matrix Authorization Strategy&quot; schema for my security.

But I don&#39;t seem to able to create my own group, and add users to the group to manage the permission.

How to create and add users to a group in Jenkins for authentication?

I choose to use "Jenkins's own user database" security realm for user login as I couldn't use LDAP in my company. And Google's OpenID has issue when you decided to change the hostname or port number to something else.
And I use "Project-based Matrix Authorization Strategy" schema for my security.
But I don't seem to able to create my own group, and add users to the group to manage the permission.

I&#39;m designing a web site that will have a mobile companion (initally iPhone only). The web site will be an ASP.Net MVC 3 application. I&#39;ll also have an ASP.Net Web API site (MVC 4) to expose services to the iPhone application. The iPhone app will have its own form to capture username and password from the user and send that to the web API in JSON headers.

I want to consider security from the start rather than an after thought. *I&#39;m not a security expert by any means.* I&#39;ve done a good deal of research to see how other&#39;s are handling authentication of a mobile application client from a web service. I think I&#39;ve come up with a decent solution that doesn&#39;t involve hooking into to third party oAuths.

I would greatly appreciate any and all opinions, advice, criticism and general WTFs that any of you can offer. :)

My biggest concerns are:
&lt;ol&gt;
&lt;li&gt;Ensuring that calls made to the web API are authorized&lt;/li&gt;
&lt;li&gt;Minimizing the risk of replay attacks (hence timestamps in the calls below)&lt;/li&gt;
&lt;/ol&gt;

The iPhone app will be developed as such:&lt;br&gt;
*Two strings are hard-coded into the iPhone app (same values for every user):*
&lt;ol&gt;
&lt;li&gt;&lt;b&gt;Application ID&lt;/b&gt;&lt;br&gt;This is a string that is used to identify the type of client that is accessing the web API (iPhone, Android, Windows phone, etc).&lt;/li&gt;&lt;br&gt;
&lt;li&gt;&lt;b&gt;Application&#39;s Hashing Salt&lt;/b&gt;&lt;br&gt;This is a string that is used to salt hashes for user-agnostic requests.&lt;/li&gt;
&lt;/ol&gt;
*Two strings are stored in the iPhone app&#39;s local database (values unique to each user):*
&lt;ol&gt;
&lt;li&gt;&lt;b&gt;API User Access Token&lt;/b&gt;&lt;br&gt;This is a string (token) provided to the client by the web API upon successful authentication and allows the client to access the web API without sending the username and password in each request.&lt;br&gt;&lt;/li&gt;

&lt;li&gt;&lt;b&gt;User&#39;s Hashing Salt&lt;/b&gt;&lt;br&gt;This is a string that is used to salt hashes for requests made against established user accounts.&lt;/li&gt;
&lt;/ol&gt;
&lt;br&gt;
&lt;br&gt;
The iPhone will make calls to the web API in the following manner:&lt;br&gt;&lt;br&gt;
&lt;b&gt;API Method: Create Account&lt;/b&gt;&lt;br&gt;
Client Sends:
&lt;ul&gt;
&lt;li&gt;New Account Data (Username, Password, First Name, Last Name, etc..)&lt;/li&gt;
&lt;li&gt;Application ID&lt;/li&gt;
&lt;li&gt;UTC Timestamp&lt;/li&gt;
&lt;li&gt;Hash of UTC Timestamp + Application ID salted with Application&#39;s Hashing Salt&lt;/li&gt;
&lt;/ul&gt;
API Returns:
&lt;ul&gt;
&lt;li&gt;New User&#39;s Hashing Salt&lt;br&gt;&lt;br&gt;The idea here is that, when creating an account, I can use the application&#39;s hardcoded salt since it&#39;s not a huge security risk if that salt ever got out (through decompilation or some other means).&lt;br&gt;&lt;br&gt;
But for methods that access and modify the user&#39;s data I&#39;ll use a salt that is owned only by that user so it can&#39;t be used by an attacker to impersonate others.&lt;/li&gt;
&lt;/ul&gt;
&lt;br&gt;
&lt;b&gt;API Method: Get Account&lt;/b&gt;&lt;br&gt;(Used for getting user&#39;s hashing salt for accounts that were created on the web site but haven&#39;t yet been synced on the iPhone. This happens when a user tries to log in on the iPhone and iPhone detects that it has no record for that username.)&lt;br&gt;
&lt;br&gt;
Client Sends:
&lt;ul&gt;
&lt;li&gt;Username&lt;/li&gt;
&lt;li&gt;Password (hashed with Application&#39;s Hashing Salt)&lt;/li&gt;
&lt;li&gt;Application ID&lt;/li&gt;
&lt;li&gt;UTC Timestamp&lt;/li&gt;
&lt;li&gt;Hash of UTC Timestamp + Application ID salted with Application&#39;s Hashing Salt&lt;/li&gt;
&lt;/ul&gt;
API Returns:
&lt;ul&gt;
&lt;li&gt;Existing User&#39;s Hashing Salt&lt;/li&gt;
&lt;/ul&gt;
&lt;br&gt;
&lt;b&gt;API Method: Log In (Authenticate)&lt;/b&gt;&lt;br&gt;
Client Sends:
&lt;ul&gt;
&lt;li&gt;Username&lt;/li&gt;
&lt;li&gt;Password (hashed with User&#39;s Hashing Salt)&lt;/li&gt;
&lt;li&gt;Application ID&lt;/li&gt;
&lt;li&gt;UTC Timestamp&lt;/li&gt;
&lt;li&gt;Hash of UTC Timestamp + Application ID salted with User&#39;s Hashing Salt&lt;/li&gt;
&lt;/ul&gt;
API Returns:
&lt;ul&gt;
&lt;li&gt;API User Access Token&lt;/li&gt;
&lt;/ul&gt;
&lt;br&gt;
&lt;b&gt;API Method: Any Command (i.e. Create Post, Update Profile, Get Messages, etc...)&lt;/b&gt;&lt;br&gt;
Client Sends:
&lt;ul&gt;
&lt;li&gt;Command Data&lt;/li&gt;
&lt;li&gt;API User Access Token&lt;/li&gt;
&lt;li&gt;Application ID&lt;/li&gt;
&lt;li&gt;UTC Timestamp&lt;/li&gt;
&lt;li&gt;Hash of UTC Timestamp + Application ID + API User Access Token salted with User&#39;s Hashing Salt&lt;/li&gt;
&lt;/ul&gt;

Authenticating requests from mobile (iPhone) app to ASP.Net Web API (Feedback requested on my design)

I have a mobile app (currently IOS and soon Android) which talks to a web service. There is no login and the data is not private. Basically, the app POSTs a marker (lon, lat) and GETs the nearest 25 markers to display on a map.

It&#39;s a very trivial app and I cannot imagine anyone putting great effort into abusing the web service. However, I can see there is fun for someone in POSTing many markers. What most concerns me is someone running a script that pushes many requests (using expensive bandwidth and making nonsense of my app data).

I am slowly reaching the conclusion this cannot be secure. The best answer is &quot;do not do this&quot;. Do not provide a web service without authentication. Not many services are so open. Google&#39;s You Tube API is open but most are not. Unfortunately, I have no choice. So after days of looking at this here&#39;s my thinking. Be aware I am very far from a security expert and I am confident my approach could be improved upon. But it might point you in the right direction. Hopefully, someone more experienced might chime in and correct/improve upon this. I found [this article][1] and comments particularly helpful.

**Message Level Security**

I will secure the msgs with a hash encryption. The clients and web service all retain a copy of a shared secret which is used as a salt to create a hash from the URL and all the POST arguments. The hash is passed as an additional argument and the hash is rebuilt and compared at the other end (using the shared key as a salt). This is pretty good until you understand that any mobile client code can be reverse engineered in minutes. At which point this line of defense is utterly useless.

**Client Measures**

The client includes rate limiting of messages as a measure to restrict the number of messages sent by honest users. Yet again this is useless against an attacker who jailbreaks the mobile device.

**Server Side Security**

So the server side must have as much additional security measures as possible, to stand alone on the assumption that your client (and shared secret) is compromised. Here is what I have:

One msg arg is a UTC time which is used to limit replay attacks. This should prevent an attacker from firing the same msg at the server repeatedly.

The server performs rate limiting by IP. Yes, IPs are easily spoofed and proxy switching is childs play but everything helps when you have so little.

Of course, the server strictly validates all arguments, uses parametised queries and doesn&#39;t return exceptions.

**Transport Level Security**

Unfortunately, I am fairly confident that issuing individual client SSL certs is not possible without a registration process. And because I am using the msg hash check (and my data is not private) I am not entirely sure what SSL brings to the table. However, I will probably use SSL (with one app wide cert) because it adds another level of security that is easily and cheaply deployed (albeit at a cost of additional connection time for every msg).

**The Gaping Great Big Hole In My Approach**

I am warned that should the app become popular that someone will compromise the shared secret on the client. Just because they can and they will probably post it on the internet. So really it all comes down to the server side. Unfortunately, *I have no way to identify and block an attacker*. This I would dearly love. 

**A Final Plea**

After days of research this is all I have. But I want more. I would particularly appreciate any ideas to beef up the server side. So, I have put all my SO points up as a bounty. Yes sir, all 97 points! 

  [1]: http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/

How To Secure Web Service Without Login

I am looking on how how to obtain the location of `cacerts` of the default java installation, when you do not have `JAVA_HOME` or `JRE_HOME` defined.

I need a solution that works at least for `OS X` and `Linux`.

Yes. `java -v` is assumed to work :)

How to obtain the location of cacerts of the default java installation?

I recently had to set `Access-Control-Allow-Origin` to `*` in order to be able to make cross-subdomain AJAX calls. I feel like this might be a security problem. What risks am I exposing myself to if I keep the setting?

What security risks exist when setting Access-Control-Allow-Origin to accept all domains?

For basic authentication I have implemented a custom `HttpMessageHandler` based on the example shown in Darin Dimitrov&#39;s answer here: https://stackoverflow.com/a/11536349/270591

The code creates an instance `principal` of type `GenericPrincipal` with user name and roles and then sets this principal to the current principal of the thread:

    Thread.CurrentPrincipal = principal;

Later in a `ApiController` method the principal can be read by accessing the controllers `User` property:

    public class ValuesController : ApiController
    {
        public void Post(TestModel model)
        {
            var user = User; // this should be the principal set in the handler
            //...
        }
    }

This seemed to work fine until I recently added a custom `MediaTypeFormatter` that uses the `Task` library like so:

    public override Task&lt;object&gt; ReadFromStreamAsync(Type type, Stream readStream,
        HttpContent content, IFormatterLogger formatterLogger)
    {
        var task = Task.Factory.StartNew(() =&gt;
        {
            // some formatting happens and finally a TestModel is returned,
            // simulated here by just an empty model
            return (object)new TestModel();
        });
        return task;
    }

(I have this approach to start a task with `Task.Factory.StartNew` in `ReadFromStreamAsync` from some sample code. Is it wrong and maybe the only reason for the problem?)

Now, &quot;sometimes&quot; - and for me it appears to be random - the `User` principal in the controller method isn&#39;t the principal anymore I&#39;ve set in the MessageHandler, i.e. user name, `Authenticated` flag and roles are all lost. The reason seems to be that the custom MediaTypeFormatter causes a change of the thread between MessageHandler and controller method. I&#39;ve confirmed this by comparing the values of `Thread.CurrentThread.ManagedThreadId` in the MessageHandler and in the controller method. &quot;Sometimes&quot; they are different and then the principal is &quot;lost&quot;.

I&#39;ve looked now for an alternative to setting `Thread.CurrentPrincipal` to somehow transfer the principal safely from the custom MessageHandler to the controller method and in [this blog post][1] request properties are used:

    request.Properties.Add(HttpPropertyKeys.UserPrincipalKey,
        new GenericPrincipal(identity, new string[0]));

I wanted to test that but it seems that the `HttpPropertyKeys` class (which is in namespace `System.Web.Http.Hosting`) doesn&#39;t have a `UserPrincipalKey` property anymore in the recent WebApi versions (release candidate and final release from last week as well).

My question is: How can I change the last code snippet above so that is works with the current WebAPI version? Or generally: How can I set the user principal in a custom MessageHandler and access it reliably in a controller method?

**Edit**

It is mentioned [here][2] that &quot;`HttpPropertyKeys.UserPrincipalKey` ... resolves to `“MS_UserPrincipal”`&quot;, so I tried to use:

    request.Properties.Add(&quot;MS_UserPrincipal&quot;,
        new GenericPrincipal(identity, new string[0]));

But it doesn&#39;t work as I expected: The `ApiController.User` property does not contain the principal added to the `Properties` collection above.

  [1]: http://sixgun.co.uk/blog/2012/02/29/asp-net-web-api-basic-authentication/
  [2]: http://leastprivilege.com/2012/03/08/asp-net-webapi-security-2-identity-architecture/

How can I safely set the user principal in a custom WebAPI HttpMessageHandler?

Is there an easy way to test the credentials of a user against an LDAP instance?  I know how to write a Java program that would take the &#39;User DN&#39; and password, and check it against the LDAP instance.  However is there any easier way?  Specially a method that not only authenticates the user, but also lists all the user&#39;s roles.

Easy way to test an LDAP User&#39;s Credentials

I have a search query in LDAP like this. What exactly does this query mean?

    (&quot;CN=Dev-India,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com&quot;);


What are CN, OU, DC in an LDAP search?

Can anyone let me know if querying Active Directory server using ldapsearch, ldapadd, ldapdelete, etc. utilities is possible or not?

Querying Windows Active Directory server using ldapsearch from command line

&gt; LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

I know &quot;52e&quot; code is when username is valid, but password is invalid. I am using the same user  name and password in my apache studio, I was able to establish the connection succesfully to LDAP.

**Here is my java code** 

        String userName = &quot;*******&quot;;
        String password = &quot;********&quot;;
        String base =&quot;DC=PSLTESTDOMAIN,DC=LOCAL&quot;;
        String dn = &quot;cn=&quot; + userName + &quot;,&quot; + base;  
        Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY,&quot;com.sun.jndi.ldap.LdapCtxFactory&quot;);
        env.put(Context.PROVIDER_URL, &quot;ldap://******&quot;);
        env.put(Context.SECURITY_AUTHENTICATION, &quot;simple&quot;);
        env.put(Context.SECURITY_PRINCIPAL, dn);
        env.put(Context.SECURITY_CREDENTIALS, password);
        LDAPAuthenticationService ldap = new LDAPAuthenticationService();
       // LdapContext ctx;
        DirContext ctx = null;
        try {
            ctx = new InitialDirContext(env);



**My error is on this line**: `ctx = new InitialDirContext(env);`

I do not know what exactly is causing this error. 

LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

I have found a lot of information from the past saying that [LDAP authentication isn&#39;t enabled yet but you can get around that using third party packages.][1]
However, it seems that LDAP authentication WAS [implemented back in January][2]. I can&#39;t seem to find any information on HOW to implement it.

I already have [custom authentication][3] set up in my project, I just need the logic to fill in the `HandleAuthenticateAsync` method.

I have tried using [other examples][4], but they don&#39;t seem to work with .NET Core 2.0.

Here is the only relevant code that I have that I can think of posting

    protected override Task&lt;AuthenticateResult&gt; HandleAuthenticateAsync()
    {
        // Get Authorization header value
        if (!Request.Headers.TryGetValue(HeaderNames.Authorization, out var authorization)) {
            return Task.FromResult(AuthenticateResult.Fail(&quot;Cannot read authorization header.&quot;));
        }

        // TODO: Authenticate user

        // Create authenticated user ticket
        var identities = new List&lt;ClaimsIdentity&gt; { new ClaimsIdentity(&quot;custom auth type&quot;) };
        var ticket = new AuthenticationTicket(new ClaimsPrincipal(identities), Options.Scheme);

        return Task.FromResult(AuthenticateResult.Success(ticket));

        // else User not authenticated
        return Task.FromResult(AuthenticateResult.Fail(&quot;Invalid auth key.&quot;));
    }

So, my question is, how do I implement LDAP Authentication in .NET Core 2.0?

  [1]: https://nicolas.guelpa.me/blog/2017/02/15/dotnet-core-ldap-authentication.html
  [2]: https://github.com/aspnetboilerplate/aspnetboilerplate/issues/2755
  [3]: https://stackoverflow.com/a/46118528/3103633
  [4]: https://stackoverflow.com/q/11561689/3103633

ASP.NET Core 2.0 LDAP Active Directory Authentication

I need to run a shell script in Jenkins as root instead of the default user. What do I need to change?

My sudoers file is like this:

    # User privilege specification
    root    ALL=(ALL) ALL
    igx     ALL=(ALL) ALL
    %wheel  ALL=(ALL) ALL
    
    # Allow members of group sudo to execute any command
    # (Note that later entries override this, so you might need to move
    %sudo   ALL=(ALL) ALL
    #
    #includedir /etc/sudoers.d
    
    # Members of the admin group may gain root privileges
    %admin  ALL=(ALL) NOPASSWD:ALL
    root    ALL=(ALL) ALL
    jenkins ALL=NOPASSWD: /var/lib/jenkins/workspace/ing00112/trunk/source/
    jenkins ALL=(ALL) NOPASSWD:ALL
    #Defaults:jenkins !requiretty

How to run a script as root in Jenkins?

I&#39;m currently trying to automate Django tests using Hudson CI, and am struggling to find an option that will automatically destroy the test database if it already exists (typically it will ask for confirmation to destroy it, which the automatic testing obviously cannot provide for).

Any suggestions would be much appreciated!

Cheers,
R

How to automatically destroy django test database

The horror stories I found while searching for an answer for this one...

OK, I have a .sh script which pretty much does everything Jenkins supposed to do:

 - checks out sources from SVN
 - build the project
 - deploys the project
 - cleans after itself

So in Jenkins I only have to &#39;build&#39; the project by running the script in an Execute Shell command.
 The script is ran (the sources are downloaded, the project is build/deploy) but then it marks the build as a failure:
Build step &#39;Execute shell&#39; marked build as failure
Even if the script was successfully ran! I tried closing the script with:

 - exit 0 (still marks it as failure)
 - exit 1 (marks it as failure, as expected)
 - no exit command at all (marks it as failure)

When, how and why does Execute Shell mark my build as a failure?

How/When does Execute Shell mark a build as failure in Jenkins?

Recently, in our company, we decided to use _Ansible_ for deployment and continuous integration. But when I started using Ansible I didn&#39;t find modules for building Java projects with Maven, or modules for running JUnit tests, or JMeter tests. 

So, I&#39;m in a doubtful state: it may be I&#39;m using Ansible in a wrong way. 

When I looked at Jenkins, it can do things like build, run tests, deploy. The missing thing in Hudson is creating/deleting an instance in cloud environments like AWS.

So, in general, for what purposes do we need to use Ansible/Jenkins? For CI do I need to use a combination of Ansible and Jenkins?

Please throw some light on correct usage of Ansible. 

Is Ansible a replacement for a CI tool like Hudson/Jenkins?

Does anyone know how to increase the the timeout window before Jenkins logs out a user?  I&#39;m looking to raise it to 1 day or so.

I work in and out jenkins all day and we keep getting logged out between running of jobs.  Added to this frustration, the &#39;stay logged in&#39; checkbox doesn&#39;t seem to work either.

Increase the Jenkins login timeout

We have a website where the *only* way to login and authenticate yourself with the site is with Facebook (this was not my choice). The first time you login with Facebook, an account gets automatically created for you.

We now want to create an iPhone application for our site and also a public API for others to use our service.

This question is about how to authenticate with our website from the app/API and is broken into 2 parts:

1. What is the correct way to handle REST authentication from an API to a website which only uses Facebook OAuth as an authentication method?

 I have read and researched a lot about standard methods of authentication for REST API. We can&#39;t use such methods as [Basic Auth over HTTPS][1], as there are no credentials for a user as such. Something like [this][2] seems to be only for authenticating applications using the API.

 Currently, the best way I can think is you hit an /authorize end-point on our API, it redirects to Facebook OAuth, then redirects back to the site and provides a &#39;token&#39; which the user of the API can use to authenticate subsequent requests.

2. For an official application that we create, we wouldn&#39;t necessarily need to use the public API in the same way. What would be the best way then to talk to our website and authenticate users?

I understand (I think) how to authenticate 3rd-party applications that are using our API, using API (public) keys and secret (private) keys. However, when it comes to authenticating the user who is using the app, I am getting rather confused about how to go about it when the only way we have to authenticate a user is Facebook.

I feel like I&#39;m missing something very obvious, or don&#39;t fully understand how public REST APIs should work, so any advice and help would be greatly appreciated.


  [1]: https://stackoverflow.com/questions/7919533/rest-api-authentication-tokens
  [2]: http://acaasia.blogspot.com/2013/04/designing-secure-rest-web-api-without.html

REST API for website which uses Facebook for authentication

IdentityServer supports different OpenId Connect flows that are defined in the [Flows](https://github.com/IdentityServer/IdentityServer3/blob/4a44a9f03879c85bbba50cc04c55fc4311436c1a/source/Core/Models/Enums.cs#L38-L69) enum and set for clients. There&#39;s also samples for each type of flow and many references to them in the docs but I could not find a simple definition list of what flows are in the [documentation](https://identityserver.github.io/Documentation/docs/) as if they are too obvious to explain in words. But I guess they&#39;re not. Can you please tell more about the differences of these, maybe we can add that to the docs?

So what are: **implicit** flow, **resource owner password credential** flow, **authorization code** flow, **client credentials** flow, **custom grant** flow, and **hybrid** flow? Also which ones are OAuth flows and which ones are OpenID Connect flows?

Thanks!

IdentityServer Flows

I am using [IdentityServer4][1].

I want to add other custom claims to access token but I&#39;m unable to do this. I have modified Quickstart5 and added ASP.NET Identity Core and the custom claims via ProfileService as suggested by Coemgen [below][2].

You can download my code here: [zip package][3]. (It is based on: [Quickstart5][4] with ASP.NET Identity Core and added claims via ProfileService).
 
Issue: GetProfileDataAsync does not executed.

  [1]: https://identityserver4.readthedocs.io/en/release/
  [2]: https://stackoverflow.com/a/44795605/103264
  [4]: https://github.com/IdentityServer/IdentityServer4.Samples/tree/release/Quickstarts/5_HybridFlowAuthenticationWithApiAccess

How to add custom claims to access token in IdentityServer4?

I do not want new users to be able to sign up. So in Jenkin&#39;s Configuration, I disabled &quot;Allow users to sign up&quot; with using Jenkin&#39;s own user database.

But how can I manually add users now?
Also, is there a default admin user I should take care of?

Add Users to Jenkins with &quot;Allow users to sign up&quot; Disabled

In Jenkins, is there a way to give different timeouts to each or selected build step?  
Build-time plugin out gives functionality of timeout &quot;Abort the build if it&#39;s stuck&quot; on complete project, what I need is to give different timeouts for each step. This way I can make my process more efficient.

Timeout on a Build Step of Jenkins

For Jenkins using a Groovy System Script, is there a way to easily search the build queue and list of executing builds for some criteria (specifically a parameter that matches some condition) and then kill/cancel them? 

I cannot seem to find any way to do this, but it seems like it should be possible.

Cancel queued builds and aborting executing builds using Groovy for Jenkins

I am from Ukraine.  
When I open Jenkins in the browser I see all the UI in Russian.  
I am running Jenkins on Windows.  

However - there is no Russian in Windows configuration &quot;Region and Settings&quot;.
Format - English(United States).
Location - United States.
Only the Timezone is Ukrainian - UTC +02:00.

Is it possible to force Jenkins to show the UI in English language?

PS.
I did not have such a problem with Hudson before.

[Locale Plugin][1] helped to change the default locale to English.

  [1]: https://wiki.jenkins-ci.org/display/JENKINS/Locale+Plugin

I changed the language in the configuration of Chrome and now Jenkins is in English :)

Content Type	Original Author	Original Content on Stackoverflow
Question	xbeta	View Question on Stackoverflow
Solution 1 - Security	Steve HHH	View Answer on Stackoverflow
Solution 2 - Security	Vadim Kotov	View Answer on Stackoverflow
Solution 3 - Security	Tux	View Answer on Stackoverflow

How to create and add users to a group in Jenkins for authentication?

Security Problem Overview

Security Solutions

Solution 1 - Security

Solution 2 - Security

Solution 3 - Security

In the Chrome developer panel, is there a keyboard shortcut for the element selector?

Center an image horizontally using CSS

Attributions