Concepts

Added by Justen Stepka, last edited by Sarah Maddox on Aug 28, 2008  (view change) show comment
All Versions
Click for all versions
Crowd 1.5 Documentation

Index

Crowd is an application security framework that handles authentication and authorisation for your web-based applications. With Crowd you can quickly integrate multiple web applications into a single security architecture that supports single sign-on (SSO) and centralised identity management.

Crowd has the following components:

  • The Crowd Administration Console is a clean and powerful web-interface for managing directories, users (known in Crowd as 'principals') and their security rights ('permissions'). Refer to the Crowd Administration Guide for details.
  • The Crowd Self-Service Console allows authorised users to maintain their user profiles and passwords and to view their usernames, groups, roles and applications. Refer to the Crowd User Guide for details.
  • The Crowd integration API provides a platform-neutral way to integrate web applications into a single security architecture. With the integration API, applications can quickly access user information and perform security checks.

Designed for ease of use, Crowd can be deployed with your existing infrastructure. Crowd supports:

See the list of supported applications and directories.

Architectural Overview

Crowd is a middleware application that integrates web applications into a single security architecture, supporting single sign-on and centralised identity management. Crowd works by dispatching authentication and authorisation calls from configured applications to configured directories.

A typical deployment may be similar to the following:

When an application needs to validate a security or authentication request (e.g. when a user attempts to log in to the application) the application will make a simple API call to the Crowd framework, which will then forward the call to the appropriate directory.

About Applications

Crowd integrates and provisions applications. Once defined, an application is mapped to a directory(s), whose users are then granted access to the application. Note that an application can only communicate with Crowd when the application uses a known host address.

About Directories

Crowd supports an unlimited number of user directories. A directory can be one of the following types:
  • Internal to Crowd.
  • Connected to Crowd via an LDAP connector (e.g. for Active Directory), with all authentication and user/group/role management in LDAP.
  • A Crowd internal directory for user/group/role management but with authentication delegated to LDAP (e.g. Active Directory).
  • Connected via a custom directory connector (e.g. for a legacy database).

Once you have defined a directory in Crowd, you can map it to applications. Crowd will then pass authentication and authorisation requests to the directory, for all applications that are mapped to that directory. Modification of directory entities (users, groups and roles) can be done via the Crowd Administration Console or via the application, depending on the application's capabilities.

You can even map multiple directories to an application, providing the application with a single view of multiple directories in a specified order.

RELATED TOPICS

Crowd Documentation

Labels:

crowd crowd Delete
documentation documentation Delete
guide guide Delete
overview overview Delete
framework framework Delete
architecture architecture Delete
middleware middleware Delete
api api Delete
integration integration Delete
directory directory Delete
application application Delete
authentication authentication Delete
authorisation authorisation Delete
single-sign-on single-sign-on Delete
identity identity Delete
concepts concepts Delete
security security Delete
sso sso Delete
login login Delete
provisioning provisioning Delete
Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.