Crowd 2.6 Release Notes

11th February 2013

The Atlassian Crowd team is pleased to bring you the faster, better-integrated Crowd 2.6.

We've made significant performance improvements to LDAP and Active Directory synchronization for large directories. REST resource improvements give integrated applications more control over SSO sessions. The CrowdID provider now supports OpenID 2.0, with identifier selection to improve your users' experience when authenticating against Crowd.


Highlights of this release:

Crowd 2.6 Upgrade Notes

Responding to your feedback:
(green star) 63 votes satisfied


Faster LDAP and Active Directory synchronization

If your LDAP or Active Directory server contains thousands of users and groups, then you'll be delighted to know that we have sped up directory synchronization. The dialog between Crowd and remote servers has been simplified to request what's needed and avoid redundancy. These changes significantly improve the performance of full synchronizations. In our test environment we synchronized 10,000 users, 1,000 groups and an increasing numbers of memberships. OpenLDAP showed great improvements, and the results with Active Directory are even more impressive:

In tests with Active Directory we've seen directories with huge numbers of memberships go from an hour to ten minutes.

REST resource improvements for SSO sessions

Integrated applications that use SSO sessions now have more control over session lifetimes. Integrated applications can create a short-lived session by specifying a session expiry time when they create a new session token. Combined with the ability to specify additional validation factors, this makes it possible to have many concurrent sessions for the same user, each with its own lifetime. Applications can now retrieve the creation and expiry date and use this information to implement their own expiration policies.

See the Crowd SSO Token Resource for details. Additionally, Crowd now exposes WADL files for its REST API.

OpenID improvements

This release includes a number of improvements to OpenID in the CrowdID server:

  • OpenID 2 support
  • Support for usernames with non-ASCII characters
  • Server-side identifier selection, to save users from entering their OpenID URL

Identifier selection when endpoint URLs are used, along with with a whitelist of trusted consumers, allows for a streamlined experience for users.

Local groups management for LDAP connectors

Administrators can now create directories backed by an LDAP server, but create and manage groups locally in Crowd. This makes it possible to augment the group structure with new groups even with a read-only LDAP server. When local groups are enabled, new groups are created and updated in the Crowd database and not propagated to the LDAP server. Memberships of local groups are also stored locally.

Complete list of improvements and fixes

Key Summary P Status
CWD-1284 Allow local Crowd groups to be associated with LDAP users. Medium Resolved
CWD-1310 Support OpenID 2.0 server-side identifier selection Medium Resolved
CWD-2732 Nested Groups do not work with Delegated Authentication Directory Medium Resolved
CWD-1329 OpenID 2.0 rel attribute should be specified in discovery HTML Medium Resolved
CWD-1860 Retrieve only the necessary attributes when searching for LDAP users and groups Medium Resolved
CWD-2763 Optimize LDAP sync behavior for non-AD structures Resolved
CWD-1666 Facebook interop fails. CrowdId or Facebook to blame? Low Resolved
CWD-2824 Allow username field to be entered automatically based on an OpenID URL Low Resolved
CWD-2943 Don't re-fetch users while fetching memberships during synchronisation Medium Resolved
CWD-1625 REST API could offer list of services for requests sent to the root URL Medium Resolved
CWD-1185 OpenID does not work with non-ascii characters Medium Resolved
CWD-2470 Support OpenID 2.0 and identifier select for a single endpoint URL Medium Resolved
CWD-2665 Installation creates username and groups when it fails to resolve local host name. Medium Resolved
CWD-2713 USNChangedMapper throws NPEs if AD does not return the uSNChanged attribute Low Resolved
CWD-3001 Externalise directory configuration from the database High Resolved
CWD-3000 Support for WebSudo High Resolved
CWD-3058 SearchResource JSON format has changed High Resolved
CWD-3122 Getting names of group memberships for a user in an RFC 2307 directories fails with ClassCastException High Resolved
CWD-3034 Improve Active Directory full synchronisation of memberships Medium Resolved
CWD-2999 Username returned in the /session REST services has incorrect casing Medium Resolved
Showing 20 out of 56 issues Refresh

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport