Integrating Crowd with Atlassian CrowdID
Atlassian CrowdID is a free add-on to Crowd. It gives administrators a secure way to provide OpenID accounts for their users.
When installing Crowd 1.1+ the Crowd Setup Wizard allows you to install CrowdID with Crowd. If you chose to install CrowdID as part of the Setup Wizard, there is no need for further configuration. The CrowdID server will be up and running at http://localhost:8095/openidserver
If you have not already installed CrowdID, follow the instructions below to install it now.
Prerequisites
- Download and install Crowd. Refer to the Crowd installation guide for detailed information on how to do this. We will refer to the Crowd root folder as
CROWD
. - This guide assumes that CrowdID was NOT installed with the installation of Crowd. If CrowdID was installed using the Crowd Setup Wizard, there is no need for further configuration.
Step 1. Configuring Crowd to Talk to CrowdID
1.1 Prepare Crowd's Directories/Groups/Users for CrowdID
The CrowdID application will need to locate users from a directory configured in Crowd. You will need to set up a directory in Crowd for CrowdID. For information on how to do this, see Adding a Directory. We will assume that the directory is called CrowdID Directory for the rest of this document. It is possible to assign more than one directory for an application, but for the purposes of this example, we will use CrowdID Directory to house CrowdID users.
CrowdID also requires an administrator group to exist in the directory. You need to ensure that a crowd-administrators
groups exist in the CrowdID Directory. Any user in this group will have CrowdID administrator access.
The Crowd documentation has more information on creating groups, creating users and assigning users to groups.
1.2 Define the CrowdID Application in Crowd
Crowd needs to be aware that the CrowdID application will be making authentication requests to Crowd. We need to add the CrowdID application to Crowd and map it to the CrowdID Directory.
- Log in to the Crowd Administration Console and navigate to Applications > Add Application.
- Complete the 'Add Application' wizard for the CrowdID application.
- For the Application type select 'Generic Application'
- For Name and Password, the values you specify must match the application.name and application.password that you will set in the
CROWD/crowd-openidserver-webapp/WEB-INF/classes/crowd.properties
file. (See Step 2 below.)
Need more help? See the full instructions for the Add application wizard.
1.3 Specify which Users can Log In to CrowdID
Once Crowd is aware of the CrowdID application, Crowd needs to know which users can authenticate (log in) to CrowdID via Crowd. As part of the 'Add Application' wizard, you will set up your directories and group authorizations for the application. If necessary, you can adjust these settings after completing the wizard. Below are some examples.
You can either allow entire directories to authenticate, or just particular groups within the directories. In our example, we will allow the entire CrowdID Directory to authenticate:
For details please see Specifying which Groups can access an Application.
1.4 Specify the Address from which CrowdID can Log In to Crowd
As part of the 'Add Application' wizard, you will set up CrowdID's IP address. This is the address which CrowdID will use to authenticate to Crowd. If necessary you can add a hostname, in addition to the IP address, after completing the wizard. See Specifying an Application's Address or Hostname.
Step 2. Configuring CrowdID to Talk to Crowd
Edit CROWD/crowd-openidserver-webapp/WEB-INF/classes/crowd.properties
. Change the following properties:
Key | Value |
---|---|
application.name |
|
application.password | The application.name and application.password must match the Name and Password that you specified when you defined the application in Crowd (see Step 1 above). |
application.login.url |
|
crowd.server.url |
|
session.validationinterval | This is the number of minutes between validation requests, when Crowd validates whether the user is logged in to or out of the Crowd SSO server. Set this value to 0 if you want authentication checks to occur on each request. Otherwise set to the required number of minutes between validation requests. Setting this value to 1 or higher will increase the performance of Crowd's integration. |
You can read more about optional settings in the crowd.properties file.
After editing these properties, you must restart your CrowdID container before the changes will take effect.
See CrowdID in Action
- Go to
http://localhost:8095/openidserver
and log in with any user in the CrowdID Directory.
RELATED TOPICS
- Using the Application Browser
- Adding an Application
- Integrating Crowd with Atlassian Bamboo
- Integrating Crowd with Atlassian Confluence
- Integrating Crowd with Atlassian CrowdID
- Integrating Crowd with Atlassian Crucible
- Integrating Crowd with Atlassian FishEye
- Integrating Crowd with Atlassian Jira
- Integrating Crowd with Atlassian Bitbucket
- Integrating Crowd with Acegi Security
- Integrating Crowd with Jive Forums
- Integrating Crowd with Spring Security
- Integrating Crowd with a Custom Application
- Configuring the Google Apps Connector
- Mapping a Directory to an Application
- Effective memberships with multiple directories
- Specifying an Application's Address or Hostname
- Testing a User's Login to an Application
- Enforcing Lower-Case Usernames and Groups for an Application
- Managing an Application's Session
- Deleting or Deactivating an Application
- Overview of SSO
- Configuring Options for an Application
- Enabling OpenID client app
- Disabling the OpenID client app
- Allowing applications to create user tokens
- Configuring how users log in
- Configuring Caching for an Application