Configuring FishEye earlier than 4.0 with Crowd

Integrating Crowd with Atlassian FishEye

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

You can use Crowd to provide external authentication and authorization for Atlassian's FishEye source-repository viewer.

Crowd supports centralized authentication and single sign-on (SSO) for FishEye versions 1.3.1 up to 3.10. If you are using FishEye 4.0 or later, see Integrating Crowd with Atlassian FishEye.

Crucible and FishEye

If you are using Atlassian's Crucible code review tool, you will need to follow the instructions below on integrating Crowd with FishEye. If you have the standalone version of Crucible without FishEye (available from Crucible 1.6), please follow the instructions below to set up the Crowd directory and application for Crucible instead of FishEye. If preferred, you can change the name of your Crowd application and directory to 'Crucible' rather than 'FishEye'. Then follow the further instructions to integrate Crowd with Crucible.

On this page:

Prerequisites

  1. Download and install Crowd. Refer to the Crowd installation guide for detailed information on how to do this. We will refer to the Crowd root folder as CROWD.
  2. Download and install FishEye. Refer to the FishEye Installation Guide for detailed information on how to do this. We will refer to the FishEye root folder as FISHEYE.
    (info) If you have the standalone version of Crucible (available from Crucible 1.6), there is no need to download or install FishEye.
  3. After FishEye is set up, make sure FishEye is not running when you begin the integration process described below.

Crowd Client JAR

Please make sure you use the default Crowd client JAR that ships with FishEye. In particular, FishEye is not compatible with the crowd-integration-client-2.0.7.jar that is bundled with Crowd 2.0.7. See the Crowd 2.0.7 Release Notes.

Step 1. Configuring Crowd to talk to FishEye

1.1 Prepare Crowd's directories/groups/users for FishEye

The FishEye application will need to authenticate users against a directory configured in Crowd. You will need to set up a directory in Crowd for FishEye. For more information on how to do this, see Adding a Directory. We will assume that the directory is called FishEye Directory for the rest of this document. It is possible to assign more than one directory for an application, but for the purposes of this example, we will use FishEye Directory to house FishEye users.

If you wish to use Crowd groups to control access to your FishEye repositories, you should set up your groups in Crowd. See the documentation on Creating Groups for more information on how to define these groups.

Use Crowd to create at least one user in the FishEye Directory. If you are using groups, assign your user(s) to the appropriate groups. The Crowd documentation has more information on creating users and assigning users to groups.

1.2 Define the FishEye application in Crowd

Crowd needs to be aware that the FishEye application will be making authentication requests to Crowd. We need to add the FishEye application to Crowd and map it to the FishEye Directory:

  1. Log in to the Crowd Administration Console and navigate to Applications > Add Application.
  2. Complete the 'Add Application' wizard for the FishEye application. See the instructions. (info) The Name and Password values you specify in the 'Add Application' wizard must match the Application name and Application password that you will set in FishEye's 'Crowd Authentication Settings' screen. (See Step 2 below.)

1.3 Specify which users can log in to FishEye

Once Crowd is aware of the FishEye application, Crowd needs to know which users can authenticate (log in) to FishEye via Crowd. As part of the 'Add Application' wizard, you will set up your directories and group authorizations for the application. If necessary, you can adjust these settings after completing the wizard. Below are some examples.

You can either allow entire directories to authenticate, or just particular groups within the directories. In our example, we will allow the entire FishEye Directory to authenticate:


If you wish to authorize specific groups only, please see Mapping a Directory to an Application and Specifying which Groups can access an Application.

1.4 Specify the address from which FishEye can log in to Crowd

As part of the 'Add Application' wizard, you will set up FishEye's IP address. This is the address which FishEye will use to authenticate to Crowd. If necessary you can add a hostname, in addition to the IP address, after completing the wizard. See Specifying an Application's Address or Hostname.

Step 2. Configuring FishEye to talk to Crowd

(warning) The instructions below are for FishEye 1.4.x – 3.10

2.1 Change the details of your existing FishEye users

If you have an existing FishEye installation with existing built-in users, please do the following for each username in FishEye:

  • Change the account type from built-in to crowd. This is required for the new authorization through Crowd to work properly. For details please see the FishEye documentation.
  • Ensure that the username in FishEye is the same as in Crowd. If necessary, rename the user in FishEye. See the FishEye documentation for details.

2.2 Configure FishEye to use Crowd's authenticator

  1. Log in to the FishEye Administration area and click Authentication (under 'Security Settings').
  2. Click Edit under 'JIRA/Crowd Authentication'.
    (info) FishEye allows only one authentication method to be configured at any one time. If you have already configured a different authentication source, click Remove to remove that authentication method. You will then be presented with the options for different authentication methods – one will be the option to set up Crowd authentication.
  3. The 'Crowd Authentication Settings' screen will appear, as shown below. Enter the following information:
    • Application name – The name for the FishEye application you specified in Step 1 above.
    • Application password – The password you specified in Step 1 above.
    • Crowd URL http://localhost:8095/crowd/services/
      \(i) The trailing slash is required.
    • Auto-add – Select Create a FishEye user on successful login (default) to ensure that your Crowd users will be automatically enrolled into FishEye when they first log in via Crowd.
    • Single sign on (SSO) — Controls whether FishEye should attempt to participate in a single sign on (SSO) environment.
      (info) This SSO option is available only with FishEye 1.5.1and later.
      • Select Enabled (default) if you want FishEye to use Crowd's SSO capability.
      • Select Disabled if you want FishEye to use Crowd to check username/passwords and group membership, without participating in SSO. In this mode, FishEye will not read or set crowd.token cookies. This is useful in environments where you want FishEye to ignore crowd.token cookies set by other Crowd-enabled applications.



For more information, please see the FishEye documentation on configuring external authentication sources.

2.3 Configure group authorization in FishEye (if required)

If you have groups in the Crowd directory that is mapped to your FishEye application (see Step 1 above), the Crowd groups can be seen in FishEye. You can use those groups to control access to your FishEye repositories.

See Permissions in the FishEye documentation for details.

Step 3. Override Crowd default properties (optional)

You set the basic Crowd properties, such as the application name, password and URL, using the FishEye adminstration screens (described above). You can also fine tune your Crowd integration by overriding the default Crowd properties, such as the session validation interval and SSO cookie name, by manually editing the config.xml file in your FishEye installation directory.

To override the default Crowd properties:

  1. Shutdown the application.
  2. Backup and then open the config.xml file in your <FishEye home directory> (the folder where you installed FishEye).
  3. Add a new <crowd-properties> element to the file.
  4. Override the default values for any of the Crowd properties (described in the crowd.properties file) by adding the property in the  <crowd-properties> section with the desired value.
    For example, your config.xml file should look like this, if you want to set the session.validationinterval to 20 minutes:

    <config control-bind="127.0.0.1:8059" version="1.0">
    	<crowd-properties>
    		session.validationinterval=20
    	</crowd-properties>
    </config>


    Note that FishEye 2.8, and later, overrides the Crowd defaults with these values:

    PropertyCrowd DefaultFishEye 2.8+
    http.timeout5000 (millisecs)5000 (millisecs)
    socket.timeout600000 (milliseconds)20000 (millisecs)
  5. Save the file and restart FishEye.

Next step for Crucible users

If you are using Atlassian's Crucible code review tool, please take a look at the further instructions on integrating Crowd with Crucible.

RELATED TOPICS

Crowd documentation

Last modified on Sep 7, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.