Documentation for Crowd 2.9. Documentation for earlier versions of Crowd is available too.

Skip to end of metadata
Go to start of metadata

You can use Crowd to provide external authentication and authorization for Atlassian's FishEye source-repository viewer.

Crowd supports centralized authentication and single sign-on (SSO) for FishEye versions 1.3.1 and later.

Crucible and FishEye

If you are using Atlassian's Crucible code review tool, you will need to follow the instructions below on integrating Crowd with FishEye. If you have the standalone version of Crucible without FishEye (available from Crucible 1.6), please follow the instructions below to set up the Crowd directory and application for Crucible instead of FishEye. If preferred, you can change the name of your Crowd application and directory to 'Crucible' rather than 'FishEye'. Then follow the further instructions to integrate Crowd with Crucible.

On this page:

Prerequisites

  1. Download and install Crowd. Refer to the Crowd installation guide for detailed information on how to do this. We will refer to the Crowd root folder as CROWD.
  2. Download and install FishEye. Refer to the FishEye Installation Guide for detailed information on how to do this. We will refer to the FishEye root folder as FISHEYE.
    If you have the standalone version of Crucible (available from Crucible 1.6), there is no need to download or install FishEye.
  3. After FishEye is set up, make sure FishEye is not running when you begin the integration process described below.

Step 1. Configuring Crowd to talk to FishEye

1.1 Prepare Crowd's directories/groups/users for FishEye

The FishEye application will need to authenticate users against a directory configured in Crowd. You will need to set up a directory in Crowd for FishEye. For more information on how to do this, see Adding a Directory. We will assume that the directory is called FishEye Directory for the rest of this document. It is possible to assign more than one directory for an application, but for the purposes of this example, we will use FishEye Directory to house FishEye users.

If you wish to use Crowd groups to control access to your FishEye repositories, you should set up your groups in Crowd. See the documentation on Creating Groups for more information on how to define these groups.

Use Crowd to create at least one user in the FishEye Directory. If you are using groups, assign your user(s) to the appropriate groups. The Crowd documentation has more information on creating users and assigning users to groups.

1.2 Define the FishEye application in Crowd

Crowd needs to be aware that the FishEye application will be making authentication requests to Crowd. We need to add the FishEye application to Crowd and map it to the FishEye Directory:

  1. Log in to the Crowd Administration Console and navigate to Applications > Add Application.
  2. Complete the 'Add Application' wizard for the FishEye application. See the instructions.
    The Name and Password values you specify in the 'Add Application' wizard must match the Application name and Application password that you will set in FishEye's 'Crowd Authentication Settings' screen. (See Step 2 below.)

1.3 Specify which users can log in to FishEye

Once Crowd is aware of the FishEye application, Crowd needs to know which users can authenticate (log in) to FishEye via Crowd. As part of the 'Add Application' wizard, you will set up your directories and group authorizations for the application. If necessary, you can adjust these settings after completing the wizard. Below are some examples.

You can either allow entire directories to authenticate, or just particular groups within the directories. In our example, we will allow the entire FishEye Directory to authenticate:



If you wish to authorize specific groups only, please see Mapping a Directory to an Application and Specifying which Groups can access an Application.

1.4 Specify the address from which FishEye can log in to Crowd

As part of the 'Add Application' wizard, you will set up FishEye's IP address. This is the address which FishEye will use to authenticate to Crowd. If necessary you can add a hostname, in addition to the IP address, after completing the wizard. See Specifying an Application's Address or Hostname.

Step 2. Configuring FishEye to talk to Crowd

Click here for instructions for older versions of FishEye (before 4.0.0).

To set up FishEye to use Crowd authentication, follow the instructions in the FishEye documentation.

If you have groups in the Crowd directory that is mapped to your FishEye application (see Step 1 above), the Crowd groups can be seen in FishEye. You can use those groups to control access to your FishEye repositories.

See Permissions in the FishEye documentation for details.

Next step for Crucible users

If you are using Atlassian's Crucible code review tool, please take a look at the further instructions on integrating Crowd with Crucible.

RELATED TOPICS

Crowd Documentation

12 Comments

  1. Multi-group restrictions do not work currently. See CWD-358.

  2. hmm....

    "You will need to set up a directory in Crowd for FishEye. For more information on how to do this, see Adding a Directory. We will assume that the directory is called FishEye Directoryfor the rest of this document. It is possible to assign more than one directory for an application, but for the purposes of this example, we will use FishEye Directory to house FishEye users."

    does this mean I need to set up a whole separate directory just for FishEye? Or can I use an existing directory?

  3. What's the status of FishEye integration with Crowd 2.1.0? 

    This page states that FishEye is not compatibile with the integration .jar file that ships with 2.0.7. On the Crowd 2.0.7 release notes page, it states that the incompatibility will be resolved in Crowd 2.1. However, in the Crowd 2.1.0 release notes, I can't find anything about this.

    We have lots of problems with FishEye 2.4.3 keeping users authenticated with Crowd 2.1.0. Similar symptoms were seen in JIRA and Confluence, too, and the workaround provided by Atlassian was to use the 2.0.7 integration JAR. Obviously, the message on this page suggests that's not feasible here.

    Can you please update the status of this compatibility issue?

    1. It's been 4 months. Any update (now with Crowd 2.2+)?

      1. Hi Michael,

        The underlying issue is actually in FishEye. It's been fixed in 2.6, the next release, which will be out in about a month.

        Cheers,

        Dave.

        1. Fantastic, good to hear. Thanks for the update!

          1. Glad to be the bearer of good news!

            BTW, if you use git or hg, 2.6 is going to be a wonderful release.

            1. Was this actually resolved? I tried looking in the FishEye 2.6 fix list, but didn't see anything that really described it particularly, only nested groups and group membership which doesn't really talk about sessions/authentication.

  4. After configuring FishEye 2.5.1 to use Crowd (2.0.6) authentication with an SSO domain set up, be sure to check that the BaseURL of Fisheye is in the SSO domain. Otherwise all crowd logins fails in FishEye, because the SSO domain does not match. Crowd and Fisheye both don't show the mismatch in the logging.

  5. Anyone have experience configuring Fisheye w/Crucible 2.7.x+ with Crowd 2.2+ where you specify crowd configuration details to fisheye via the crowd.properties file?  I see no mention of the crowd.properties file in any of this Fisheye integration documentation.  Most (or all) other product seem to be capable of using this feature.  We have multiple Crowd and Atlassian products floating around our domain and need to customize the session and cookie names to allow SSO to work among these varied instances (sounds sloppy, but that's just what you inherit sometimes).  Nevertheless, I've tried specifying the -Dcrowd.properties environment variable to my fisheye startup script and I've even gone as far as copying it to my $FISHEYE_INST/content/WEB-INF/classes directory.  Neither of these approaches work and I know this because my custom cookie.tokenkey name (which is altered in my customized crowd.properties file) is not being seen in my browser cookies; instead it is the default value of crowd.token_key.  Any ideas?

    1. I finally got looking at the Fisheye (FE) project in JIRA and noticed this issue:  FE-2855 - Getting issue details... STATUS  that discusses crowd property customization for fisheye.  I'm about to test it out.  Hopefully this helps other people out.  Thanks for putting up with my spam; I'll post whether this worked.

      1. Yes, editing your $FISHEYE_INST/config.xml's <crowd-properties> section worked perfectly.  My SSO is now working as intended.