You can use Crowd to provide external authentication and authorisation for Atlassian's Stash.
On this page:
- Download and install Crowd. Refer to the Crowd installation guide for detailed information on how to do this. We will refer to the Crowd root folder as
- Download and install Stash. Refer to
Stash. for detailed information on how to do this. We will refer to the Stash root folder as
Crowd Client JAR
Please make sure you use the default Crowd client JAR that ships with Stash.
Step 1. Configuring Crowd to talk to Stash
1.1 Prepare Crowd's directories/groups/users for Stash
The Stash application will need to authenticate users against a directory configured in Crowd. You will need to set up a directory in Crowd for Stash. For more information on how to do this, see Adding a Directory. We will assume that the directory is called Stash Directory for the rest of this document. It is possible to assign more than one directory for an application, but for the purposes of this example, we will use Stash Directory to house Stash users.
If you wish to use Crowd groups to control access to your Stash projects, you should set up your groups in Crowd. See the documentation on Creating Groups for more information on how to define these groups.
Use Crowd to create at least one user in the Stash Directory. If you are using groups, assign your user(s) to the appropriate groups. The Crowd documentation has more information on creating users and assigning users to groups.
1.2 Define the Stash application in Crowd
Crowd needs to be aware that the Stash application will be making authentication requests to Crowd. We need to add the Stash application to Crowd and map it to the Stash Directory:
- Log in to the Crowd Administration Console and navigate to Applications > Add Application.
- Complete the 'Add Application' wizard for the Stash application. See the instructions.
When prompted for an Application Type, choose Generic Application if the Stash option is not available.
Note that the Name and Password values you specify in the 'Add Application' wizard must match those for Application Name and Application Password that you will set in Stash's 'Configure Atlassian Crowd Server' screen (see Step 2 below).
1.3 Specify which users can log in to Stash
Once Crowd is aware of the Stash application, Crowd needs to know which users can authenticate (log in) to Stash via Crowd. As part of the 'Add Application' wizard, you will set up your directories and group authorisations for the application. If necessary, you can adjust these settings after completing the wizard.
You can either allow entire directories to authenticate, or just particular groups within the directories. If you wish to authorise specific groups only, please see Mapping a Directory to an Application and Specifying which Groups can access an Application.
1.4 Specify the address from which Stash can log in to Crowd
As part of the 'Add Application' wizard, you will need to tell Crowd the IP address and/or hostname of the server that Stash is connecting from. See Specifying an Application's Address or Hostname.
Step 2. Configuring Stash to talk to Crowd
2.1 Connecting Stash to Crowd
To set up Stash to use Crowd authentication, follow the instructions in Connecting Stash to Crowd.
2.2 Configure group permissions in Stash (if required)
If you have created groups in the Crowd directory which is mapped to your Stash application (see Step 1 above), the Crowd groups can be seen in Stash. Now you can set up group permissions for your Stash projects. See Creating projects.
2.3 Configure Stash to enable SSO with Crowd (optional)
Once the Crowd directory has been set up, you can enable Crowd SSO integration in Stash. See Connecting to Crowd for details.