You can configure Stash to use Atlassian Crowd for user and group management, and for authentication. Atlassian Crowd is an application security framework that handles authentication and authorisation for your web-based applications. With Crowd you can integrate multiple web applications and user directories, with support for single sign-on (SSO) and centralised identity management. See the Crowd Administration Guide. Connect to Crowd if you want to use Crowd to manage existing users and groups in multiple directory types, or if you have users of other web-based applications. See also this information about deleting users and groups in Stash. Connecting Atlassian Stash to your external directory is not sufficient to allow your users to log in to Stash. You must explicitly grant them access to Stash in the global permission screen. We recommend that you use groups instead of individual accounts when granting permissions. However, be careful not to add more users to those groups that your Stash license allows. If the license limit is exceeded, your developers will not be able to push commits to repositories, and Stash will display a warning banner. See this FAQ. |
|
On this page: 
|
|
|
To connect Stash to Crowd:
- Log in as a user with 'Admin' permission.
- In the Stash administration area, click User Directories (under 'Accounts').
- Click Add Directory and select Atlassian Crowd.
- Enter settings, as described below.
- Test and save the directory settings.
- Define the directory order, on the 'User Directories' screen, by clicking the blue up- and down-arrows next to each directory. The directory order has the following effects:
- The order of the directories is the order in which they will be searched for users and groups.
- Changes to users and groups will be made only in the first directory where the application has permission to make changes.
Server settings
Crowd permissions
Stash offers Read Only permissions for Crowd directories. The users, groups and memberships in Crowd directories are retrieved from Crowd and can only be modified from Crowd. You cannot modify Crowd users, groups or memberships using the Stash administration screens.
For local Stash directories, Read Only and Read/Write permissions are available.
Advanced settings
Single sign-on (SSO) with Crowd
Once the Crowd Directory has been set up, you can enable Crowd SSO integration by adding the following setting to <STASH_HOME>/shared/stash-config.properties (create this file if it doesn't exist yet):
# Whether SSO support should be enabled or not. Regardless of this setting SSO authentication
# will only be activated when a Crowd directory is configured in Stash that is configured
# for SSO.
plugin.auth-crowd.sso.enabled=true |
Please note that you will need to correctly set up the domains of the applications involved in SSO. See Crowd SSO Domain examples
In addition to this property, Crowd SSO integration can be tuned through the following properties, all set in stash-config.properties. The configuration properties and their default values are displayed below:
| Property | Description | Default |
|---|
plugin.auth-crowd.sso.session.validationinterval | The number of minutes to cache authentication validation in the session. If this value is set to 0, the SSO session will be validated with the Crowd server for every HTTP request. | 3 |
plugin.auth-crowd.sso.http.max.connections | The maximum number of HTTP connections in the connection pool for communication with the Crowd server. | 20 |
plugin.auth-crowd.sso.http.proxy.host | The name of the proxy server used to transport SOAP traffic to the Crowd server. | (none) |
plugin.auth-crowd.sso.http.proxy.port | The connection port of the proxy server (must be specified if a proxy host is specified). | (none) |
plugin.auth-crowd.sso.http.proxy.username | The username used to authenticate with the proxy server (if the proxy server requires authentication). | (none) |
plugin.auth-crowd.sso.http.proxy.password | The password used to authenticate with the proxy server (if the proxy server requires authentication). | (none) |
plugin.auth-crowd.sso.http.timeout | The HTTP connection timeout (milliseconds) used for communication with the Crowd server. A value of zero indicates that there is no connection timeout. | 5000 |
plugin.auth-crowd.sso.socket.timeout | The socket timeout in milliseconds. You may wish to override the default value if the latency to the Crowd server is high. | 20000 |