Documentation for Crowd 1.4. Documentation for other versions of Crowd is available too.
Crowd is an application security framework that handles authentication and authorisation for your web-based applications. With Crowd you can quickly integrate multiple web applications into a single security architecture that supports single sign-on (SSO) and centralised identity management.
Crowd has the following components:
- The Crowd Administration Console is a clean and powerful web-interface for managing directories, users (known in Crowd as 'principals') and their security rights ('permissions'). Refer to the Crowd Administration Guide for details.
- The Crowd Self-Service Console allows authorised users to maintain their user profiles and passwords and to view their usernames, groups, roles and applications. Refer to the Crowd User Guide for details.
- The Crowd integration API provides a platform-neutral way to integrate web applications into a single security architecture. With the integration API, applications can quickly access user information and perform security checks.
Designed for ease of use, Crowd can be deployed with your existing infrastructure. Crowd supports:
- Java, .NET and PHP applications.
- Popular directory servers such as Microsoft Active Directory, Sun ONE and OpenLDAP. Additionally, custom directory connectors may be developed using the Crowd integration API.
See the list of supported applications and directories.
Architectural Overview
Crowd is a middleware application that integrates web applications into a single security architecture that supports single sign-on and centralised identity management. Crowd works by dispatching authentication and authorisation calls from configured applications to configured directories.
A typical deployment may be similar to the following:
When an application needs to validate a security or authentication request (e.g. when a user attempts to log in to the application) the application will make a simple API call to the Crowd framework, which will then forward the call to the appropriate directory.
About Applications
Crowd integrates and provisions applications. Once defined, an application is mapped to a directory(s), whose users are then granted access to the application. Note that an application can only communicate with Crowd when the application uses a known host address.About Directories
Crowd supports an unlimited number of user directories. A directory can be one of the following types:- Internal to Crowd.
- Connected to Crowd via an LDAP connector (e.g. for Active Directory), with all authentication and user/group/role management in LDAP.
- A Crowd internal directory for user/group/role management but with authentication delegated to LDAP (e.g. Active Directory).
- Connected via a custom directory connector (e.g. for a legacy database).
Once you have defined a directory in Crowd, you can map it to applications. Crowd will then pass authentication and authorisation requests to the directory, for all applications that are mapped to that directory. Modification of directory entities (users, groups and roles) can be done via the Crowd Administration Console or via the application, depending on the application's capabilities.
You can even map multiple directories to an application, providing the application with a single view of multiple directories in a specified order.
RELATED TOPICS
Overview
Content Tools
Apps
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.