Setting up single sign-on with Crowd

In previous recipes, we have looked at different options for JIRA to use external centralized user repositories, including Crowd. One of the advantages of integrating JIRA with Crowd is its single sign-on (SSO) abilities.

Web-based applications integrated with Crowd are able to participate in an SSO environment; so, when a user is logged in to one application, he/she will be automatically logged in to all other applications.

If you are looking for single sign-on in a Windows environment where users will be automatically logged on to applications with their workstation, read the next recipe, Setting up a Windows domain single sign-on.

Getting ready

Before you can set up SSO with Crowd, you will first need to integrate JIRA with Crowd for user management. Refer to the Integrating with Atlassian Crowd recipe for details.

If you have already integrated JIRA with Crowd, you will need to have the following information:

  • The application name assigned to JIRA in Crowd
  • The password for JIRA to access Crowd
  • A copy of the crowd.properties file from the <CROWD_INSTALL>/client/conf directory

How to do it…

Proceed with the following steps to enable SSO with Crowd:

  1. Shut down JIRA if it is running.
  2. Open the seraph-config.xml file located in the <JIRA_INSTALL>/atlassian-jira/WEB-INF/classes directory in a text editor.
  3. Locate the line that contains com.atlassian.jira.security.login.JiraSeraphAuthenticator and comment it out so it looks like the following:
    <!--
<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>
-->
  4. Locate the line that contains com.atlassian.jira.security.login.SSOSeraphAuthenticator and uncomment it so it looks like the following:
    <authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>
  5. Copy the crowd.properties file to the <JIRA_INSTALL>/atlassian-jira/WEB-INF/classes directory.
  6. Open crowd.properties in a text editor and update the properties listed in the following table.
  7. Start up JIRA again.

    Parameter

    Value

    application.name

    This is the application name configured in Crowd for JIRA.

    application.password

    This the password for the application.

    application.login.url

    This is JIRA's base URL (you can get this from JIRA's General Configurations).

    crowd.base.url

    This is Crowd's base URL.

    session.validationinterval

    This is the duration (in minutes) a Crowd SSO session will remain valid. Setting this to 0 will invalidate the session immediately and will have a performance penalty. It is recommended to set this at a higher value.

Once JIRA has started up again, it will participate in SSO sessions in all Crowd SSO-enabled applications, for example, if you have multiple JIRA instances integrated to Crowd for SSO, you will only need to log in to one of the JIRAs.

Tip

Make sure you also have a backup copy of the file before you make any changes.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset