Bamboo and Crowd SSO

I have installed JIRA, Confluence, Stash & Bamboo and set them all to use Crowd for centralised user management and SSO.

JIRA, Confluence and Stash are working perfectly.

Bamboo, on the other hand, is working fine with Crowd's user repository but failing miserably with SSO.

It appears that Bamboo is ignoring any pre-existing crowd.token_key cookie generated by any of the other applications. This means a log in prompt is presented despite being logged in to the other apps. Upon logging in, bamboo then generates a new crowd.token_key which makes the other sessions in the other apps expire.

Could this be caused by the fact that all of the other apps are using a version of the Crowd 2.8.1 libraries whilst Bamboo is released with a 2.7 version?

For now I have had to switch Bamboo's SSO authentication off so that it doesn't disrupt use but it would be great if we could get full SSO functionality. Any advice to that end would be greatly appreciated.

 

Versions installed:

 

Crowd 2.8.0 (x64)

JIRA 6.4 (x64)

Stash 3.7.1 (x64)

Bamboo 5.8.1 (x64)

Confluence 5.7.1 (x86)

 

Many thanks,

Mark

 

 

 

2 answers

0 vote

Hello Mark,

Thank you for your question.

I have just set up Crowd v2.8 and Bamboo v5.8.1 in a CentOS virtual machine and SSO has been enabled successfully. Please notice that during my setting up I have noticed that some of the steps in our documentation need to be updated and for that reason I have raised a improvement request as per following:

Please, find below the configuration used to set up Bamboo and Crowd with SSO:

VirtualHost

NameVirtualHost *:80
<VirtualHost *:80>
	ServerName sso.vm.centos
	ProxyRequests Off
	ProxyPreserveHost On
	<Proxy *>
		Order Deny,Allow
		Allow from all
	</Proxy>
	ProxyPass /bamboo http://localhost:8085/bamboo
	ProxyPassReverse /bamboo http://localhost:8085/bamboo
	ProxyPass /crowd http://localhost:8095/crowd
	ProxyPassReverse /crowd http://localhost:8095/crowd
	<Location />
		Order Allow,Deny
		Allow from all
	</Location>
</VirtualHost>

/etc/hosts

# 192.168.3.202 was the IP address used by my virtual machine
192.168.3.202	sso.vm.centos

<bamboo-install>/conf/server.xml

&lt;Connector port="8085"
                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   proxyName="sso.vm.centos"
		   /&gt;
...
                &lt;Context path="/bamboo" docBase="${catalina.home}/atlassian-bamboo" reloadable="false" useHttpOnly="true"&gt;

Followed the steps in the documentation below:

[root@localhost atlassian-bamboo-5.8.1]# ls -l /opt/Atlassian/service/atlassian-bamboo-5.8.1/atlassian-bamboo/WEB-INF/lib/crowd*
-rw-r--r--. 1 root root   68230 Mar 16 23:33 crowd-integration-api-2.7.2.jar
-rw-r--r--. 1 root root   38726 Mar 16 23:33 crowd-integration-client-common-2.7.2.jar
-rw-r--r--. 1 root root   65599 Mar 16 23:33 crowd-integration-client-rest-2.7.2.jar
-rw-r--r--. 1 root root    7276 Mar 16 23:33 crowd-integration-seraph25-2.7.2.jar

[root@localhost atlassian-bamboo-5.8.1]# cp ../atlassian-crowd-2.8.0/client/crowd-integration-client-2.8.0.jar  atlassian-bamboo/WEB-INF/lib/
[root@localhost atlassian-bamboo-5.8.1]# cp ../atlassian-crowd-2.8.0/client/conf/crowd.properties ../../home/bamboo-5.8.1/xml-data/configuration/
cp: overwrite `../../home/bamboo-5.8.1/xml-data/configuration/crowd.properties'? y
[root@localhost atlassian-bamboo-5.8.1]# cp ../atlassian-crowd-2.8.0/client/conf/crowd-ehcache.xml ../../home/bamboo-5.8.1/xml-data/configuration/

Uncommented in <bamboo-install>/atlassian-bamboo/WEB-INF/classes/seraph-config.xml the following:

&lt;authenticator class="com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator"/&gt;

 

If you find this answer useful, I would kindly ask you to accept it so the same will be visible to others who might be facing the same issue you have inquired.

Thank you for your understanding.

Kind regards,
Rafael P. Sperafico
Atlassian Support

Thanks for the swift respond Rafael. I will give it a try tomorrow and accept the answer if all goes well. I should have said, I'm actually running windows server 2012 with Atlassian's suite running behind an IIS proxy but I suspect copying those libraries will be the solution no matter which platform is in use. Thanks again.

Hi Rafael, I'm sorry to report the above method doesn't fix the issue. Can I recommend that you install JIRA or Confluence in your test system (with SSO enabled) then you may reproduce the problem which can be observed as follows: - Sign in to JIRA / Confluence. This generates a crowd.token_key cookie for SSO. - Switch to Bamboo - bamboo does not authenticate with the crowd.token_key cookie and is therefore signed out. - Sign in with Bamboo - bamboo overwrites the crowd.token_key cookie with a new value. - Switch back to JIRA - the crowd.token_key cookie is read but has changed so your session is expired.

0 vote

Hello Mark,

I am sorry for the delay on getting back to you.

I have installed JIRA v6.4 in the same box where Crowd v2.8 and Bamboo v5.8.1 by following the steps in 2.2 Configure JIRA to use Crowd's Authenticator to enable SSO (Optional) and added the following to my VirtualHost configuration:

ProxyPass /jira http://localhost:8080/jira
    ProxyPassReverse /jira http://localhost:8080/jira

As well as that, I have added a context path to JIRA under "<jira-install>/conf/server.xml"

&lt;Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true"&gt;

I have followed the steps you have mentioned:

  • Sign in to JIRA / Confluence. This generates a crowd.token_key cookie for SSO.
  • Switch to Bamboo - bamboo does not authenticate with the crowd.token_key cookie and is therefore signed out.

I have cleared browser's cache to run the suggested above and switching from JIRA to Bamboo did not log off the user authenticated.

Kind regards,
Rafael P. Sperafico
Atlassian Support

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published May 18, 2017 in Bamboo

FAQ: How to Upgrade Bamboo Server

Bamboo 5.9 will no longer be supported after June 12, 2017. What does this mean? As part of our End of Life policy, Atlassian supports major versions for two years after the first major iteratio...

1,561 views 0 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you