Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bamboo and Crowd SSO

Mark Willcox
Mark Willcox March 30, 2015

I have installed JIRA, Confluence, Stash & Bamboo and set them all to use Crowd for centralised user management and SSO.

JIRA, Confluence and Stash are working perfectly.

Bamboo, on the other hand, is working fine with Crowd's user repository but failing miserably with SSO.

It appears that Bamboo is ignoring any pre-existing crowd.token_key cookie generated by any of the other applications. This means a log in prompt is presented despite being logged in to the other apps. Upon logging in, bamboo then generates a new crowd.token_key which makes the other sessions in the other apps expire.

Could this be caused by the fact that all of the other apps are using a version of the Crowd 2.8.1 libraries whilst Bamboo is released with a 2.7 version?

For now I have had to switch Bamboo's SSO authentication off so that it doesn't disrupt use but it would be great if we could get full SSO functionality. Any advice to that end would be greatly appreciated.

 

Versions installed:

 

Crowd 2.8.0 (x64)

JIRA 6.4 (x64)

Stash 3.7.1 (x64)

Bamboo 5.8.1 (x64)

Confluence 5.7.1 (x86)

 

Many thanks,

Mark

 

 

 

Answer
Watch
Like Be the first to like this
1164 views

2 answers

0 votes
rsperafico
rsperafico
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 6, 2015

Hello Mark,

I am sorry for the delay on getting back to you.

I have installed JIRA v6.4 in the same box where Crowd v2.8 and Bamboo v5.8.1 by following the steps in 2.2 Configure JIRA to use Crowd's Authenticator to enable SSO (Optional) and added the following to my VirtualHost configuration:

ProxyPass /jira http://localhost:8080/jira
    ProxyPassReverse /jira http://localhost:8080/jira

As well as that, I have added a context path to JIRA under "<jira-install>/conf/server.xml"

&lt;Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true"&gt;

I have followed the steps you have mentioned:

  • Sign in to JIRA / Confluence. This generates a crowd.token_key cookie for SSO.
  • Switch to Bamboo - bamboo does not authenticate with the crowd.token_key cookie and is therefore signed out.

I have cleared browser's cache to run the suggested above and switching from JIRA to Bamboo did not log off the user authenticated.

Kind regards,
Rafael P. Sperafico
Atlassian Support

Reply
0 votes
rsperafico
rsperafico
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 30, 2015

Hello Mark,

Thank you for your question.

I have just set up Crowd v2.8 and Bamboo v5.8.1 in a CentOS virtual machine and SSO has been enabled successfully. Please notice that during my setting up I have noticed that some of the steps in our documentation need to be updated and for that reason I have raised a improvement request as per following:

Please, find below the configuration used to set up Bamboo and Crowd with SSO:

VirtualHost

NameVirtualHost *:80
&lt;VirtualHost *:80&gt;
	ServerName sso.vm.centos
	ProxyRequests Off
	ProxyPreserveHost On
	&lt;Proxy *&gt;
		Order Deny,Allow
		Allow from all
	&lt;/Proxy&gt;
	ProxyPass /bamboo http://localhost:8085/bamboo
	ProxyPassReverse /bamboo http://localhost:8085/bamboo
	ProxyPass /crowd http://localhost:8095/crowd
	ProxyPassReverse /crowd http://localhost:8095/crowd
	&lt;Location /&gt;
		Order Allow,Deny
		Allow from all
	&lt;/Location&gt;
&lt;/VirtualHost&gt;

/etc/hosts

# 192.168.3.202 was the IP address used by my virtual machine
192.168.3.202	sso.vm.centos

<bamboo-install>/conf/server.xml

&lt;Connector port="8085"
                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   proxyName="sso.vm.centos"
		   /&gt;
...
                &lt;Context path="/bamboo" docBase="${catalina.home}/atlassian-bamboo" reloadable="false" useHttpOnly="true"&gt;

Followed the steps in the documentation below:

[root@localhost atlassian-bamboo-5.8.1]# ls -l /opt/Atlassian/service/atlassian-bamboo-5.8.1/atlassian-bamboo/WEB-INF/lib/crowd*
-rw-r--r--. 1 root root   68230 Mar 16 23:33 crowd-integration-api-2.7.2.jar
-rw-r--r--. 1 root root   38726 Mar 16 23:33 crowd-integration-client-common-2.7.2.jar
-rw-r--r--. 1 root root   65599 Mar 16 23:33 crowd-integration-client-rest-2.7.2.jar
-rw-r--r--. 1 root root    7276 Mar 16 23:33 crowd-integration-seraph25-2.7.2.jar

[root@localhost atlassian-bamboo-5.8.1]# cp ../atlassian-crowd-2.8.0/client/crowd-integration-client-2.8.0.jar  atlassian-bamboo/WEB-INF/lib/
[root@localhost atlassian-bamboo-5.8.1]# cp ../atlassian-crowd-2.8.0/client/conf/crowd.properties ../../home/bamboo-5.8.1/xml-data/configuration/
cp: overwrite `../../home/bamboo-5.8.1/xml-data/configuration/crowd.properties'? y
[root@localhost atlassian-bamboo-5.8.1]# cp ../atlassian-crowd-2.8.0/client/conf/crowd-ehcache.xml ../../home/bamboo-5.8.1/xml-data/configuration/

Uncommented in <bamboo-install>/atlassian-bamboo/WEB-INF/classes/seraph-config.xml the following:

&lt;authenticator class="com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator"/&gt;

 

If you find this answer useful, I would kindly ask you to accept it so the same will be visible to others who might be facing the same issue you have inquired.

Thank you for your understanding.

Kind regards,
Rafael P. Sperafico
Atlassian Support

View More Comments
Mark Willcox
Mark Willcox March 30, 2015

Thanks for the swift respond Rafael. I will give it a try tomorrow and accept the answer if all goes well. I should have said, I'm actually running windows server 2012 with Atlassian's suite running behind an IIS proxy but I suspect copying those libraries will be the solution no matter which platform is in use. Thanks again.

Like
Mark Willcox
Mark Willcox March 30, 2015

Hi Rafael, I'm sorry to report the above method doesn't fix the issue. Can I recommend that you install JIRA or Confluence in your test system (with SSO enabled) then you may reproduce the problem which can be observed as follows: - Sign in to JIRA / Confluence. This generates a crowd.token_key cookie for SSO. - Switch to Bamboo - bamboo does not authenticate with the crowd.token_key cookie and is therefore signed out. - Sign in with Bamboo - bamboo overwrites the crowd.token_key cookie with a new value. - Switch back to JIRA - the crowd.token_key cookie is read but has changed so your session is expired.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events