It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Crowd JIRA Confluence Bitbucket integration Edited

We are integrating JIRA with confluence and jira with bitbucket.  All these three applications are connected to Crowd to get user and enable SSO.

Crowd: is internal crowd url.

JIRA: is internal JIRA url

Confluence: is internal Confluence URL

Bitbucket: is internal Bitbucket URL


The SSO works fine in this case as all my applications are not internet facing or not available on internet.

If I am making BItbucket, JIRA and confluence as Internet facing or make them publicly available on internet, making their URL's different. Lets say





My questions are:

1. Do I need to make Crowd as internet facing?

--As of my knowledge All application will get Users and groups from crowd by internal crowd link

2. Will my configured SSO work?

--As of my knowledge these application will use internal URL to communicate and pass tokens with other even if they are accesses by external URL


Please clarify my confussion


2 answers

1 vote
Bruno Vincent Community Leader Dec 08, 2017


You need to configure the reverse-proxy serving the internet facing content to transform the internal cookie domain into external cookie domain, and vice versa. For instance, in Apache you have to use the ProxyPassReverseCookieDomain directive:


Then SSO will work.

0 votes
Ann Worley Atlassian Team Dec 04, 2017

Crowd does not need to be internet facing, it only needs to talk to the application servers.

The User Directories in the applications communicate with the Applications set up in Crowd. If the IP addresses of the applications change the Applications will need to be updated to the new IP. If Crowd is using internal IPs and and they are not changing, no action should be needed on that account.

SSO will still work because the applications all come from the same domain: SSO within a Single Domain <That article is really comprehensive and can save trial and error time.


Yes my applications are under same domain and I configured SSO domain as "" in Crowd.

Now if I am accessing JIRA as and Confluence as  will my SSO still work?  Or is there any need to access applications with internal URL just to make SSO work



Ann Worley Atlassian Team Dec 05, 2017

Yes, that should be fine as long as they are all in domain, as mentioned in Overview of SSO:

The core Crowd functionality supports SSO across applications within a single domain, such as * Crowd uses a browser cookie to manage SSO. Because your browser limits cookie access to hosts in the same domain, this means that all applications participating in SSO must be in the same domain.
Example 1: If you wish to have single sign-on (SSO) support for *, you will need to configure the SSO domain in Crowd as — including the full stop ('.') at the beginning. All your Crowd-connected applications must be in the same domain.

I tried with the above approach. My bitbucket is  and my JIRA is


And i configured SSO domain as  but still SSO is not working.


SSO is working fine if I configured SSO domain as internal domain andd access sites with internal URL. 

But its not working in case of external URL.

The thing is im accessing bitbucket over https and jira over http. 

and "secure SSo cookie" in cowd is disabled by default

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published Thursday in Confluence

Confluence CVEs and common questions

Two vulnerabilities have been published for Confluence Server and Data Center recently: March 20, 2019 CVE-2019-3395 / CVE-2019-3396 April 17, 2019 CVE-2019-3398 The goal of this article is...

144 views 0 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you