Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Crowd JIRA Confluence Bitbucket integration

SUNIL SABALE
SUNIL SABALE December 4, 2017

We are integrating JIRA with confluence and jira with bitbucket.  All these three applications are connected to Crowd to get user and enable SSO.

Crowd: abc-crowd.xyz.com/crowd is internal crowd url.

JIRA: abc-jira.xyz.com:8080 is internal JIRA url

Confluence: abc-wiki.xyz.com:8090 is internal Confluence URL

Bitbucket: abc-git.xyz.com:7075 is internal Bitbucket URL

 

The SSO works fine in this case as all my applications are not internet facing or not available on internet.

If I am making BItbucket, JIRA and confluence as Internet facing or make them publicly available on internet, making their URL's different. Lets say

JIRA: jira.xyz.co.uk 

Confluence: wiki.xyz.co.uk

Bitbucket: git.xyz.co.uk

 

My questions are:

1. Do I need to make Crowd as internet facing?

--As of my knowledge All application will get Users and groups from crowd by internal crowd link

2. Will my configured SSO work?

--As of my knowledge these application will use internal URL to communicate and pass tokens with other even if they are accesses by external URL

 

Please clarify my confussion

 

Answer
Watch
Like Be the first to like this
4215 views

2 answers

1 vote
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 8, 2017

Hi @SUNIL SABALE,

You need to configure the reverse-proxy serving the internet facing content to transform the internal cookie domain into external cookie domain, and vice versa. For instance, in Apache you have to use the ProxyPassReverseCookieDomain directive: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypassreversecookiedomain

ProxyPassReverseCookieDomain .xyz.com .xyz.co.uk

Then SSO will work.

Reply
0 votes
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 4, 2017

Crowd does not need to be internet facing, it only needs to talk to the application servers.

The User Directories in the applications communicate with the Applications set up in Crowd. If the IP addresses of the applications change the Applications will need to be updated to the new IP. If Crowd is using internal IPs and and they are not changing, no action should be needed on that account.

SSO will still work because the applications all come from the same domain: SSO within a Single Domain <That article is really comprehensive and can save trial and error time.

View More Comments
SUNIL SABALE
SUNIL SABALE December 4, 2017

Thanks,

Yes my applications are under same domain and I configured SSO domain as ".xyz.com" in Crowd.

Now if I am accessing JIRA as https://jira.xyz.co.uk and Confluence as https://wiki.xyz.co.uk  will my SSO still work?  Or is there any need to access applications with internal URL just to make SSO work

 

 

Like
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 5, 2017

Yes, that should be fine as long as they are all in domain xyz.co.uk, as mentioned in Overview of SSO:

The core Crowd functionality supports SSO across applications within a single domain, such as *.mydomain.com. Crowd uses a browser cookie to manage SSO. Because your browser limits cookie access to hosts in the same domain, this means that all applications participating in SSO must be in the same domain.
Example 1: If you wish to have single sign-on (SSO) support for *.mydomain.com, you will need to configure the SSO domain in Crowd as .mydomain.com — including the full stop ('.') at the beginning. All your Crowd-connected applications must be in the same domain.

Like
SUNIL SABALE
SUNIL SABALE December 5, 2017

I tried with the above approach. My bitbucket is https://git.xyz.co.uk  and my JIRA is http://jira.xyz.co.uk

 

And i configured SSO domain as .xyz.co.uk  but still SSO is not working.

 

SSO is working fine if I configured SSO domain as internal domain andd access sites with internal URL. 

But its not working in case of external URL.

The thing is im accessing bitbucket over https and jira over http. 

and "secure SSo cookie" in cowd is disabled by default

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events