I have a JIRA CROWD installation with CROWD: JIRA, confluence, bitbucket, bamboo, fisheye, crucible, on Server 2008 R2. Users log onto ActiveDirectory then web interface to JIRA and use another name and password to authenticate to confluence, bitbucket, bamboo, fisheye, crucible.
How do I setup Crowd with ActiveDirectory to have the ActiveDirectory user name and password use the CROWD applications?
Is there a way that this will log , confluence, bitbucket, bamboo, fisheye, crucible in the Server 2008 R2 Event Logs?
I don't need SSL
Hello, I am headed into work to try this,
Re-reading your responses, I am looking for staff to login into ActiveDirectory (obviously authenticating with a user name and password), then accessing Confluence, Bitbucket, Bamboo, JIRA with their Windows Authentication, and not having to renter a second JIRA / Atlassian user name and password.
Adding any type of Active Directory LDAP connection will not so this alone, I need to:
1. Create the groups in AD and Add Users
Enabling SSO at the Atlassian JIRA Server
2. And get the IWAAC Kerberos SSO add-on
3. Then Crowd -> Active Directory and IWAAC -> Active Directory
Thank you sir
More precisely I would say
For steps 1 to 3, I suggest that you follow Atlassian's instructions for Crowd integration.
For step 4, please follow the instructions at https://www.cleito.com/products/iwaac/documentation/
We (at Cleito) will also be happy to assist you if you need help. Please contact us at email@example.com
My understanding is that you only want to see the "bitbucket-users" and "bibucket-administrators" groups in the Groups tab of your Active Directory connector in Crowd.
You just need to set the following filter in the Group object filter field of the Configuration tab:
One last question, if I may.
Can you assign rights with this? I you wanted some user to have Read only with bamboo, and one user to have Write with Bitbucket can you do that?
I guess what I am asking is how do you setup SSO rights in AD (I assume with GPO) and have those rights in Atlassian?
Yes, you can assign rights but it does not work the way you think.
Let's suppose you have Active Directory groups such as "bamboo-users", "bamboo-administrators", "bitbucket-users" and "bitbucket-administrators". You can configure Crowd so that only users who belong to the "bamboo-users" group will be able to log onto Bamboo, even if they previously got a Crowd SSO cookie when authenticating on Bitbucket.
You set up fine-grained rights such as the ones you mentioned in the applications themselves (e.g: read rights for "bamboo-users", read/write rights for "bamboo-administrators").
If you want Web SSO between your Atlassian applications (which means users log onto the Web interface of - let's say - JIRA and then are not asked to authenticate again on Confluence, Bitbucket etc.), you will need these applications to connect to a standalone Crowd server for user management (when reading your question, I thought you might be talking about Crowd embedded in Jira, which does not provide Web SSO).
Once done, if you still don't get Web SSO, that's probably because you forgot to enable SSO in the corresponding configuration file (seraph-config.xml for most applications). Please take a look at the following pages:
In addition, if you want "full" Windows desktop SSO (which means that your users log onto Windows and then can use Atlassian applications without being asked any username and password), you will need to get the following add-on: IWAAC Kerberos SSO
(Disclaimer: I work for the plugin's vendor)
You can see IWAAC in action in the following video:
Finally, to answer your last question, you can obviously follow LDAP (Crowd -> Active Directory) and Kerberos (IWAAC -> Active Directory) events in the Event Logs of your AD domain controller.