Crowd SSO with 2 instances of Jira -- one behind firewall, one not.


Here is what I am trying to do -- I want to run Crowd and one version of Jira behind a firewall, and have a 2nd external version of Jira. Basically the "internal" version of Jira would be for internal customers, and the external version of jira would be for external customers.

I've been able to get SSO to work with crowd internally --- but I am not sure how to approach it when one instance is internal, and the external.

Is this even possible?

If not, what if both Jira instances are behind the firewall, but we have proxies set-up in the DMZ -- could we get then get SSO to work?

Any tips/advice appreciated.

1 answer

1 accepted

0 votes
Accepted answer

Are all users within the same directory in Crowd? Since directory id is used as a validation factor when creating the crowd token (the crowd token is used for SSO).

If this is the case, this should be a no-brainer and pretty straight forward. The other issue is that they need to be on the same parent domain, since Crowd uses cookies to provide SSO.

So there would be a cookie created with the domain of *

These are probably the two biggest issues that you would need to validate.

Suggest an answer

Log in or Sign up to answer
Community showcase
Asked Thursday in Jira Ops

I'm John Allspaw, Ask Me Anything about incident analysis and postmortems

I'm John Allspaw, co-founder of   Adaptive Capacity Labs, where we help teams use their incidents to learn and improve. We bring research-driven methods and approaches to drive effective inciden...

5,467 views 21 17
View question

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you