Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,296,269
Community Members
 
Community Events
165
Community Groups

Must we choose either Embedded Crowd or SSO?

The wiki documentation (at least for JIRA and Confluence) suggests that we can't use Embedded Crowd if we want to use SSO. Instead, we must use seraph-config.xml and crowd.properties to specify our Crowd directory externally.

Is this really the case? Is there any way to use SSO with Embedded Crowd? If no, why not?

2 answers

0 votes
Joe Clark Atlassian Team Dec 06, 2011

What kind of SSO are you talking about? Generally speaking, there shouldn't be any real reason why you can't have some SSO authenticator plugged-in to Confluence whilst your users are coming from an LDAP directory configured in Confluence (which is done via the 'embedded crowd' module).

There may be some features of the LDAP connection that may not be supported by the SSO authenticator.

For example, many customers using the Confluence SharePoint Connector have successfully configured an NTLM SSO Authenticator for Confluence, with the user accounts being pulled in from Active Directory via an embedded crowd LDAP connection. The "automatic group-joining on login" feature doesn't work with this authenticator, though.

I'm asking if there's any way to configure the Embedded Crowd client to use Seraph-based SSO to authenticate to a central Crowd server.

For example, if you read http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+JIRA you will see that the official way of connecting to JIRA to Crowd these days is to use the Embedded Crowd client. However, if you keep reading, you will see that the user is instructed to manually edit seraph-config.xml and crowd.properties files. These files (at least at the time I wrote the question above) are not recognized by JIRA's Embedded Crowd client.

The result is I must either choose between the integrated Embedded Crowd client with no Seraph SSO, and using the "old-fashioned" Crowd integration of manually copying files and editing configuration files.

My question is - will this ever be unified so Embedded Crowd clients support Crowd's Seraph SSO?

Joe Clark Atlassian Team Dec 06, 2011

Ah, I see what you mean! Sorry, my answer was off-track.

This is a great question. We are considering using Crowd as our SSO solution for Confluence. we would also like to find a solution to automatically add everyone into confluence-users group without having to manually add them or have the users log in. We already have our AD groups created in Confluence. Has anyone successfully altered or designated the confluence-user group to be one already in AD?

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Jira Service Management

Jira Service Management Documentation Opportunities

Hello everyone, Hope everyone is safe! A few months ago we posted an article sharing all the new articles and documentation that we, the AMER Jira Service Management team created. As mentioned ...

315 views 0 10
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you