Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Must we choose either Embedded Crowd or SSO?

Michael Downey September 18, 2011

The wiki documentation (at least for JIRA and Confluence) suggests that we can't use Embedded Crowd if we want to use SSO. Instead, we must use seraph-config.xml and crowd.properties to specify our Crowd directory externally.

Is this really the case? Is there any way to use SSO with Embedded Crowd? If no, why not?

2 answers

0 votes
Joe Clark
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 6, 2011

What kind of SSO are you talking about? Generally speaking, there shouldn't be any real reason why you can't have some SSO authenticator plugged-in to Confluence whilst your users are coming from an LDAP directory configured in Confluence (which is done via the 'embedded crowd' module).

There may be some features of the LDAP connection that may not be supported by the SSO authenticator.

For example, many customers using the Confluence SharePoint Connector have successfully configured an NTLM SSO Authenticator for Confluence, with the user accounts being pulled in from Active Directory via an embedded crowd LDAP connection. The "automatic group-joining on login" feature doesn't work with this authenticator, though.

Michael Downey December 6, 2011

I'm asking if there's any way to configure the Embedded Crowd client to use Seraph-based SSO to authenticate to a central Crowd server.

For example, if you read http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+JIRA you will see that the official way of connecting to JIRA to Crowd these days is to use the Embedded Crowd client. However, if you keep reading, you will see that the user is instructed to manually edit seraph-config.xml and crowd.properties files. These files (at least at the time I wrote the question above) are not recognized by JIRA's Embedded Crowd client.

The result is I must either choose between the integrated Embedded Crowd client with no Seraph SSO, and using the "old-fashioned" Crowd integration of manually copying files and editing configuration files.

My question is - will this ever be unified so Embedded Crowd clients support Crowd's Seraph SSO?

Joe Clark
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 6, 2011

Ah, I see what you mean! Sorry, my answer was off-track.

0 votes
Konnie McCauley December 6, 2011

This is a great question. We are considering using Crowd as our SSO solution for Confluence. we would also like to find a solution to automatically add everyone into confluence-users group without having to manually add them or have the users log in. We already have our AD groups created in Confluence. Has anyone successfully altered or designated the confluence-user group to be one already in AD?

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events