The wiki documentation (at least for JIRA and Confluence) suggests that we can't use Embedded Crowd if we want to use SSO. Instead, we must use seraph-config.xml and crowd.properties to specify our Crowd directory externally.
Is this really the case? Is there any way to use SSO with Embedded Crowd? If no, why not?
This is a great question. We are considering using Crowd as our SSO solution for Confluence. we would also like to find a solution to automatically add everyone into confluence-users group without having to manually add them or have the users log in. We already have our AD groups created in Confluence. Has anyone successfully altered or designated the confluence-user group to be one already in AD?
What kind of SSO are you talking about? Generally speaking, there shouldn't be any real reason why you can't have some SSO authenticator plugged-in to Confluence whilst your users are coming from an LDAP directory configured in Confluence (which is done via the 'embedded crowd' module).
There may be some features of the LDAP connection that may not be supported by the SSO authenticator.
For example, many customers using the Confluence SharePoint Connector have successfully configured an NTLM SSO Authenticator for Confluence, with the user accounts being pulled in from Active Directory via an embedded crowd LDAP connection. The "automatic group-joining on login" feature doesn't work with this authenticator, though.
I'm asking if there's any way to configure the Embedded Crowd client to use Seraph-based SSO to authenticate to a central Crowd server.
For example, if you read http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+JIRA you will see that the official way of connecting to JIRA to Crowd these days is to use the Embedded Crowd client. However, if you keep reading, you will see that the user is instructed to manually edit seraph-config.xml and crowd.properties files. These files (at least at the time I wrote the question above) are not recognized by JIRA's Embedded Crowd client.
The result is I must either choose between the integrated Embedded Crowd client with no Seraph SSO, and using the "old-fashioned" Crowd integration of manually copying files and editing configuration files.
My question is - will this ever be unified so Embedded Crowd clients support Crowd's Seraph SSO?
For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events