The wiki documentation (at least for JIRA and Confluence) suggests that we can't use Embedded Crowd if we want to use SSO. Instead, we must use seraph-config.xml and crowd.properties to specify our Crowd directory externally.
Is this really the case? Is there any way to use SSO with Embedded Crowd? If no, why not?
What kind of SSO are you talking about? Generally speaking, there shouldn't be any real reason why you can't have some SSO authenticator plugged-in to Confluence whilst your users are coming from an LDAP directory configured in Confluence (which is done via the 'embedded crowd' module).
There may be some features of the LDAP connection that may not be supported by the SSO authenticator.
For example, many customers using the Confluence SharePoint Connector have successfully configured an NTLM SSO Authenticator for Confluence, with the user accounts being pulled in from Active Directory via an embedded crowd LDAP connection. The "automatic group-joining on login" feature doesn't work with this authenticator, though.
I'm asking if there's any way to configure the Embedded Crowd client to use Seraph-based SSO to authenticate to a central Crowd server.
For example, if you read http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+JIRA you will see that the official way of connecting to JIRA to Crowd these days is to use the Embedded Crowd client. However, if you keep reading, you will see that the user is instructed to manually edit seraph-config.xml and crowd.properties files. These files (at least at the time I wrote the question above) are not recognized by JIRA's Embedded Crowd client.
The result is I must either choose between the integrated Embedded Crowd client with no Seraph SSO, and using the "old-fashioned" Crowd integration of manually copying files and editing configuration files.
My question is - will this ever be unified so Embedded Crowd clients support Crowd's Seraph SSO?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ah, I see what you mean! Sorry, my answer was off-track.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This is a great question. We are considering using Crowd as our SSO solution for Confluence. we would also like to find a solution to automatically add everyone into confluence-users group without having to manually add them or have the users log in. We already have our AD groups created in Confluence. Has anyone successfully altered or designated the confluence-user group to be one already in AD?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.