Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,464,370
Community Members
 
Community Events
176
Community Groups

Must we choose either Embedded Crowd or SSO?

The wiki documentation (at least for JIRA and Confluence) suggests that we can't use Embedded Crowd if we want to use SSO. Instead, we must use seraph-config.xml and crowd.properties to specify our Crowd directory externally.

Is this really the case? Is there any way to use SSO with Embedded Crowd? If no, why not?

2 answers

0 votes
Joe Clark Atlassian Team Dec 06, 2011

What kind of SSO are you talking about? Generally speaking, there shouldn't be any real reason why you can't have some SSO authenticator plugged-in to Confluence whilst your users are coming from an LDAP directory configured in Confluence (which is done via the 'embedded crowd' module).

There may be some features of the LDAP connection that may not be supported by the SSO authenticator.

For example, many customers using the Confluence SharePoint Connector have successfully configured an NTLM SSO Authenticator for Confluence, with the user accounts being pulled in from Active Directory via an embedded crowd LDAP connection. The "automatic group-joining on login" feature doesn't work with this authenticator, though.

I'm asking if there's any way to configure the Embedded Crowd client to use Seraph-based SSO to authenticate to a central Crowd server.

For example, if you read http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+JIRA you will see that the official way of connecting to JIRA to Crowd these days is to use the Embedded Crowd client. However, if you keep reading, you will see that the user is instructed to manually edit seraph-config.xml and crowd.properties files. These files (at least at the time I wrote the question above) are not recognized by JIRA's Embedded Crowd client.

The result is I must either choose between the integrated Embedded Crowd client with no Seraph SSO, and using the "old-fashioned" Crowd integration of manually copying files and editing configuration files.

My question is - will this ever be unified so Embedded Crowd clients support Crowd's Seraph SSO?

Joe Clark Atlassian Team Dec 06, 2011

Ah, I see what you mean! Sorry, my answer was off-track.

This is a great question. We are considering using Crowd as our SSO solution for Confluence. we would also like to find a solution to automatically add everyone into confluence-users group without having to manually add them or have the users log in. We already have our AD groups created in Confluence. Has anyone successfully altered or designated the confluence-user group to be one already in AD?

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events