Redirect crowd to https

Hello,

how can i redirect to https?

In the server.xml i configured an http connector on Port 8095, redirect Port 443 and proxyname, proxyport, scheme.

In the web.xml security constraints are inserts with pattern /* or /crowd/*

The apache http server listen on Port 80 and 443 with proxy to Port 8095.

Any ideas?

Best regards

Falk

1 answer

0 vote
Ann Worley Atlassian Team Sep 14, 2017

Hi Falk,

I understand you want tomake sure all traffic to your Crowd server goes through https (SSL).

To redirect at the Apache proxy, please see: Redirect Request to SSL and Redirect.

To redirect at the Tomcat level, please make sure you are editing the web.xml at <Crowd_install>/crowd-webapp/WEB-INF and not the one at <Crowd_install>/apache-tomcat/conf. 

Add the following declaration to the end of the file, before the </web-app>tag:

<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted URLs</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Crowd will have to be restarted to pick up the change to the web.xml.

I look forward to hearing whether either of these redirect methods work for you.

Thanks,

Ann

Hello,

I know this question is semi-old, but it's a top hit on google and wanted to provide some more guidance here

This "works" but only for when you visit the actual crowd webapp at http://<server>/crowd

It does not apply to the main landing page of crowd (i.e. the tomcat ROOT page) at http://<server>/

This is because the Crowd root page, as well as the openidserver and openidclient applications are each considered a separate webapp by Tomcat, and therefore each one has its own web.xml which you have to edit and add this block of configuration text into.

So, in total you have to edit a whole bunch of web.xml files if you want to ensure that all Crowd pages are always served over HTTPS:

  • ${CROWD_DIR}/apache-tomcat/webapps/ROOT/WEB-INF/web.xml
  • ${CROWD_DIR}/crowd-webapp/WEB-INF/web.xml
  • ${CROWD_DIR}/crowd-openidclient-webapp/WEB-INF/web.xml
  • ${CROWD_DIR}/crowd-openidserver-webapp/WEB-INF/web.xml

You also need to ensure that in your tomcat Connectors in ${CROWD_DIR}/apache-tomcat/conf/server.xml has valid values for redirectPort (typically 443 or 8443 for HTTPS).

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Feb 27, 2018 in Crowd

The Crowd team is looking for feedback on Server & Data Center customers' identity strategies!

Do you own more than one Server or Data Center product? Do you have challenges provisioning users across your Atlassian products? Are you spending a lot of time integrating each Atlassian product wit...

1,107 views 6 14
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you