Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,458,036
Community Members
 
Community Events
176
Community Groups

SSO: stash -- crowd console, works one way but not the other

Robert Withrow
Robert Withrow Jul 23, 2013
I have crowd and stash installed behind a Apached proxy, all operating on the same machine (with the same IP address). I've configured both according to all the documentation I can find. If I log into Crowd Console, SSO works fine on Stash. If I log into Stash, there is no SSO for Crowd Console (IOW, I have to log into Crowd Console even though I'm logged into Stash via Crowd). I'm at a loss how to fix this. Suggestions?
Answer
Watch
Like joe likes this
367 views

3 answers

1 accepted

0 votes
Answer accepted
Robert Withrow
Robert Withrow Jul 30, 2013

Apparently I wasn't correctly proxying in Apache. After I changed the proxy to be the following, everything worked.

ProxyRequests Off
    ProxyPreserveHost On

    ProxyPass /crowd  http://localhost:8095/crowd
    ProxyPassReverse /crowd  http://localhost:8095/crowd

    ProxyPass /stash http://localhost:7990/stash
    ProxyPassReverse /stash http://localhost:7990/stash

View More Comments
cofarrell
cofarrell Rising Star Aug 02, 2013

Hi Robert,

I just wanted to confirm. You managed to get SSO working?

Charles

Like
Reply
2 votes
Tiago Comasseto
Tiago Comasseto Rising Star Jul 25, 2013

Hi Robert,

The SSO configuration sometimes is tricky, but there are some key points that I'd suggest you to check, they are the following:

1. Ensure that the URLs being used to access each application and the SSO Domain value stored in Crowd are valid and match the pattern;
2. Ensure that all applications are using the Crowd authenticator at their WEB-INF/classes/seraph-config.xml files;
3. Ensure that the Directories that are assigned to each application in Crowd, If more than one, are in the exact same order;
4. If there are proxy servers being used between Crowd and the applications, make sure to add their IP addresses to theTrusted Proxy Servers list in Crowd.

I hope this information has helped.

Cheers

View More Comments
Robert Withrow
Robert Withrow Jul 30, 2013

Thanks. Here's what I've configured:

  1. The URLs are all D.C.B.A/X, like D.C.B.A/stash or D.C.B.A/crowd. The SSO Domain is D.C.B.A
  2. Stash doesn't use Seraph and doesn'thave a seraph-config.xml file.
  3. The directories are in the same order, but aren't identical. No users are shared between directories. IOW, user X exists in only one directory.
  4. There is a proxy server and its address in the Trusted Proxy Server's list, and also it is the same IP as each of the Atlassian applications which are standalone.

All of this was the existing configuration which had the problem described above. So none of this fixed the problem.

Like
Reply
0 votes
BernardoA
BernardoA Rising Star Jul 29, 2013

In addition, I'd suggest you specially to check if is correctly informed the application name in the crowd.properties file on your application.

Please check this documentation for more information:

https://confluence.atlassian.com/display/CROWD/Troubleshooting+SSO+with+Crowd

Bernardo

View More Comments
Robert Withrow
Robert Withrow Jul 30, 2013

Thanks. Yep, had did that already.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS

Atlassian Community Events

See all events