Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

CROWD sso doesnt work across different directories

SUNIL SABALE
SUNIL SABALE November 29, 2017

I have JIRA and Confluence. I want SSO among both. So I configured Crowd. I created 2 Directories in crowd

1. JIRA directory

--Getting some users and groups from AD

2.Confluence directory.

--Getting some users and groups from AD

 

I configured 2 Applications inside crowd

1.JIRA App--Uses JIRA directory

2.Confluence App--Uses Confluence directory

 

I configured crowd directory in both applications to fetch users and groups.

Authentication works fine for both.

The problem is SSO doesnt work even if the user names are same.

 

So I tried configuring only single directory for both applications in crowd.

This time SSO worked.

 

The only problem is if Im using same directory for both applications in crowd, both applications will fetch all groups and users

I mean inside JIRA application, confluence groups will also be visible and vice versa.

 

Answer
Watch
Like Be the first to like this
721 views

1 answer

1 accepted

0 votes
Answer accepted
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 29, 2017

Thank you for the clear and detailed description.

For the users needing to be in the same Directory in Crowd to work with SSO, this is expected behavior: Troubleshooting SSO with Crowd 

Inside of Crowd, ensure that each application is configured to use the same user directory. SSO will not work if you log in to Confluence through one user directory, but JIRA through a different user directory, even if the usernames are identical.

When configuring the applications in Crowd you can limit the logon to members of certain groups. Specifying which Groups can access an Application This does not prevent usernames and groups from appearing in the client application. However, for the most part only administrators will see the groups from the other applications so it doesn't impact most users.

 
View More Comments
SUNIL SABALE
SUNIL SABALE November 29, 2017

Thanks Ann

Yes I can limit the logons to the specific users specifying which group can access application.

So does that means the Application Access permission configured at application level will not affect?

Like
SUNIL SABALE
SUNIL SABALE November 29, 2017

Another thing is cant we not restrict only JIRA specific groups in JIRA and Confluence specific groups in confluence by any other means?

 

Thanks again

Like
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 30, 2017

A user need the permission in Crowd to log into a particular application but they also need permissions in the application itself. For example, if you had a user in a group in Crowd that was designated for logging into Confluence they could get past the login screen in Confluence, but without the Can Use global permission in Confluence they would see a "not permitted" page instead of the dashboard.

When you synchronize a Crowd directory with an application, it picks up all the groups. We suggested a change to this behavior but it was closed as "won't fix" : jira fetches ALL groups from Crowd instead of just those in the crowd group definition for the application

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events