I may be wrong, but the current Crowd based SSO uses replication to move user information around from the Crowd server to the client servers (JIRA, Confluence, Stash, etc.).
What would be ideal is for every authentication check in JIRA, Confluence, Stash, etc., instead of checking the local replicated copy of Crowd, the application makes a network call to the Crowd server to see if the username/password/group is valid. This way the applications don't work with stale data until the next replication update. This would be like how other applicaitons use LDAP/AD/NIS/etc. for authentication.
Do I have my SSO mis-configured? Is this possible? If not, can the powers that be make it so? Thanks.
You are correct in terms of how Crowd works. While there is no way to do what you are currently asking for, you can adjust the sync interval per: https://confluence.atlassian.com/display/JIRA/Synchronising+Data+from+External+Directories#SynchronisingDatafromExternalDirectories-ConfiguringtheSynchronisationInterval You can also disable caching between Crowd and your LDAP server per the instructions at: https://confluence.atlassian.com/display/CROWD/Configuring+Caching+for+an+LDAP+Directory
Just FYI, if you were to accomplish this, I would guess that our applications would slow to a crawl. They are designed to work with local caches to accelerate lookups, and network lookups are optimized for bulk updates.
You can try filing a feature request for this at: https://jira.atlassian.com/browse/CWD
According to my understanding your question is not related to SSO, but as Boris pointed out before, what you can try is to set the 'Synchronisation Interval' directly on the directory configuration screen.
You can create a feature request for this, but honestly I'm not sure if it'll be implemented.
Thanks. I guess this is a little disappointing. I don't know how often authentication events take place, but I would imagine it's when ever the user has entered a login/password. I wouldn't have thought that this would take up a lot of bandwidth or impact performance greatly. LDAP and other directory systems are all network based.
I knew I could change the sync time down. I'll bring it down to 1 minute, but still having a 1 minute lag seems kind of silly in this day of instant updates.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot