Crowd Network Based SSO

I may be wrong, but the current Crowd based SSO uses replication to move user information around from the Crowd server to the client servers (JIRA, Confluence, Stash, etc.).

What would be ideal is for every authentication check in JIRA, Confluence, Stash, etc., instead of checking the local replicated copy of Crowd, the application makes a network call to the Crowd server to see if the username/password/group is valid. This way the applications don't work with stale data until the next replication update. This would be like how other applicaitons use LDAP/AD/NIS/etc. for authentication.

Do I have my SSO mis-configured? Is this possible? If not, can the powers that be make it so? Thanks.

-Ernie

3 answers

1 accepted

This widget could not be displayed.
Boris Berenberg Community Champion Aug 05, 2013

Hi Ernie,

You are correct in terms of how Crowd works. While there is no way to do what you are currently asking for, you can adjust the sync interval per: https://confluence.atlassian.com/display/JIRA/Synchronising+Data+from+External+Directories#SynchronisingDatafromExternalDirectories-ConfiguringtheSynchronisationInterval You can also disable caching between Crowd and your LDAP server per the instructions at: https://confluence.atlassian.com/display/CROWD/Configuring+Caching+for+an+LDAP+Directory

Just FYI, if you were to accomplish this, I would guess that our applications would slow to a crawl. They are designed to work with local caches to accelerate lookups, and network lookups are optimized for bulk updates.

You can try filing a feature request for this at: https://jira.atlassian.com/browse/CWD

Cheers,
Boris

This widget could not be displayed.

According to my understanding your question is not related to SSO, but as Boris pointed out before, what you can try is to set the 'Synchronisation Interval' directly on the directory configuration screen.

You can create a feature request for this, but honestly I'm not sure if it'll be implemented.

Bernardo

This widget could not be displayed.

Thanks. I guess this is a little disappointing. I don't know how often authentication events take place, but I would imagine it's when ever the user has entered a login/password. I wouldn't have thought that this would take up a lot of bandwidth or impact performance greatly. LDAP and other directory systems are all network based.

I knew I could change the sync time down. I'll bring it down to 1 minute, but still having a 1 minute lag seems kind of silly in this day of instant updates.

Thanks.

-Ernie

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

197 views 1 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you