We have a local JIRA instance with its own internal directory for authentication & authorization and now planning to upgrade to Crowd. While integrating with Crowd (evaluation product), I faced some issues and I hope to get some help from this group for the same.

Existing JIRA setting (i.e., before installing Crowd)

A. It uses its own internal database /directory for authentication and authorization (later I updated this for Crowd integration)

B. It has all Jira groups: jira_users, jira_developers & jira_administrator and all groups, including jira_adminstrator, have more than one user

C. I am part of all groups.

Steps followed in installing and configuring Crowd:

1. Installed evaluation copy of Crowd with its own embedded database on a separate machine (where Jira is NOT running)

2. - Created Active Directory group link

3. - Added a Crowd connector in ‘User Directories’ of existing Jira (but did not configure for SSO);

4. - Added a Jira application in Crowd and pointed it to our existing Jira (specified in the above step)

5. - Configured the AD group (created in step 2) for the Jira application configured in step 4; authentication is like this: anyone in this configured AD group is allowed to access the Jira application

6. - From Crowd, ran an authentication test with my windows credentials and it passed

Problem:

Although authentication test passed from Crowd, I am unable to login to Jira using windows credentials; I am always getting "user name and password are wrong" error message!

Can anyone tell me what is the mistake that I did and how to correct? In addition to this problem, I would also like to get clarification for following questions:

1. After Crowd integration, we want people from our local Jira groups (i.e. already existing people in jira_users jira_developers and jira_administrators in our local instance of JIRA) only to access our Jira but not everyone in the configured AD. How can I achieve this?

2. One of our products deal with Jira programmatically. After this Crowd integration, will there be any change with respect to authentication and authorization from our product perspective? (i.e., can users continue using our product with AD credentials without making any changes to our product (at present users are using JIRA managed credentials).

Observations:

1. After adding AD link in the Crowd, I am able to view users in that AD but not groups. Because of this, while configuring Jira application, I could not set specific group of people to access the application (and hence I allowed everyone in that AD)

=== Directories configured ===

Directory ID: 1

Name: JIRA Internal Directory

Active: true

Type: INTERNAL

Created date: Wed Feb 27 16:58:19 IST 2013

Updated date: Wed Feb 27 16:58:19 IST 2013

Allowed operations: [CREATE_GROUP, CREATE_ROLE, CREATE_USER, DELETE_GROUP, DELETE_ROLE, DELETE_USER, UPDATE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_ROLE, UPDATE_ROLE_ATTRIBUTE, UPDATE_USER, UPDATE_USER_ATTRIBUTE]

Implementation class: com.atlassian.crowd.directory.InternalDirectory

Encryption type: atlassian-security

Attributes:

"user_encryption_method": "atlassian-security"

Directory ID: 10000

Name: Crowd Server

Active: true

Type: CROWD

Created date: Wed Jul 03 11:42:34 IST 2013

Updated date: Thu Jul 04 10:48:33 IST 2013

Allowed operations: [UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE]

Implementation class: com.atlassian.crowd.directory.RemoteCrowdDirectory

Encryption type: null

Attributes:

"application.name": "myTestApplication"

"application.password": (not shown)

"com.atlassian.crowd.directory.sync.currentstartsynctime": "null"

"com.atlassian.crowd.directory.sync.issynchronising": "false"

"com.atlassian.crowd.directory.sync.lastdurationms": "563"

"com.atlassian.crowd.directory.sync.laststartsynctime": "1372915112566"

"crowd.server.url": "http://myServer:8095/crowd/"

"crowd.sync.incremental.enabled": "true"

"directory.cache.synchronise.interval": "3600"

"useNestedGroups": "false"