Connect to Atlassian Crowd
By default, Deploy authenticates users and retrieves authorization information from its repository. Deploy can also be configured to use an Atlassian Crowd repository to authenticate users and to retrieve role (group) membership. In this scenario, the Atlassian Crowd users and groups are used as principals in Deploy and can be mapped to Deploy roles. Role membership and rights assigned to roles are stored in the Deploy repository.
Deploy treats the Atlassian Crowd as read-only. This means that Deploy will use the information from the Atlassian Crowd, but can not make changes to that information.
To configure Deploy to use an Atlassian Crowd, you must change the security configuration file (deployit-security.xml
).
This is a step-by-step procedure describing how to connect Deploy to your Atlassian Crowd.
Atlassian Crowd provided centralized authentication connectors for Spring Security are used for this integration.
Integration based on CrowdID is not supported.
Step 1 - Configure Atlassian Crowd to communicate with a Deploy Application
To configure Atlassian Crowd to receive authentication requests from Deploy:
- Add a Deploy application to Atlassian Crowd.
- Add and configure the directories that must be visible to Deploy.
- Add and map the groups which are allowed to authenticate with Deploy.
For more information, see Adding an Application.
Step 2 - Add the cache configuration file
Copy the following file into your XL_DEPLOY_SERVER_HOME/conf
directory:
Copy From | Copy To |
---|---|
CROWD/client/conf/crowd-ehcache.xml | XL_DEPLOY_SERVER_HOME/conf/crowd-ehcache.xml |
This file can be adjusted to change the cache behavior.
Step 3 - Configure the Atlassian Crowd Spring Security connector properties
The Atlassian Crowd Spring Security connector needs to be configured with the details of the Atlassian Crowd server.
- Copy the default
crowd.properties
file into yourXL_DEPLOY_SERVER_HOME/conf
directory:
Copy From | Copy To |
---|---|
CROWD/client/conf/crowd.properties | XL_DEPLOY_SERVER_HOME/conf/crowd.properties |
- Edit
crowd.properties
and populate the following fields appropriately:
Key | Value |
---|---|
application.name | Use the same application name that you used when adding the application to Atlassian Crowd. |
application.password | Use the same application password that you used when adding the application to Atlassian Crowd. |
crowd.server.url | URL to use when connecting with the integration libraries to communicate with the Atlassian Crowd server i.e. http://localhost:8095/crowd/services/ . |
session.validationinterval | This is the time interval between requests which validates whether the user is logged in or out of the Atlassian Crowd server. Set this value to 0, if you want authentication checks to occur on each request. Otherwise, set to the number of minutes you wish to wait between requests. Setting this value to 1 or higher will increase the performance of the Atlassian Crowd integration. |
For more information, see crowd.properties.
Step 4 - Add an Atlassian Crowd Authenticator
-
Add the following code in
deployit-security.xml
file:<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<import resource="xl-crowd-deploy-security.xml"/>
<bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
<property name="crowdClient" ref="crowdClient"/>
<property name="authorityPrefix" value=""/>
</bean>
<bean id="crowdAuthenticationProvider" class="com.xebialabs.deployit.security.authentication.XLCrowdAuthenticationProvider">
<constructor-arg ref="crowdClient"/>
<constructor-arg ref="crowdHttpAuthenticator"/>
<constructor-arg ref="crowdUserDetailsService"/>
</bean>
</beans> -
Create a file—
xl-crowd-deploy-security.xml
— in the.conf
directory, and add the following code:<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<import resource="applicationContext-CrowdRestClient.xml"/>
<bean id="crowdSpringSessionConverterFactory"
class="com.xebialabs.deployit.security.crowd.CrowdSpringSessionConverterFactory"/>
</beans> -
Create a file—
applicationContext-CrowdRestClient.xml
— in the.conf
directory, and add the following code:
<?xml version="1.0" encoding="UTF-8"?>
< beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="resourceLocator" class="com.atlassian.crowd.service.client.ClientResourceLocator">
<constructor-arg value="crowd.properties"/>
</bean>
<bean id="clientProperties" class="com.atlassian.crowd.service.client.ClientPropertiesImpl" factory-method="newInstanceFromResourceLocator">
<constructor-arg type="com.atlassian.crowd.service.client.ResourceLocator" ref="resourceLocator"/>
</bean>
<bean id="crowdClientFactory" class="com.atlassian.crowd.integration.rest.service.factory.RestCrowdClientFactory"/>
<bean id="crowdClient" factory-bean="crowdClientFactory" factory-method="newInstance">
<constructor-arg ref="clientProperties"/>
</bean>
<bean id="validationFactorExtractor" class="com.atlassian.crowd.integration.http.util.CrowdHttpValidationFactorExtractorImpl" factory-method="getInstance"/>
<bean id="tokenHelper" class="com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelperImpl" factory-method="getInstance">
<constructor-arg ref="validationFactorExtractor"/>
</bean>
<bean id="crowdHttpAuthenticator" class="com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl">
<constructor-arg ref="crowdClient"/>
<constructor-arg ref="tokenHelper"/>
<constructor-arg ref="clientProperties"/>
</bean>
</beans>
- Restart Deploy and ensure that the server starts without any exceptions.
Step 5 - Add the user in Deploy
- Add the user as a principal in the Deploy GUI and assign the principal permission to the user. For more information see, Principals.
In Deploy, user principals are not case-sensitive.
- Log out, then verify that you can log in with the user.
Step 6 - Add the group in Deploy
- Add the group as a principal in the Deploy GUI and assign the principal permission to the group.
- Log out, then verify that you can log in with the user of a group.
For more information about this integration, see Integrating Crowd with Spring Security. Required artifacts are used from the Atlassian public Maven repository.