Version: Deploy 22.2

Connect to Atlassian Crowd

This topic provides a step-by-step guide on connecting Deploy to your Atlassian Crowd instance.

By default, Deploy authenticates users and retrieves authorization information from its repository. Deploy can also be configured to use an Atlassian Crowd repository to authenticate users and to retrieve role (group) membership. In this scenario, the Atlassian Crowd users and groups are used as principals in Deploy and can be mapped to Deploy roles. Role membership and rights assigned to roles are stored in the Deploy repository.

Deploy treats the Atlassian Crowd as read-only. This means that Deploy will use the information from the Atlassian Crowd, but can not make changes to that information.

To configure Deploy to use an Atlassian Crowd, you must change the security configuration file (deployit-security.xml).

Note: Atlassian Crowd provided centralized authentication connectors for Spring Security are used for this integration.

Important: Integration based on CrowdID is not supported.

Step 1 - Configure Atlassian Crowd to communicate with a Deploy Application

To configure Atlassian Crowd to receive authentication requests from Deploy:

Add a Deploy application to Atlassian Crowd.
Add and configure the directories that must be visible to Deploy.
Add and map the groups which are allowed to authenticate with Deploy.

For more information, see Adding an Application.

Step 2 - Add the cache configuration file

Copy the following file into your XL_DEPLOY_SERVER_HOME/conf directory:

Copy From	Copy To
`CROWD/client/conf/crowd-ehcache.xml`	`XL_DEPLOY_SERVER_HOME/conf/crowd-ehcache.xml`

This file can be adjusted to change the cache behavior.

Step 3 - Configure the Atlassian Crowd Spring Security connector properties

The Atlassian Crowd Spring Security connector needs to be configured with the details of the Atlassian Crowd server.

Copy the default crowd.properties file into your XL_DEPLOY_SERVER_HOME/conf directory:

Copy From	Copy To
`CROWD/client/conf/crowd.properties`	`XL_DEPLOY_SERVER_HOME/conf/crowd.properties`

Edit crowd.properties and populate the following fields appropriately:

Key	Value
`application.name`	Use the same application name that you used when adding the application to Atlassian Crowd.
`application.password`	Use the same application password that you used when adding the application to Atlassian Crowd.
`crowd.server.url`	URL to use when connecting with the integration libraries to communicate with the Atlassian Crowd server i.e. `http://localhost:8095/crowd/services/`.
`session.validationinterval`	This is the time interval between requests which validates whether the user is logged in or out of the Atlassian Crowd server. Set this value to 0, if you want authentication checks to occur on each request. Otherwise, set to the number of minutes you wish to wait between requests. Setting this value to 1 or higher will increase the performance of the Atlassian Crowd integration.

For more information, see crowd.properties.

Step 4 - Add an Atlassian Crowd Authenticator

Add the following code in deployit-security.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <import resource="xl-crowd-deploy-security.xml"/>
    <bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
        <property name="crowdClient" ref="crowdClient"/>
        <property name="authorityPrefix" value=""/>
    </bean>
    <bean id="crowdAuthenticationProvider" class="com.xebialabs.deployit.security.authentication.XLCrowdAuthenticationProvider">
        <constructor-arg ref="crowdClient"/>
        <constructor-arg ref="crowdHttpAuthenticator"/>
        <constructor-arg ref="crowdUserDetailsService"/>
    </bean>    
</beans>

Create a file—xl-crowd-deploy-security.xml— in the .conf directory, and add the following code:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

  <import resource="applicationContext-CrowdRestClient.xml"/>
  <bean id="crowdSpringSessionConverterFactory"
       class="com.xebialabs.deployit.security.crowd.CrowdSpringSessionConverterFactory"/>
 </beans>

Create a file—applicationContext-CrowdRestClient.xml— in the .conf directory, and add the following code:

    <?xml version="1.0" encoding="UTF-8"?>
   <    beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
                            http://www.springframework.org/schema/beans/spring-beans.xsd">

        <bean id="resourceLocator" class="com.atlassian.crowd.service.client.ClientResourceLocator">
        <constructor-arg value="crowd.properties"/>
        </bean>

        <bean id="clientProperties" class="com.atlassian.crowd.service.client.ClientPropertiesImpl" factory-method="newInstanceFromResourceLocator">
        <constructor-arg type="com.atlassian.crowd.service.client.ResourceLocator" ref="resourceLocator"/>
        </bean>

        <bean id="crowdClientFactory" class="com.atlassian.crowd.integration.rest.service.factory.RestCrowdClientFactory"/>

        <bean id="crowdClient" factory-bean="crowdClientFactory" factory-method="newInstance">
        <constructor-arg ref="clientProperties"/>
        </bean>

        <bean id="validationFactorExtractor" class="com.atlassian.crowd.integration.http.util.CrowdHttpValidationFactorExtractorImpl" factory-method="getInstance"/>

        <bean id="tokenHelper" class="com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelperImpl" factory-method="getInstance">
        <constructor-arg ref="validationFactorExtractor"/>
        </bean>

        <bean id="crowdHttpAuthenticator" class="com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl">
            <constructor-arg ref="crowdClient"/>
            <constructor-arg ref="tokenHelper"/>
            <constructor-arg ref="clientProperties"/>
        </bean>
    </beans>

Restart Deploy and ensure that the server starts without any exceptions.

Step 5 - Add the user in Deploy

Add the user as a principal in the Deploy GUI and assign the principal permission to the user. For more information see, Principals.

Note: In Deploy, user principals are not case-sensitive.
Log out, then verify that you can log in with the user.

Step 6 - Add the group in Deploy

Add the group as a principal in the Deploy GUI and assign the principal permission to the group.
Log out, then verify that you can log in with the user of a group.

Note: For more information about this integration, see Integrating Crowd with Spring Security. Required artifacts are used from the Atlassian public Maven repository.

Step 1 - Configure Atlassian Crowd to communicate with a Deploy Application​

Step 2 - Add the cache configuration file​

Step 3 - Configure the Atlassian Crowd Spring Security connector properties​

Step 4 - Add an Atlassian Crowd Authenticator​

Step 5 - Add the user in Deploy​

Step 6 - Add the group in Deploy​