fisheye&crecible 集成crowd单点登录登录

转载 2017年01月19日 14:38:45

Connecting to Crowd

You can configure FishEye to use Atlassian Crowd for user and group management, and for authentication and authorization.

Atlassian Crowd is an application security framework that handles authentication and authorization for your web-based applications. With Crowd you can integrate multiple web applications and user directories, with support for single sign-on (SSO) and centralized identity management. See the Crowd Administration Guide.

Connect to Crowd if you want to use Crowd to manage existing users and groups in multiple directory types, or if you have users of other web-based applications.

Connecting FishEye to your external directory is not sufficient to allow your users to log in to FishEye. You must explicitly grant them access in the global permission screen.

To connect FishEye to Crowd:

  1. Log in as a user with 'Admin' permission.
  2. In the FishEye administration area, click User Directories (under 'Security Settings').
  3. Click Add Directory and select Atlassian Crowd.
  4. Enter settings, as described below.
  5. Test and save the directory settings.
  6. Define the directory order, on the Directories tab, by clicking the blue up- and down-arrows next to each directory. The directory order has the following effects:
    • The order of the directories is the order in which they will be searched for users and groups.
    • Changes to users and groups will be made only in the first directory where the application has permission to make changes.

Server settings




A meaningful name that will help you to identify this Crowd server amongst your list of directory servers. Examples:

  • Crowd Server
  • Example Company Crowd

Server URL

The web address of your Crowd console server. Examples:


Application Name

The name of your application, as recognized by your Crowd server. Note that you will need to define the application in Crowd too, using the Crowd administration Console. See the Crowd documentation on adding an application.

Application Password

The password which the application will use when it authenticates against the Crowd framework as a client. This must be the same as the password you have registered in Crowd for this application. See the Crowd documentation on adding an application.

Crowd permissions

FishEye offers Read Only permissions for Crowd directories. The users, groups and memberships in Crowd directories are retrieved from Crowd and can only be modified from Crowd. You cannot modify Crowd users, groups or memberships using the FishEye administration screens.

Advanced settings



Enable Nested Groups

Enable or disable support for nested groups. Before enabling nested groups, please check to see if the user directory or directories in Crowd support nested groups. When nested groups are enabled, you can define a group as a member of another group. If you are using groups to manage permissions, you can create nested groups to allow inheritance of permissions from one group to its sub-groups.

Enable Incremental Synchronization Enable or disable incremental synchronization. Only changes since the last synchronization will be retrieved when synchronizing a directory. Note that full synchronization is always executed when restarting FishEye.

Synchronization Interval (minutes)

Synchronization is the process by which the application updates its internal store of user data to agree with the data on the directory server. The application will send a request to your directory server every x minutes, where 'x' is the number specified here. The default value is 60 minutes.

Single sign-on (SSO) with Crowd

Once the Crowd directory has been set up, you can enable or disable Crowd SSO integration by adding the following setting to your $FISHEYE_INST/config.xml file (you can create missing xml nodes if they don't exist yet). SSO is disabled by default, if not configured in config.xml.

    <security allow-anon="false" allow-cru-anon="false">
                <signup enabled="true"/>
        <crowd sso-enabled="true"/>

Note that you will need to correctly set up the domains of the applications involved in SSO. See Crowd SSO Domain examples.

Using multiple directories

When FishEye is connected to Crowd you can map FishEye to multiple user directories in Crowd.

For Crowd 2.8, and later versions, there are two different membership schemes that Crowd can use when multiple directories are mapped to an integrated application, and duplicate user names and group names are used across those directories. The schemes are called 'aggregating membership' and 'non-aggregating membership' and are used to determine the effective group memberships that FishEye uses for authorization. See Effective memberships with multiple directories for more information about these two schemes in Crowd.

Note that:

  • Authentication, for when FishEye is mapped to multiple directories in Crowd, only depends on the mapped groups in those directories – the aggregation scheme is not involved at all. 
  • For inactive users, FishEye only checks if the user is active in the first (highest priority) directory in which they are found to determine authentication. The membership schemes described above are not used when Crowd determines if a user should have access to FishEye.
  • When a user is added to a group, they are only added to the first writeable directory available, in priority order.
  • When a user is removed from a group, they are only removed from the group in the first directory the user appears in, when non-aggregating membership is used. With aggregating membership, they are removed from the group in all directories the user exists in.

An administrator can set the aggregation scheme that FishEye uses when integrated with Crowd. Go to the Directories tab for the FishEye instance in Crowd, and check Aggregate group memberships across directories to use the 'aggregating membership' scheme. When the checkbox is clear 'non-aggregating membership' is used.

Note that changing the aggregation scheme can affect the authorization permissions for your FishEye users, and how directory update operations are performed.


  • 2015年02月09日 11:15
  • 133KB
  • 下载

JIRA confluence 集成crowd单点登录

2.2 Configure JIRA to use Crowd's Authenticator to enable SSO (Optional) At this stage, JIRA is set...
  • zhaosenoo
  • zhaosenoo
  • 2017年01月19日 15:00
  • 1222

Atlassian Crowd实现JIRA、Confluence、Bamboo和Fisheye and Crucible单点登录

Atlassian的单点登录涉及到如下产品: Crowd,单点登录,用户管理; JIRA,任务跟踪; Confluence,需求管理; Bamboo,可持续构建; FeCru,代码库管理、代码评审; ...
  • yieryi_
  • yieryi_
  • 2015年10月08日 18:16
  • 2937


1.      Crowd认证所需类 和Crowd集成需要crowd-integration-client-xxx.jar类包,如果没有,从standalone版本复制一份到jira和Conflue...
  • lyb3290
  • lyb3290
  • 2016年06月03日 16:06
  • 2692


单点登录:(Single Sign On),简称为 SSO,是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。 单点...
  • xinfei0803
  • xinfei0803
  • 2013年06月21日 18:10
  • 4349

gerrit与crowdid, openid集成,设置openIdSsoUrl 直接登录

gerrit 版本为2.7 gerrit验证方式选择 OPENID_SSO,使用的是crowdid做为用户验证服务。 进入gerrit安装目录: cd review_site/etc/ ...
  • wyk86485481
  • wyk86485481
  • 2016年09月22日 09:43
  • 349


为了迎合公司互联网化经营,业务部门均纷纷上马了互联网的项目,部门应用之间各自为政,无法形成公司整体品牌效应,以及影响用户体验,故,有了以下的单点登录集成方案。 概述 整合集成公司各...
  • zhangjin530
  • zhangjin530
  • 2017年02月10日 14:38
  • 683


本文与crowd单点登录1 略有重复之处,读者自己甄别。 本文依然是从服务器的安装开始讲起,至于破解方式,参见拙文:crowd单点登录1。 第一章 安装crowd服务器 第一步 填写title ...
  • xinfei0803
  • xinfei0803
  • 2013年12月18日 11:59
  • 2849

confidence + jira + crowd + gitlab整合

如题:confidence + jira + crowd + gitlab整合 版本: atlassian-confluence-5.9.12-x64.exe    团队文档管理知识分享 atl...
  • openownworld
  • openownworld
  • 2016年07月15日 14:44
  • 3362


鉴于目前没有针对Crowd、Confluence、Jira安装、集成和破解最新的方法,总结今天安装、破解及集成的经验,编写此文,方便大家进行配置也方便自己以后参考。 准备工作: 安装Oracle1...
  • bible521125
  • bible521125
  • 2015年06月30日 09:34
  • 1092
您举报文章:fisheye&crecible 集成crowd单点登录登录