Search


Cloud customer?
Upgrade in MyJFrog >


Working with an older version?

JFrog Artifactory 6.x
JFrog Xray 2.x
JFrog Mission Control 3.x
JFrog Distribution 1.x
JFrog Enterprise+ (Pre-Platform Release)




Overview

The integration between JFrog Platform Deployment (JPD) and Crowd/JIRA allows you to delegate authentication requests to Atlassian Crowd/JIRA, use authenticated Crowd/JIRA users and have the JPD participate in a transparent SSO environment managed by Crowd/JIRA.

Page Contents



Usage

Crowd integration can then be configured in the Administration module under Security | Crowd / JIRA.

Field NameDescription
Enable Crowd / JIRA Users Management Integration
Select checkbox to enable security integration with Atlassian Crowd or JIRA.
User Management Server
Select which User Management Server you are using.
Server URL
The full URL of the server to use.
Application Name
The application name configured for JPD in Crowd/JIRA.
Application Password
The application password configured for JPD in Crowd/JIRA.
Session Validation Interval
The time window, in minutes, in which the session does not need to be revalidated.
Use Default Proxy Configuration
If this checkbox is set and a default proxy definition exists, it is used to pass through to the Crowd/JIRA Server.
Auto Create System Users

When automatic user creation is off, authenticated users will not be automatically. Instead, for every request from a Crowd/JIRA user, the user is temporarily associated with default groups (if such groups are defined), and the permissions for these groups applies.

Without automatic user creation, you will need to manually create the user in the system in order to manage user permissions that are not attached to his default groups.

Allow Created Users Access To Profile Page
Allows new users who were created by logging in to the JPD via Crowd to access their profile page.

To enable Crowd/JIRA integration:

  1. Select which User Management Server you are using. If you select JIRA, SSO will be disabled since it's not supported by JIRA.
  2. Define JFrog as a Custom Application Client inside Crowd. 
  3. Complete the Crowd server URL, and the application credentials defined in Step 1.
  4. The session validation interval defines the principal token validity time in minutes. If left at the default of 0, the token expires only when the session expires.
  5. If you are using JIRA User Server provide the URL in the "Crowd Server URL" and check the "Use JIRA User Server". This will disable SSO, which is not supported by JIRA.
  6. If you have a proxy server between the JPD server and the Crowd server, you may set the Use Default Proxy Configuration check-box.
  7. You may instruct JPD to treat externally authenticated users as temporary users, so that JPD does not automatically create them in its security store. In this case, permissions for such users are based on the permissions given to auto-join groups.
  8. Test the configured connection and save it.

System properties

Crowd configuration properties may be added to the run time system properties or to the $JFROG_HOME/artifactory/var/etc/artifactory.system.properties file.

The property prefix which should be used: crowd.propertySetting a configuration through properties overrides configurations set through the user interface.


Crowd Groups

To use Crowd/JIRA groups:

  1. Set up a Crowd server for authentication as detailed above.
  2. Verify your setup by clicking the Refresh button on the Synchronize Crowd Groups sub-panel. A list of available Crowd groups, according to your settings is displayed.

  3. The groups table allows you to select which groups to import into JPD and displays the sync-state for each group. A group can either be completely new or may already exist in the system.
  4. Select and import the groups that you wish to import to the JPD. Once a group is imported (synced) a new external Crowd group is created in the JPD with the name of the group.

You can Manage Permissions on the synced Crowd groups in the same way you manage them for regular groups.

Users association to these groups is external and controlled strictly by Crowd.

Ensure the Crowd group settings is enabled in order for your settings to become effective.



  • No labels
Copyright © 2020 JFrog Ltd.