Need help with other JFrog products?
Crowd integration can then be configured in the Admin module under Security | Crowd/JIRA.
Enable Crowd / JIRA Users Management Integration
|Set this checkbox to enable security integration with Atlassian Crowd or JIRA.|
User Management Server
|Select which User Management Server you are using.|
|The full URL of the server to use.|
|The application name configured for Artifactory in Crowd/JIRA.|
Crowd Application Password
|The application password configured for Artifactory in Crowd/JIRA.|
Session Validation Interval
|The time window, in minutes, in which the session does not need to be revalidated.|
Use Default Proxy Configuration
|If this checkbox is set and a default proxy definition exists, it is used to pass through to the Crowd/JIRA Server.|
Auto Create Artifactory Users
When automatic user creation is off, authenticated users will not be automatically created inside Artifactory. Instead, for every request from a Crowd/JIRA user, the user is temporarily associated with default groups (if such groups are defined), and the permissions for these groups applies.
Without automatic user creation, you will need to manually create the user inside Artifactory in order to manage user permissions that are not attached to his default groups.
Filter by Group Name
Filter the search to see only groups of the specified username. If unchecked, all Crowd groups are shown.
Allow Created Users Access To Profile Page
|Allows new users who were created by logging in to Artifactory via Crowd to access their profile page|
To enable Crowd/JIRA integration:
- Select which User Management Server you are using. If you select JIRA, SSO will be disabled since it's not supported by JIRA.
- Define Artifactory as a Custom Application Client inside Crowd.
- Complete the Crowd server URL, and the application credentials defined in Step 1.
- The session validation interval defines the principal token validity time in minutes. If left at the default of 0, the token expires only when the session expires.
- If you are using JIRA User Server provide it's URL in the "Crowd Server URL" and check the "Use JIRA User Server". This will disable SSO, which is not supported by JIRA.
- If you have a proxy server between the Artifactory server and the Crowd server, you may set the
Use Default Proxy Configurationcheck-box.
- You may instruct Artifactory to treat externally authenticated users as temporary users, so that Artifactory does not automatically create them in its security store. In this case, permissions for such users are based on the permissions given to auto-join groups.
- Test the configured connection and save it.
Crowd configuration properties may be added to the run time system properties or to the
The property prefix which should be used: crowd.property
NOTE that setting a configuration through properties overrides configurations set through the user interface.
To use Crowd/JIRA groups:
- Set up a Crowd server for authentication as detailed above.
Verify your setup by clicking the
Refreshbutton on the Synchronize Crowd Groups sub-panel. A list of available Crowd groups, according to your settings is displayed.
- The groups table allows you to select which groups to import into Artifactory and displays the sync-state for each group. A group can either be completely new or may already exist in Artifactory.
- Select and import the groups that you wish to import to Artifactory. Once a group is imported (synced) a new external Crowd group is created in Artifactory with the name of the group.
You can Manage Permissions on the synced Crowd groups in the same way you manage them for regular Artifactory groups.
Users association to these groups is external and controlled strictly by Crowd.
Ensure the Crowd group settings is enabled in order for your settings to become effective.
There are two options to configure Crowd SSO:
- Use the same domain for both Artifactory and Crowd servers. E.g. production.ci.jfrog.com - this will probably will need to be accompanied with a load balancer or a reverse proxy which will pass the requests to their respective servers by addressing the appropriate URL context such as: production.ci.jfrog.com/artifactory and production.ci.jfrog.com/crowd. The Crowd cookie created for this will contain the specific domain you will address. Per the example explained this will generate the crowd.token_key=production.ci.jfrog.com cookie and therefore shared by the browser for both systems URLs.
- If you will be using a subdomain prefix, e.g. crowd.production.ci.jfrog.com and artifactory.production.ci.jfrog.com for your Artifactory and Crowd applications; you will need to at least adjust two configurations:
- Add the domain name you will be using in the Crowd server General settings page:
- Under the $ARTIFACTORTY_HOME/etc/artifactory.system.properties add the crowd.property.cookie.domain=.production.ci.jfrog.com system property. This will require a system restart to take effect.
- Similar to option #1, the web browser will share the cookie between both of the system URLs.