Overview
The Artifactory Crowd Integration allows you to delegate authentication requests to Atlassian Crowd, use authenticated Crowd users and have Artifactory participate in a transparent SSO environment managed by Crowd.
In addition, Artifactory Crowd Integration allows the use of JIRA User Server as an authentication server, but withoutsupportSSO。
Usage
Crowd integration can then be configured from the Admin tab and thenSecurity -> Crowd Integration.
| Field Name | Description |
|---|---|
| Enable Atlassian Crowd Integration | Mark this checkbox to enable security integration with Atlassian Crowd. |
| Crowd Server URL | The full URL of the Crowd server to use. |
| Crowd Application Name | The application name configured for Artifactory in Crowd. |
| Crowd Application Password | The application password configured for Artifactory in Crowd. |
| Session Validation Interval | The time window, in minutes, in which the session does not need to be revalidated. |
| Use Default Proxy Configuration | If this checkbox is marked and a default proxy definition exists, it is used to pass through to the Crowd Server. |
| Use JIRA User Server | Checking this checkbox will allow integration with JIRA User Server, and Artifactory will be able to authenticate users against supplied JIRA server. This has side-effect of disabling Single Sign On which is not supported by JIRA User Server. |
| Auto Create Artifactory Users | When automatic user creation is off, authenticated users will not be automatically createdinside Artifactory. Instead, for every request from a Crowd user, the user is temporarily 没有汽车用户创建,您将需要to manually create the user inside Artifactory inorder to manage user permissions that are not attached to their default groups. |
| Filter by Username | Filter the search by username to see only groups of the specified username If unchecked, all Crowd groups are shown. |
To enable Crowd integration:
- First define Artifactory as aCustom Application Clientinside Crowd.
- Complete the Crowd server URL, and the application credentials defined in Step 1.
- The session validation interval defines the principal token validity time in minutes. If left at the default of 0, the token expires only when the session expires.
- If you are using JIRA User Server provide it's URL in the "Crowd Server URL" and check the "Use JIRA User Server". This will disable SSO, which is not supported by JIRA.
- If you have a proxy server between the Artifactory server and the Crowd server, you may check the
Use Default Proxy Configurationcheck-box. - It is possible instruct Artifactory to treat externally authenticated users as temporary users, so that Artifactory does not automatically create them in its security store. In this case, permissions for such users are based on the permissions given to auto-join groups.
- Test the configured connection and save it.
System properties
Crowd configuration properties may be added to the Runtime system properties or to the$ARTIFACTORY_HOME/etc/artifactory.system.propertiesfile.
NOTE!that setting a configuration through properties overrides configurations set through the user interface.
Crowd Groups
To use Crowd groups:
- Set up a Crowd server for authentication as detailed above.
- Verify your setup by clicking the
Refreshbutton on theSynchronize Crowd Groupssub-panel. A list of available Crowd groups, according to your settings is displayed. - The groups table allows you to select which groups to import into Artifactory and displays the sync-state for each group. A group can either be completely new or already exist in Artifactory.
- Select and import the groups that you wish to import to Artifactory. Once a group is imported (synced) a new external Crowd group is created in Artifactory with the name of the group.
You canManage Permissionson the synced Crowd groups as you do with regular Artifactory groups.
Users association to these groups is external and controlled strictly by Crowd.
Ensure the Crowd group settings is enabled in order for your settings to become effective.