Setting up Bamboo with Crowd using SSO
Setting up Apache
Please, find below a sample configuration in Apache setting up a VirtualHost for each of the application:
Crowd | Bamboo |
|
|
Setting up Crowd
Lets remove context path from Crowd by following Removing the 'crowd' Context from the Application URL - https://confluence.atlassian.com/x/uAVODQ
To remove the /crowd part from the URL:
In
<crowd-install>/build.properties
set the crowd.url variable to the following:# Crowd context root crowd.url=http://localhost:8095/
Since you already know the DNS Crowd will be using, you can simply replace crowd.url with http://crowd.mydomain.com
Run
<crowd-install>/build.sh
(UNIX) or<crowd-install>\build.bat
(Windows).Change your
<crowd-install>/apache-tomcat/conf/server.xml
file to have the following Host section configuration<Engine defaultHost="localhost" name="Catalina"> <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"> <Context path="" docBase="../../crowd-webapp" debug="0"> <Manager pathname="" /> </Context> </Host> </Engine>
Perform a backup of the
crowd.xml
file in<crowd-install>/apache-tomcat/conf/Catalina/localhost
to another directory.From
<crowd-install>/apache-tomcat/conf/Catalina/localhost
, remove thecrowd.xml
file to prevent Tomcat from loading the /crowd context.Append
proxyName
andproxyPort
to<crowd-install>/apache-tomcat/conf/server.xml
as per following:<Connector URIEncoding="UTF-8" acceptCount="100" compressableMimeType="text/html,text/xml,application/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript" compression="on" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8095" redirectPort="8443" sendReasonPhrase="true" useBodyEncodingForURI="true" proxyName="crowd.mydomain.com" proxyPort="80" />
Changes in Crowd's UI
Take note of SSO cookie name as this will be used later in Bamboo's configuration, appending attribute to | |
| |
Creating an Application in Crowd to be consumed by Bamboo
In case the information below does not cover the necessary steps to create an application, please refer to our official documentation on Adding an Application - https://confluence.atlassian.com/x/h4AbAQ
| |
| |
Setting up Bamboo
Setting up proxy
Append proxyName
and proxyPort
to <bamboo-install>/conf/server.xml
as per following:
<Connector
protocol="HTTP/1.1"
port="8085"
maxThreads="150" minSpareThreads="25"
connectionTimeout="20000"
disableUploadTimeout="true"
acceptCount="100"
enableLookups="false"
maxHttpHeaderSize="8192"
useBodyEncodingForURI="true"
URIEncoding="UTF-8"
redirectPort="8443"
proxyName="bamboo.mydomain.com"
proxyPort="80"
/>
Changes in Bamboo's UI
Lets set up Bamboo to authenticate against Crowd
- go to Bamboo administration >> Overview >> Security >> User repositories
select Users and groups from JIRA or Crowd
サーバー URL
アプリケーション名
bamboo
Application password
bamboo
crowd.properties in Bamboo
Above is the representation of |
And this is the representation of the same file when setting up Crowd as authentication method through Bamboo administration >> Overview >> Security >> User repositories |
Both configuration settings (tab
or equals sign
separator) are valid and can be read by Bamboo.
Enabling SSO in Bamboo
Lets enable SSO in Bamboo by following Integrating Bamboo with Crowd - https://confluence.atlassian.com/x/IQU_EQ
To enable single sign-on (SSO), you will configure Bamboo's authentication and access request calls to use Seraph. To configure Seraph-based authentication:
- Bamboo をシャットダウンします。
- Edit the
<bamboo-install>/atlassian-bamboo/WEB-INF/classes/seraph-config.xml
Comment out the
authenticator
node<!--<authenticator class="com.atlassian.bamboo.user.authentication.BambooAuthenticator"/>-->
Uncomment the following tag
<authenticator class="com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator"/>
Append the following property to
<bamboo-home>/xml-data/configuration/crowd.properties
as this is the value provided in Crowd under Single Sing-On cookie settings >> SSO cookie name.cookie.tokenkey=crowd.token_key
Please, follow the pattern used by the current
crowd.properties
configuration file. If the same is described by havingequals sign
as separator, the above mentioned should be appended. Otherwise, replaceequals sign
withtab
instead.- Start Bamboo. Bamboo's authentication and access request calls will now be performed using Seraph.
トラブルシューティング
While following this Knowledge Base Article you may come across the following known issue(s):