Crowd SSO 1.0 Vs 2.0 behaviour against Bitbucket internal users
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
要約
Crowd SSO is 1.0 is allowing Bitbucket internal users to login
環境
Bitbucket - 6.10.0
Crowd SSO - 1.0
Crowd SSO -2.0
ソリューション
If we enable the crowd sso 1.0 in the Bitbucket properties as following:
plugin.auth-crowd.sso.enabled=trueThis would allow all the user's (crowd & Bitbucket internal) to login as if there wasn't any SSO implemented.
However same is not true for the Crowd SSO 2.0. The Crowd SSO 2.0 allows you to
- Either, keep two (Bitbucket and Crowd) separate login forms Where internal users can login through Bitbucket form and the Crowd users can login through the Crowd login form.
- Or , Allow only one kind of login where Crowd user's are able to login and Bitbucket internal users aren't. This approach can be dangerous if you don't have at-least one admin account among the external users as you may lock admin out incase he/she is an internal user.
- Admin can choose either of the two by navigating to administration > SSO 2.0 as following
