Integrating Crowd with Atlassian Jira 4.2 or earlier

Integrating Crowd with Atlassian Jira

このページの内容

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

This is an alternate step to "Step 2" defined in Integrating Crowd with Atlassian Jira for users wanting to integrate Crowd with Jira 4.2 or earlier.

Use the client libraries from Crowd 2.2.7 to integrate with Jira 4.2 or earlier even when the Crowd server is more recent. The client libraries from Crowd 2.2.7 remain compatible with later releases of the Crowd server.

ステップ 2. Crowd とやり取りできるように Jira を構成する

2.1 Install the Crowd Client Libraries into Jira

Jira needs Crowd's client libraries in order to be able to delegate user authentication to the Crowd application. As stated earlier, we are going to be modifying the Jira application by editing the application, which is an exploded WAR stored in Jira/atlassian-Jira.

  1. If you are using the Crowd WAR distribution, then you will need to get the CROWD client libraries from the Crowd distribution, available on our download site.
  2. Copy the Crowd client libraries and configuration files to Jira:

    Copy From

    Copy To

    CROWD/client/crowd-integration-client-X.X.X.jar

    JIRA/atlassian-jira/WEB-INF/lib

    CROWD/client/conf/crowd.properties

    JIRA/atlassian-jira/WEB-INF/classes

    Duplicate Crowd Client libraries in your classpath

    Jira should only have a single copy of crowd-integration-client installed. Therefore you need to delete the existing crowd-integration-client-X.X.X.jar file from Jira's WEB-INF/lib directory and replace it with CROWD/client/crowd-integration-client-X.X.X.jar instead of just copying it over. Also, renaming the existing crowd-integration-client jar will not work as Jira will start with duplicate Crowd Client libraries in its classpath.

  3. If you are using Jira 3.11 or earlier, you will need to remove the seraph-0.7.12.jar file from Jira's WEB-INF/lib/ directory and replace it with the following file:
    http://repository.atlassian.com/maven2/com/atlassian/seraph/atlassian-seraph/0.10/atlassian-seraph-0.10.jar
  4. If you are using Jira 3.12.2 or earlier, you will need to update Jira's xfire libraries:
    • Remove the xfire-all-1.2.1.jar file from Jira's WEB-INF/lib/ directory.
    • Copy the following two files from Crowd's client/lib/ directory to Jira's WEB-INF/lib/directory:
      • xfire-aegis-1.2.6.jar
      • xfire-core-1.2.6.jar
  5. Replace Jira's cache configuration file:

    Copy From

    Replace File

    CROWD/client/conf/crowd-ehcache.xml

    JIRA/atlassian-jira/WEB-INF/classes/crowd-ehcache.xml

  6. JIRA/atlassian-jira/WEB-INF/classes/crowd.properties を編集します。次のプロパティを変更します。

    キー

    application.name

    jira
    アプリケーション名は Crowd のアプリケーションで指定した名前と一致している必要があります (前述のステップ 1 を参照)。

    application.password

    パスワードは Crowd のアプリケーションで定義した名前と一致している必要があります (前述のステップ 1 を参照)。

    crowd.server.url

    http://localhost:8095/crowd/services/
    If your Crowd server's port is configured differently from the default (i.e. 8095), set it accordingly.

    session.validationinterval

    各リクエストで認証チェックを行いたい場合は 0 に設定します。その他の場合、ユーザーが Crowd SSO サーバーにログインしているかどうかを検証するためのリクエスト間隔を分単位で設定します。この値を 1 以上に設定すると、Crowd 連携のパフォーマンスが改善します。

オプション設定の詳細については「crowd.properties ファイルについて」をご参照ください。

2.2 Configure Jira to use Crowd's Authenticator

Now that the Crowd client libraries exist, we need to configure Jira to use them.

注: すでに Crowd を利用している Jira インスタンスを移行 / アップグレードする場合、次のファイルを統合する必要があります (上書きはしないでください)。

  1. Edit the Jira config file JIRA/atlassian-jira/WEB-INF/classes/osuser.xml. Comment out any existing authentication providers and uncomment/insert the Crowd providers:

    <!-- This is where JIRA's credentials checking can be configured.  For instance, see
    http://www.atlassian.com/software/jira/docs/latest/ldap.html -->
    <opensymphony-user>
      <authenticator class="com.opensymphony.user.authenticator.SmartAuthenticator" />
    
    <!-- You will need to uncomment the Crowd providers below to enable Crowd integration -->
      <provider class="com.atlassian.crowd.integration.osuser.CrowdCredentialsProvider"/>
      <provider class="com.atlassian.crowd.integration.osuser.CrowdAccessProvider"/>
      <provider class="com.atlassian.crowd.integration.osuser.DelegatingProfileProvider">
        <property name="provider-1">com.atlassian.crowd.integration.osuser.CrowdProfileProvider</property>
        <property name="provider-2">com.atlassian.jira.user.ExternalEntityJiraProfileProvider</property>
        <property name="provider-2-exclusive-access">true</property>
      </provider>
    
    <!-- CROWD:START  - The providers below here will need to be commented out for Crowd integration -->
    <!--
      <provider class="com.atlassian.core.ofbiz.osuser.CoreOFBizCredentialsProvider">
        <property name="exclusive-access">true</property>
      </provider>
    
      <provider class="com.opensymphony.user.provider.ofbiz.OFBizProfileProvider">
        <property name="exclusive-access">true</property>
      </provider>
    
      <provider class="com.opensymphony.user.provider.ofbiz.OFBizAccessProvider">
        <property name="exclusive-access">true</property>
      </provider>
    -->
    <!-- CROWD:END -->
    
    </opensymphony-user>
    
  2. View Jira/atlassian-jira/WEB-INF/classes/propertyset.xml. If there is no entry for the CrowdPropertySet, add the following <propertyset> item at the end of the file as the last <propertyset> item:

    <propertyset name="crowd" class="com.atlassian.crowd.integration.osuser.CrowdPropertySet"/>
    
  3. At this stage, Jira is set up for centralized authentication. If you wish, you can now enable single sign-on (SSO) to Jira. This will ensure that Jira's authentication and access request calls will be performed using Seraph. When authentication or access request calls are performed versus the OSUser framework, the Jira stack will call the Crowd providers and propertyset implementations.

    Edit the JIRA/atlassian-jira/WEB-INF/classes/seraph-config.xml file. Comment out the authenticator node:

    <!--<authenticator class="com.atlassian.jira.security.login.JiraOsUserAuthenticator"/>-->
    


    Add a new authenticator, choosing the one relevant to your version of Jira:

    • If you are using Jira 4.2.x:

      <authenticator class="com.atlassian.crowd.integration.seraph.v22.JIRAAuthenticator"/>
      
    • If you are using Jira 4.1.2 or earlier:

      <authenticator class="com.atlassian.crowd.integration.seraph.JIRAAuthenticator"/>
      

2.3 (Optional) Tune the Cache

Enabling caching on the Crowd server: When using the Atlassian-User and Crowd framework together with Jira, it is highly recommended that caching be enabled on the Crowd server. Multiple redundant calls to the Atlassian-User framework are made on any given request. These results can be stored locally between calls by enabling caching via the Crowd Options menu. Note that this caching on the Crowd server is enabled by default.

Enabling application caching for Jira: If application caching is enabled for Jira, Jira will obtain all necessary information for the period specified by the cache configuration. If a change or addition occurs to Crowd users, groups and roles, these changes will not be visible in Jira until the cache expires for that specific item, i.e. for the particular user, group or role.

(info) From Jira 3.13, the default cache is two hours. In earlier versions, the default value for the application cache is 5 minutes (300 seconds) — increasing this to one or two hours (3600 or 7200 seconds) will improve the performance of your Jira site.

2.4 (任意) Jira のユーザー ピッカーのオートコンプリート機能を無効化する

Jira でのページの読み込みのパフォーマンスを改善するため、Jira のユーザー ピッカーのポップアップ画面でのオートコンプリート機能を無効化することをおすすめします。Jira ドキュメントの手順をご利用ください。

詳細情報: 弊社の経験上、非常に大規模なユーザー ベースのお客様では、Jira でこの機能を無効化することでパフォーマンスが向上します。この機能を有効化した状態で Jira で十分なパフォーマンスを実現できている場合、有効化したままでかまいません。

最終更新日 2023 年 9 月 29 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.