はじめる前に

• Make sure you have Crowd 7.0 or later.

• You'll need access to both your Crowd instance and the application you want to connect, for example, Jira Data Center.

• During the incoming application link setup, you’ll generate client ID and client secret credentials. Save them, you'll need them during the outgoing application link setup.

Set up OAuth 2.0 directory sync in Crowd

To set up OAuth 2.0 directory sync, you need to:

• create an incoming application link

• add new application to your Crowd

• create an outgoing application link.

Creating an external incoming application link

To create an external incoming application link, in your Crowd:

1. Go to Settings, then Application links.

2. Select Create link, and then:

   1. For Application type, select External application.

   2. For Direction, select Incoming.
      
      

3. Select Continue. In the Configure an incoming link window, fill in the required fields:

   1. Enter a unique name for your link.

   2. In Redirect URL, enter the base URL of your Crowd instance.

   3. For Permissions, select Application.
      

4. 保存 を選択します。

You’ll see following OAuth 2.0 credentials: Client ID and Client secret. You’ll need to copy them to your external application during the creation of your external outgoing link.

Adding new application

To add a new application, in your Crowd:

1. In the upper-left corner of your Crowd, go to Applications.

2. Select Add application.

3. For Application type, choose the product you want to connect. We’ll use Jira as as example.

4. Enter a name for the application. You’ll need this name on the application side, so save it.

5. For Authentication method, select the application link you’ve just created.
   

6. Select Next.

7. Follow the Adding an application guide starting from the step 7.
   

Once you add your application, it’s time to create an outgoing application link.

Creating external outgoing application link

To create an external outgoing application link, go to the application you want to configure (we’ll use Jira as an example):

1. Go to Settings, then Application links.

2. Select Create link, and then:

   1. For Application type, select External application.

   2. For Direction, select Outgoing.
      
      

3. Select Continue.

4. In the Configure an outgoing link window:

   1. For Grant types, select Client credentials.

   2. For Service provider, select your service provider.

   3. Enter a unique name for your application link.

5. In the Application details section:

   1. For Client ID and Client secret, use the values from the Crowd application link.

   2. Set Scopes to APPLICATION.

   3. For Token endpoint, use your Crowd instance URL with /rest/oauth2/latest/token appended. For example, https://your-crowd-instance/rest/oauth2/latest/token.
      

6. Save your settings.

Once you save your configuration, add a new Crowd directory in your application. For example, in Jira:

1. Go to User management, then User directories.
2. Select Add directory and add Atlassian Crowd.
   
   

3. Configure the new directory settings. For Authentication Method, select the application link you just created.
   
   

4. Test the connection to make sure everything is working and save your settings.

Your directory should now be connected using OAuth 2.0.

既知の問題

You might see a “Connection test failed” error message in the application you want to link. For example, in Jira it would look similar to this:

com.atlassian.crowd.exception.ApplicationPermissionException: HTTP Status 403 - ForbiddenType Status ReportMessage Client with address "10.227.176.150" is forbidden from making requests to the application, jira oauth2 test.Description The server understood the request but refuses to authorize it.

To solve this error:

1. Check the IP address of your connecting application.

2. Go back to your Crowd instance and add this IP address as a host.

3. Retry the connection test.