Documentation for Crowd 1.0. Documentation for other versions of Crowd is available too.

The Crowd framework allows an application to perform authentication and authorisation calls against a mapped directory, including:

  • Authenticate a principal (i.e. a user).
  • Validate and invalidate an existing principal authentication.
  • Find a principal by their authentication token.
  • Search principals, groups and roles by name or attributes
  • Add principals, groups and roles.
  • Validate a principal's group and role membership.
  • Add and remove principals from groups and roles.
  • Update a principal's attribute data.
  • Update or reset a principal's authentication credentials.

Crowd's application provisioning allows an application to be mapped to multiple directories. When an application needs to authenticate or authorise a principal, Crowd will call the directory listed first. If the security call can be processed by the directory, the operation will then return the result. If the call cannot be processed, the next directory in the list will then be used when processing the security call until all directories have been exhausted. If the security call cannot be processed, an Exception (based on the method) will be thrown.

Integration Overview

When an application needs to perform a security request (that is, needs to authenticate or authorise a user) via Crowd's API, the following two steps need to occur:

  1. The application authenticates itself with Crowd; the authentication token may be reused by the application during subsequent calls. During this step, Crowd validates the application's credentials and address against known application credentials/addresses.
  2. Using the authenticated token from the previous step, the application then performs the security request for a particular user.

Should the application's requesting token become invalid, the client library will attempt to re-authenticate and perform the security request. If the second authentication request fails, an Exception will be thrown, specifying that the application's credentials are invalid.

Diagram — Application Authorisation Sequence:



次のステップ

  • If you are using the Java Integration Libraries, the application authorisation sequence above is fully handled by the supplied Java implementation.
  • If you are using the SOAP interface, you will need to explicitly implement each step of the application authorisation sequence. As an example, please see the Microsoft .NET Client.

関連トピック  

Crowd 1.0 Documentation  

  • ラベルなし





Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.