Documentation for Crowd 1.0. Documentation for other versions of Crowd is available too.

Crowd is an application security framework that handles authentication and authorisation for your web-based applications. With Crowd you can quickly integrate multiple web applications into a single security architecture that supports single sign-on (SSO) and centralised identity management.

Crowd has two components:

  • The Crowd Administration Console is a clean and powerful web-interface for managing directories, users (known in Crowd as 'principals') and their security rights ('permissions').
  • The Crowd integration API provides a platform-neutral way to integrate web applications into a single security architecture. With the integration API, applications can quickly access user information and perform security checks.

Designed for ease of use, Crowd can be deployed with your existing infrastructure. Crowd supports:

  • Java, .NET and PHP applications.
  • Popular directory servers such as Microsoft Active Directory, Sun ONE and OpenLDAP. Additionally, custom directory connectors may be developed using the Crowd integration API.

See the list of supported applications and directories.

Architectural Overview

Crowd is a middleware application that integrates web applications into a single security architecture that supports single sign-on and centralised identity management. Crowd works by dispatching authentication and authorisation calls from configured applications to configured directories.

A typical deployment may be similar to the following:

When an application needs to validate a security or authentication request (e.g. when a user attempts to log in to the application), the application will make a simple API call to the Crowd framework, which will then forward the call to the appropriate directory.


About Applications 

Crowd integrates and provisions applications. Once defined, an application is mapped to a directory(s), whose users are then granted access to the application. Note that an application can only communicate with Crowd when the application uses a known host address.

About Directories

Crowd supports an unlimited number of user directories. A directory can either be internal to Crowd, or connected to Crowd via an LDAP connector (e.g. for Active Directory) or via a custom directory connector (e.g. for a legacy database).

Once a directory has been defined in Crowd, it can be mapped to applications. Crowd will then delegate authentication and authorisation requests to the directory, for all applications that are mapped to that directory. Modification of directory entities (users, groups and roles) can be done via the Crowd Administration Console or via the application, depending on the application's capabilities.

You can even map multiple directories to an application, providing the application with a single view of multiple directories, in a specified order.

関連トピック  

Crowd 1.0 Documentation  





Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.