Documentation for Crowd 2.4. Documentation for other versions of Crowd is available too.
The SSO domain is used when setting HTTP authentication cookies in a user's browser. If this attribute is not correct, single sign-on (SSO) will not work when the user switches between applications.
On this page:
概要
The core Crowd functionality supports SSO across applications within a single domain, such as *.mydomain.com. Crowd uses a browser cookie to manage SSO. Because your browser limits cookie access to hosts in the same domain, this means that all applications participating in SSO must be in the same domain.
Example 1: If you wish to have single sign-on (SSO) support for *.mydomain.com, you will need to configure the SSO domain in Crowd as .mydomain.com — including the full stop ('.') at the beginning. All your Crowd-connected applications must be in the same domain. For example:
Crowd |
|
|
|---|---|---|
Jira |
|
|
Confluence |
|
|
FishEye |
|
|
FishEye in different domain |
|
|
Example 2: If you wish to have single sign-on (SSO) support for mydomain.com/*, you will need to configure the SSO domain in Crowd as mydomain.com. All your Crowd-connected applications must be in the same domain. For example:
Crowd |
|
|
|---|---|---|
Jira |
|
|
Confluence |
|
|
FishEye |
|
|
FishEye in different domain |
|
|
You can find information the comparison of host name strings in RFC 2965 (pages 2 and 3).
When developing on your local machine, you should set the domain to localhost.
Setting the SSO Domain
To specify the domain,
- Log in to the Crowd Administration Console.
- Click the 'Administration' tab in the top navigation bar.
- The 'General Options' screen will appear. Type the new domain into the 'SSO Domain' field.
- Click the 'Update' button.
Screenshot: 'General Options'
Setting the SSO Domain when Crowd is behind a Proxy Server
If Crowd is being run behind a proxy server, before setting the SSO domain value, make sure that the domain specified in the proxy (that is currently being used to access the Crowd console) was specified in the Tomcat connector proxyName attribute. Example:
File: Apache-Tomcat/conf/server.xml
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
port="8095" redirectPort="8443" useBodyEncodingForURI="true"
proxyName="mycompany.com" />
注意
- Avoiding problems with old cookie versions. In order to avoid problems with hosts or domains defined in old cookie versions, after setting the SSO Domain in Crowd, log out of Crowd and the integrated applications and delete all the web browser cookies.
- SSO domain. The 'SSO Domain' field will accept only values based on the domain that is used to access the Crowd console. For instance, if you are using 'www.mycrowd.com/crowd/console' to access the console in the web browser, this field will accept the following values:
- 空
- mycrowd.com
- .mycrowd.com
If you enter any other value, Crowd will show an error message: The supplied domain is invalid.
- IP addresses. SSO will not operate when sites are accessed using IP addresses rather than domain names. This is a limitation of the cookie technology implemented in web browsers.
関連トピック
概要
コンテンツ ツール
アプリ
Log a request with our support team.
Raise an issue for our developers.
See answers from the community.
Blog and update our documentation.
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.