Crowd 1.1 : 1.1 Concepts
This page last changed on Jun 13, 2007 by rosie@atlassian.com.
Crowd is an application security framework that handles authentication and authorisation for your web-based applications. With Crowd you can quickly integrate multiple web applications into a single security architecture that supports single sign-on (SSO) and centralised identity management. Crowd has two components:
Designed for ease of use, Crowd can be deployed with your existing infrastructure. Crowd supports:
See the list of supported applications and directories. Architectural OverviewCrowd is a middleware application that integrates web applications into a single security architecture that supports single sign-on and centralised identity management. Crowd works by dispatching authentication and authorisation calls from configured applications to configured directories. A typical deployment may be similar to the following:
![]() When an application needs to validate a security or authentication request (e.g. when a user attempts to log in to the application), the application will make a simple API call to the Crowd framework, which will then forward the call to the appropriate directory. About ApplicationsCrowd integrates and provisions applications. Once defined, an application is mapped to a directory(s), whose users are then granted access to the application. Note that an application can only communicate with Crowd when the application uses a known host address.About DirectoriesCrowd supports an unlimited number of user directories. A directory can either be internal to Crowd, or connected to Crowd via an LDAP connector (e.g. for Active Directory) or via a custom directory connector (e.g. for a legacy database).Once a directory has been defined in Crowd, it can be mapped to applications. Crowd will then delegate authentication and authorisation requests to the directory, for all applications that are mapped to that directory. Modification of directory entities (users, groups and roles) can be done via the Crowd Administration Console or via the application, depending on the application's capabilities. You can even map multiple directories to an application, providing the application with a single view of multiple directories, in a specified order. Related Topics |
![]() |
Document generated by Confluence on Jun 20, 2007 20:58 |