This page last changed on Jun 19, 2007 by shamid.

Jive Forums offers you the ability to specify an implementation to provide authentication and authorisation external to the application. This document outlines how to integrate Crowd's authenticator with Jive Forums.

Currently Crowd provides centralised authentication and single sign-on (SSO) for Jive Forums version 5.0.x. For information regarding compatibility with version 5.5, please see CWD-245.

Prerequisites

  1. Download and configure Crowd. Refer to the Crowd installation guide for detailed information on how to do this. We will refer to the Crowd root folder as CROWD.
  2. Install/configure Jive Forums. Refer to the relevant Jive Forums documentation for information regarding this installation process. The documentation is usually supplied with the software distribution. Do not attempt to use Crowd as the authentication system during the installation process (use the default authentication system for the installation process).

Step 1. Tell Crowd about Jive Forums

1.1 Prepare Crowd's Directory/Users for Jive Forums

The Jive Forums application will need to locate users from a directory configured in Crowd. You will need to set up a directory in Crowd for Jive. For more information on how to do this, see 2.2 Adding a Directory. We will assume that the directory is called Jive Forum Directory for the rest of this document. It is possible to assign more than one directory for an application, but for the purposes of this example, we will use Jive Forum Directory to house Jive Forum users.

If you have an existing Jive Forums deployment and would like to import existing users (principals) into Crowd, use the Jive Importer tool by navigating Principals > Import Users > JIVE. Select the Jive Forum Directory as the directory into which Jive Forum users will be imported. For details please see 2.4.3 Importing Users from Jive Forums. If you are going to import users into Crowd, you need to do this now before you proceed any further.

1.2 Define the Jive Forums Application in Crowd

Crowd needs to be aware that the Confluence application will be making authentication requests to Crowd. We need to add the Jive Forums application to Crowd and map it to the Jive Forums Directory:

  1. Log in to the Crowd Administration Console and navigate to Applications > Add Application.
  2. Fill out the form to add the Jive Forums application:


Attribute Description
Name The username which the application will use when it authenticates against the Crowd framework as a client. This value must be unique, i.e. it cannot be used by more than one application client.
Description A short description of the application. Note: a web URL is often helpful.
Active Only deselect this if you wish to prevent all users (from all directories) from accessing this application.
Password The password which the application will use when it authenticates against the Crowd framework as a client.
Default Directory A directory that contains relevant users. Note: additional directories can be added later.
The Name and Password values must match those set in the JIVEFORUMS/WEB-INF/classes/crowd.properties(see Step 2 below).

1.3 Specify which users can log in to Jive Forums

Now that Crowd is aware of the Jive Forums application, Crowd needs to know which directories or users can authenticate (log in) via Crowd. You can either configure entire directories to authenticate or allow particular groups. In our example, we can simply allow the entire directory to authenticate:

Alternatively, we can use the Groups tab to restrict the application to only authenticate particular groups of users. For details please see 3.4 Specifying which Groups can access an Application.

1.4 Specify the address from which Jive Forums can log in to Crowd

Please see 3.5 Specifying an Application's Address or Hostname. Please note:

  • Jive Forums is on a different host to Crowd
    If you are running Jive Forums on a different host to Crowd, you will need to modify the permissible hosts via the Remote Addresses tab. This lists the hosts/IP addresses that are allowed to authenticate to Crowd. If Jive Forums is remote to Crowd, add the IP address of your Jive Forums server and ensure the "Status" field is set to "true". Remove the entry for localhost.
  • Jive Forums is on the same host as Crowd
    By default, when you add an application, localhost is a permissible foreign host. However, you will also need to manually add the IP address 127.0.0.1, as incoming requests to Crowd from Jive (both on the same, local, host) may be from the host 127.0.0.1 and not localhost. Crowd does not do a DNS lookup of the hostname, rather, it compares the values as is. Ensure the "Status" field is set to "true".

Step 2. Tell Jive Forums about Crowd

2.1 Install the Crowd Client Libraries into the Jive Forums WebApp

Jive Forums may be deployed on an application server as a single WAR file or a an exploded WAR folder. For the rest of the installation process, we will assume that Jive Forums has been set up as an exploded war file. If you need Jive Forums to be installed as a single WAR file, simply expand the WAR to a directory, make the changes as described below, and zip up the directory to form the WAR file. We will refer to the root folder of the Jive Forums web-app as JIVEFORUMS.

  1. Copy the Crowd integration libraries and configuration files (this is described in the Client Configuration documentation). This is summarised below:
    Copy From Copy To
    CROWD/client/crowd-core-*.jar JIVEFORUMS/WEB-INF/lib
    CROWD/client/crowd-integration-jive-*.jar JIVEFORUMS/WEB-INF/lib
    CROWD/client/lib/log4j-1.2.8.jar JIVEFORUMS/WEB-INF/lib
    CROWD/client/lib/ehcache-1.2.3.jar JIVEFORUMS/WEB-INF/lib
    CROWD/client/conf/crowd.properties JIVEFORUMS/WEB-INF/classes
    CROWD/client/conf/crowd-ehcache.xml JIVEFORUMS/WEB-INF/classes
  1. Examine the JIVEFORUMS/WEB-INF/lib folder and delete any duplicate JARs. Duplicate JARs represent common libraries used by both the Crowd client and Jive Forums.
  2. Edit JIVEFORUMS/WEB-INF/classes/crowd.properties. Change the following properties:
    Key Value
    application.name jiveforums
    application.password set a password

    The name and password values must match those set when defining the application in Crowd (see Step 1 above).

2.2 Configure Jive Forums to use Crowd's Authenticator

Crowd is now set up to provide authentication services to Jive. Now Jive needs to be set up to use Crowd's authenticator. There are a few ways of doing this; the most user-friendly method is outlined below:

  1. In your jiveHome directory, edit a file named jive_startup.xml. Modify the <setup> node to be false:
    <jive>
      <!-- When setup is false, you can access the setup tool. -->
      <setup>false</setup>
      ...
      <!-- Allow SSO login for admins -->
      <admin>
        <tryAlternativeLogin>true</tryAlternativeLogin>
      </admin>
    </jive>

    As the XML comment states, this lets us re-run Jive's setup.

  1. Restart Jive Forums so that it picks up the changes.
  2. View the Jive Forums site with a web browser (usually under the /jiveforums context-root. Jive will run the "Jive Forums Setup".
  3. In the Install Checklist screen, click continue to navigate through the setup process.
  4. In the Datasource Settings screen, re-enter your database configuration details and click continue.
  5. In the User System screen, select Custom authentication system and click Continue:

  1. You should be at the Custom User System screen. Enter the following details which specify Crowd as the custom authenticator:

UserManager implementation:

com.atlassian.crowd.integration.jive.CrowdUserManager

GroupManager implementation:

Do not specifiy an implementation.

AuthFactory implementation:

com.atlassian.crowd.integration.jive.CrowdAuthFactory

Click continue.

If you have any errors at this stage, it is very likely that there is a classpath issue (eg. the Crowd client libraries aren't being properly loaded by Jive). Please read the documentation regarding Crowd Client Libraries for help identifying the problem.

  1. In the Email Settings screen, re-enter your email configuration details and click continue.
  2. In the Admin Account Setup screen, do not enter any details. Click Skip this step.
Warning
The default administrator for Jive Forums is the user admin. This user will need to exist in your mapped directory (i.e. the Jive Forums Directory). Without this user, you will not be able to access the administration console of Jive Forums.
  1. Bounce the server and test that Crowd is authenticating users for Jive. You can do this by creating users (principals) via the Crowd Administration Console and verifying that they are able to log in to Jive Forums.
Jive Forums Documentation
For further information regarding Jive Forums Authentication Integration, check out the Jive Forums Documentation at http://www.jivesoftware.com/builds/docs/latest/documentation/developer-guide.html#userintegration

Check out the Jive SSO page for more details on Jive SSO Integration and corresponding use cases.

Related Topics  

Crowd Documentation  


Document generated by Confluence on Jun 20, 2007 20:58