This page last changed on May 07, 2008 by smaddox.
Atlassian CrowdID is a free add-on to Crowd. It gives administrators a secure way to provide OpenID accounts for their users.
 |
When installing Crowd 1.1+ the Crowd Setup Wizard allows you to install CrowdID with Crowd. If you chose to install CrowdID as part of the Setup Wizard, there is no need for further configuration. The CrowdID server will be up and running at http://localhost:8095/openidserver |
If you have not already installed CrowdID, follow the instructions below to install it now.
Prerequisites
- Download and install Crowd. Refer to the Crowd installation guide for detailed information on how to do this. We will refer to the Crowd root folder as CROWD.
- This guide assumes that CrowdID was NOT installed with the installation of Crowd. If CrowdID was installed using the Crowd Setup Wizard, there is no need for further configuration.
Step 1. Configuring Crowd to Talk to CrowdID
1.1 Prepare Crowd's Directories/Groups/Users for CrowdID
The CrowdID application will need to locate users from a directory configured in Crowd. You will need to set up a directory in Crowd for CrowdID. For information on how to do this, see Adding a Directory. We will assume that the directory is called CrowdID Directory for the rest of this document. It is possible to assign more than one directory for an application, but for the purposes of this example, we will use CrowdID Directory to house CrowdID users.
CrowdID also requires an administrator group to exist in the directory. You need to ensure that a crowd-administrators groups exist in the CrowdID Directory. Any user in this group will have CrowdID administrator access.
The Crowd documentation has more information on creating groups, creating users and assigning users to groups.
1.2 Define the CrowdID Application in Crowd
Crowd needs to be aware that the CrowdID application will be making authentication requests to Crowd. We need to add the CrowdID application to Crowd and map it to the CrowdID Directory.
- Log in to the Crowd Administration Console and navigate to Applications > Add Application.
- Fill out the form to add the CrowdID application:

Attribute |
Description |
Name |
The username which the application will use when it authenticates against the Crowd framework as a client. This value must be unique, i.e. it cannot be used by more than one application client. |
Description |
A short description of the application. Note: A web URL is often helpful. |
Active |
Only deselect this if you wish to prevent all users (from all directories) from accessing this application. |
Password |
The password which the application will use when it authenticates against the Crowd framework as a client. |
Confirm Password |
Retype the same password as above, to confirm it. |
Default Directory |
A directory that contains relevant users. Note: Additional directories can be added later. |
The Name and Password values must match the application.name and application.password that you set in the CROWD/crowd-openidserver-webapp/WEB-INF/classes/crowd.properties (see Step 2 below).
1.3 Specify which Users can Log In to CrowdID
Now that Crowd is aware of the CrowdID application, Crowd needs to know which directories or users can authenticate (log in) via Crowd. You can either allow entire directories to authenticate, or just particular groups within the directories. In our example, we will allow the entire CrowdID Directory to authenticate:

For details please see Specifying which Groups can access an Application.
1.4 Specify the Address from which CrowdID can Log In to Crowd
Please see Specifying an Application's Address or Hostname. Please note:
- If CrowdID is on a different host to Crowd:
If you are running the CrowdID on a different host to Crowd, you will need to modify the permissible hosts via the Remote Addresses tab. This lists the hosts/IP addresses that are allowed to authenticate to Crowd. If CrowdID is remote to Crowd, add the IP address of your CrowdID server and ensure the "Status" field is set to "true". Remove the entry for localhost.
- If CrowdID is on the same host as Crowd:
By default, when you add an application, localhost is a permissible foreign host. However, you will also need to manually add the IP address 127.0.0.1, as incoming requests to Crowd from CrowdID (both on the same, local, host) may be from the host 127.0.0.1 and not localhost. Crowd does not do a DNS lookup of the hostname. Instead, it compares the values as is. Ensure the 'Status' field is set to 'true'.
Step 2. Configuring CrowdID to Talk to Crowd
Edit CROWD/crowd-openidserver-webapp/WEB-INF/classes/crowd.properties. Change the following properties:
Key |
Value |
application.name |
crowd-openid-server |
application.password |
Set a password. |
application.login.url |
http://localhost:8095/openidserver |
crowd.server.url |
http://localhost:8095/crowd/services/ |
session.validationinterval |
This is the number of minutes between validation requests, when Crowd validates whether the user is logged in to or out of the Crowd SSO server. Set this value to 0 if you want authentication checks to occur on each request. Otherwise set to the required number of minutes between validation requests. Setting this value to 1 or higher will increase the performance of Crowd's integration. |
If your Crowd server's port is configured differently from the default (i.e. 8095), set it accordingly. The application.name and application.password must match the Name and Password that you specified when you defined the application in Crowd (see Step 1 above). The application.login.url should point to the correct host and port of the CrowdID application.
See CrowdID in Action
RELATED TOPICS
Crowd Documentation
|