This page last changed on May 05, 2008 by smaddox.
You can use Crowd to provide external authentication and authorisation for Atlassian's FishEye source-repository viewer.
Crowd supports centralised authentication and single sign-on (SSO) for FishEye versions 1.3.1 and later.
 | Crucible and FishEye
If you are using Atlassian's Crucible code review tool, you will need to:
|
On this page:
Prerequisites
- Download and install Crowd. Refer to the Crowd installation guide for detailed information on how to do this. We will refer to the Crowd root folder as CROWD.
- Download and install FishEye. Refer to the FishEye Installation Guide for detailed information on how to do this. We will refer to the FishEye root folder as FISHEYE.
- After FishEye is set up, make sure FishEye is not running when you begin the integration process described below.
Step 1. Configuring Crowd to Talk to FishEye
1.1 Prepare Crowd's Directories/Groups/Users for FishEye
The FishEye application will need to authenticate users against a directory configured in Crowd. You will need to set up a directory in Crowd for FishEye. For more information on how to do this, see Adding a Directory. We will assume that the directory is called FishEye Directory for the rest of this document. It is possible to assign more than one directory for an application, but for the purposes of this example, we will use FishEye Directory to house FishEye users.
If you wish to use Crowd groups to control access to your FishEye repositories, you should set up your groups in Crowd. See the documentation on Creating Groups for more information on how to define these groups.
Use Crowd to create at least one user in the FishEye Directory. If you are using groups, assign your user(s) to the appropriate groups. The Crowd documentation has more information on creating users and assigning users to groups.
1.2 Define the FishEye Application in Crowd
Crowd needs to be aware that the FishEye application will be making authentication requests to Crowd. We need to add the FishEye application to Crowd and map it to the FishEye Directory:
- Log in to the Crowd Administration Console and navigate to Applications > Add Application.
- Fill out the form to add the FishEye application:
Attribute |
Description |
Name |
The username which the application will use when it authenticates against the Crowd framework as a client. This value must be unique, i.e. it cannot be used by more than one application client. |
Description |
A short description of the application. Note: A web URL is often helpful. |
Active |
Only deselect this if you wish to prevent all users (from all directories) from accessing this application. |
Password |
The password which the application will use when it authenticates against the Crowd framework as a client. |
Confirm Password |
Retype the same password as above, to confirm it. |
Default Directory |
A directory that contains relevant users. Note: Additional directories can be added later. |
The Name and Password values must match the 'Application name' and 'Application password' that you will set in FishEye's 'Crowd Authentication Settings' screen – see Step 2 below.
1.3 Specify which Users can Log In to FishEye
Now that Crowd is aware of the FishEye application, Crowd needs to know which users can authenticate (log in) to FishEye via Crowd. You can either allow entire directories to authenticate, or just particular groups within the directories. In our example, we will allow the entire FishEye Directory to authenticate:
If you wish to authorise specific groups only, please see Mapping a Directory to an Application and Specifying which Groups can access an Application.
1.4 Specify the Address from which FishEye can Log In to Crowd
Please see Specifying an Application's Address or Hostname. Please note:
- If FishEye is on a different host to Crowd:
If you are running FishEye on a different host to Crowd, you will need to modify the permissible hosts via the Remote Addresses tab. This lists the hosts/IP addresses that are allowed to authenticate to Crowd. If FishEye is remote to Crowd, add the IP address of your FishEye server and ensure the "Status" field is set to "true". Remove the entry for localhost.
- If FishEye is on the same host as Crowd:
By default, when you add an application, localhost is a permissible foreign host. However, you will also need to manually add the IP address 127.0.0.1, as incoming requests to Crowd from FishEye (both on the same, local, host) may be from the host 127.0.0.1 and not localhost. Crowd does not do a DNS lookup of the hostname. Rather, it compares the values as is. Ensure the "Status" field is set to "true".
Step 2. Configuring FishEye to Talk to Crowd
The instructions below are for FishEye 1.4.x and later. If you are using FishEye 1.3.x, please follow the guide for earlier versions of FishEye.
2.1 Change the Details of your Existing FishEye Users
If you have an existing FishEye installation with existing built-in users, please do the following for each username in FishEye:
- Change the account type from 'built-in' to 'crowd'. This is required for the new authorisation through Crowd to work properly. For details please see the Fisheye documentation.
- Ensure that the username in FishEye is the same as in Crowd. If necessary, rename the user in FishEye. See the FishEye documentation for details.
2.2 Configure FishEye to use Crowd's Authenticator
- Log in to the FishEye Administration screens and navigate to 'Security'.
- Select 'Setup Crowd authentication'.
FishEye allows only one authentication method to be configured at any one time. If you have already configured a different authentication source, click the 'Remove' link to remove that authentication method. You will then be presented with the options for different authentication methods – one will be the option to set up Crowd authentication.
- The 'Crowd Authentication Settings' screen will appear, as shown below. Enter the following information:
- Application name – The name for the FishEye application you specified in Step 1 above.
- Application password – The password you specified in Step 1 above.
- Crowd URL – http://localhost:8095/crowd/services/
The trailing slash is required.
- Auto-add – Select 'Create a FishEye user on successful login' (default) to ensure that your Crowd users will be automatically enrolled into FishEye when they first log in via Crowd.
- Single sign on (SSO) — Controls whether FishEye should attempt to participate in a single sign on (SSO) environment.
This SSO option is available only with FishEye 1.5.1 and later.
- Select 'Enabled' (default) if you want FishEye to use Crowd's SSO capability.
- Select 'Disabled' if you want FishEye to use Crowd to check username/passwords and group membership, without participating in SSO. In this mode, FishEye will not read or set crowd.token cookies. This is useful in environments where you want FishEye to ignore crowd.token cookies set by other Crowd-enabled applications.
For more information, please see the Fisheye documentation on configuring external authentication sources.
2.3 Configure Group Authorisation in FishEye (If Required)
If you have created groups in the Crowd directory which is mapped to your FishEye application (see Step 1 above), the Crowd groups can be seen in FishEye. Now you can set up group authorisation for your FishEye repositories.
Allow the groups to access your FishEye repositories as follows:
- In the FishEye Administration menu, select 'Security' under 'Global Settings'.
- This will display the 'Authentication Settings' screen. In the 'Permissions Summary' section, click 'Edit' next to the required repository name under 'Per-repository'.
- The 'Edit Security' screen will appear. Select the group name(s) and click the 'Join' button. Click 'Update'. The group(s) will appear in the 'Built-in Groups' section of the 'Authentication Settings' screen.
Screenshot 1: 'Authentication Settings'
Screenshot 2: 'Edit Security'
Next Step for Crucible Users
If you are using Atlassian's Crucible code review tool, please take a look at the further instructions on integrating Crowd with Crucible.
RELATED TOPICS
Crowd Documentation
|