This page last changed on Jul 29, 2009 by smaddox.

30 July 2009

The Atlassian Crowd team is delighted to present the insanely fast, supremely nested Crowd 2.0.

Highlights of this release:

Responding to your feedback:

More than 220 votes satisfied

Keep logging your votes and issues. They help us decide what needs doing!

Upgrading to Crowd 2.0

You can download Crowd from the Atlassian website. If upgrading from a previous version, please read the Crowd 2.0 Upgrade Notes.

Highlights of Crowd 2.0

Introducing User Aliases

A single user can now have different usernames in different applications. For example, Arthur Dent might have username 'dent@example.com' in your JIRA issue tracker, 'arthur' in your internal Confluence wiki and 'adent' in your public-facing Confluence wiki.

  • Using Crowd, Arthur can link a number of usernames as aliases of his main login ID.
  • Arthur can log in just once, to any Crowd-connected application. He will be automatically logged into the other applications via single sign-on (SSO).
  • Crowd's Administration Console makes it easy for a system administrator to track and manage the username, aliases and application authorisations for each user.
  • Crowd's user aliasing allows you to work around the problem that occurs when you want to implement a single user base for a number of existing systems, where users may have different usernames in each system.
  • When someone gets married or changes their name, you may wish to rename a user in your LDAP directory, such as Microsoft Active Directory. To avoid problems in applications which do not allow user renaming, you can now link the new LDAP username to an alias in Crowd.
  • Some systems may use email addresses as usernames, while in others this may expose users to email spambots. Using Crowd aliasing, you can use different username formats to suit your application requirements.
  • Our documentation has the details.

Nested Groups in All Crowd Directories

With Crowd 1.4, we introduced support for nested groups in Crowd-connected LDAP directories. This means that you can have a group as a member of another group. Now Crowd 2.0 supports nested groups for Crowd Internal and Delegated Authentication directories too. Your custom directories will also support nested groups, provided that they meet the interface requirements of the RemoteDirectory API.

  • When verifying a user's login to a Crowd-connected application, Crowd will search the groups mapped to the application plus all their sub-groups.
  • When an application requests a list of users in a group, Crowd will present a flat list of users gathered from the requested group and its sub-groups.

Automatic Group Membership for New Users

You can now configure Crowd to assign new users to specific groups automatically.

  • You can define default groups for each directory.
  • A new user automatically becomes a member of these groups, whether added via the Crowd Administration Console or via a Crowd-connected application.
  • Note that the automatic group membership does not work when importing users and groups via Crowd's external user importer.
  • You can read more in our documentation.

Improved User and Group Management UI

Looking to relieve the administrative pain that user and group management often entail, we have enhanced the management screens in the Crowd Administration Console and added bulk user and group administration for the first time in Crowd.

  • You can add multiple users to a group at the same time.

On the user management side:

  • You can add a user to multiple groups at the same time.
  • When searching for a user, just enter all or part of a name, username or email address in a single search box to find the matching users.
  • The user browser now shows every user's full name, as well as their usernames and email addresses.

Improved Performance

The Crowd team have done a lot of under-the-cover work in this release, chiefly on updating Crowd's database schema. This work will put us in good stead to provide shiny new features in later releases. For Crowd 2.0, the biggest gain is in the performance of Crowd Internal and Delegated Authentication directories. Comparisons of Crowd 2.0 with the previous release have generated the following statistics in our test environment, running on a Crowd Internal directory with 60 000 users, 5 000 groups and 240 000 group memberships.

  • Most operations are about twice as fast.
  • Retrieving all users is a gigantic 15 times faster. This request is used when an application asks for all users at once, such as when JIRA's cache expires.
  • Searching on fields such as name and email address is more than twice as fast.
  • Authenticating a user is 60% faster.

We haven't even tried to represent the searchPrincipals and findAllGroupRelationships requests graphically, because the performance improvement is off the charts:
MySQL is 15 times faster.
PostgreSQL is 100 to 1000 times faster.

Improved Database Support

The updated Crowd database schema provides some wins in the area of database support too.

  • UTF-8 character encoding is now supported for MySQL databases. Before this release, Crowd required Latin 1 character encoding.
  • The Crowd database schema uses case-insensitive table names, so for people who are using PostgreSQL, there is no longer any need for silly quotes in your SQL queries.
  • Crowd's mail template size is no longer limited to 255 characters.

New REST API

Crowd 2.0 exposes a new REST API that provides access to resources (data entities) via URI paths. This is useful for developers wanting to integrate Crowd into their application and for administrators needing to script interactions with the Crowd server.

  • To use a REST API, your application will make an HTTP request and parse the response.
  • You can request a response format of XML or JSON.
  • Your methods will be the standard HTTP methods like GET, PUT, POST and DELETE.
  • Because the REST API is based on open standards, you can use any web development language to access the API.
  • Our documentation tells you more.

Plugin Framework 2.2 and REST Module

Crowd 2.0 supports version 2.2 of the Atlassian Plugin Framework, the latest plugin framework release to date. Crowd now also bundles the new REST plugin module type. We have used the REST plugin module type to develop the Crowd 2.0 REST APIs mentioned above.

  • Developers can use the REST module type to create plugin points easily in Crowd by exposing services and data entities as REST APIs.
  • The REST module type also makes it easier to develop cross-application plugins i.e. plugins which work in more than one application, because the module type helps developers to ensure consistency of REST APIs across Atlassian applications.
  • There's more in our documentation.

Other Things Worth Mentioning

  • You can now use wildcard IP ranges (CIDR notation) when specifying IP restrictions for an application.
  • We now offer full support for Tomcat 6.
  • We have enhanced the remote directory API to support finer-grained control in searches. The new API is type safe, supports 'AND' and 'OR' queries and allows you to make finer-grained requests based on primary or custom attributes. For example, you might search for users whose favourite colour is 'pink'. The details are in the JavaDocs.

Complete List of Improvements and Fixes

JIRA Issues (103 issues)
Key Summary Priority Status
CWD-1616 Creating a user via an atlassian-user based applicaiton fails because a password is not supplied on user creation Blocker Resolved
CWD-1558 Create Crowd 2.0 artifact Blocker Resolved
CWD-1530 Legacy user/group/membership import needs to be batched. Blocker Resolved
CWD-1529 SecurityServerClient does not correctly segregate roles and groups for container searches. Blocker Resolved
CWD-1526 Fix Crowd PluginPropertyManager and sal-crowd-plugin Blocker Resolved
CWD-1487 Amalgamation is broken thanks to equals/hashcode using directoryId on directory entities - maybe we need application entities Blocker Resolved
CWD-386 SQL error while importing users from Jira and Confluence to Crowd 1.1 with MSSQL 2000 Blocker Closed
CWD-147 Table names are too long for MySQL with UTF-8 Blocker Resolved
CWD-1597 REST "directory" resource returns two levels of "<directories>" element Critical Resolved
CWD-1533 Test Crowd 2.0 integration with JIRA/Confluence/Bamboo/FishEye Critical Resolved
CWD-1532 Build closed beta of Crowd 2.0 Critical Resolved
CWD-1528 Verify all code from trunk post making the 2.0 branch is migrated to branch. Critical Resolved
CWD-1441 Wrong license user count when users still members of an application group Critical Resolved
CWD-1631 Internal Directory group names in 2.x are lower case by design and incompatible with 1.x Major Resolved
CWD-1624 Restoring from an XML backup that used in-memory tokens will revert back to database backed tokens Major Resolved
CWD-1621 Updating user attributes causes database error Major Resolved
CWD-1610 Fix link in UI text pointing to docs on application "Options" tab Major Resolved
CWD-1606 Clicking *View* Session shows a StackTrace Major Resolved
CWD-1605 Add help link for directory "Options" tab plus all Delegated Auth "view/update" links Major Resolved
CWD-1596 Updating aliases with a mix of valid/invalid update can cause strange behaviour Major Resolved
CWD-1595 Allow to associate many Groups to a User(s) in a single operation Major Closed
CWD-1589 The search in the new user picker in group management does not match on name Major Resolved
CWD-1586 Help link is wrong after use of the "Add Group" wizard on the User "Groups" tab Major Resolved
CWD-1585 Application "Users" tab does not show any users if one directory is unavailable Major Resolved
CWD-1584 An LDAP reference that points to an invalid DN throws a fatal exception Major Resolved
CWD-1566 RemoteDirectory requires a more advanced search API to replace the current SearchContext approach used in the SecurityServer Major Resolved
CWD-1561 Test Trusted Application support with Aliased applications Major Resolved
CWD-1557 The delegated directory does not fire a UserCreatedEvent when a successfully authenticated user is replicated into the local crowd database. Major Resolved
CWD-1555 Textual change on "Direct Members" tab of Group Browser Major Resolved
CWD-1545 UI improvement for User page, add a "group picker' similar to the Group pages. Major Resolved
CWD-1535 Crowd Client Cache is not refreshed when a Group is deleted using JIRA Admin console Major Resolved
CWD-1527 Run performance tests against the current 2.0 spike version Major Closed
CWD-1525 UI Improvements for Group Membership Management Major Resolved
CWD-1524 Search by Alias and other User attributes Major Resolved
CWD-1523 XML Migration for Alias Information Major Resolved
CWD-1522 Alias Object Model + Hibenate DAO Major Resolved
CWD-1521 Implementation of the AliasService/Manager Major Resolved
CWD-1519 Test Crowd on All Supported Databases Major Resolved
CWD-1517 Add Role selection to LDAP queries and updates Major Resolved
CWD-1516 On import check for any Group & Role name clashes Major Resolved
CWD-1514 Configuration Errors need to be displayed for an LDAP directory if Roles are enabled and the DN's for both Groups and Roles overlap. Major Resolved
CWD-1507 Crowd Schema + Domain Model update to improve performance and cross-database compliance Major Resolved
CWD-1505 User/Group/Membership Import fails when using MySQL Major Resolved
CWD-1503 Installation Wizard last step "fails" Major Resolved
CWD-1498 Delegated directory attributes only accessible via 'view' link, not by clicking on directory name Major Resolved
CWD-1493 Performance issue when amalgamating groups for a findAllGroupRelationships call Major Resolved
CWD-1491 com.atlassian.crowd.console.filter.CrowdGzipFilterIntegration.useGzip hits database on every invocation Major Resolved
CWD-1488 Update SAL to 2.0 to enable REST interfaces Major Resolved
CWD-1480 Upgrade Crowd to atlassian-core 4.2 Major Resolved
CWD-1479 Upgrade Crowd to Plugins 2.2.0.rc2 Major Resolved
CWD-1477 Implement a PluginPersistentStateStore for Crowd that isn't an in-memory one. This will need to be database backed. Major Resolved
CWD-1476 Allow the Crowd admin to know when a proxy should be added to the Trusted Proxy list Major Resolved
CWD-1470 Re-enable by-email search tests when new schema lands on trunk Major Resolved
CWD-1468 Add alias information to user UI Major Resolved
CWD-1467 Highlight application-specific alias when searching in the context of that application Major Resolved
CWD-1464 Documentation link for new Users screen in Application and other help links Major Resolved
CWD-1460 Remove "If you have set the SSO Domain..." bullet point Major Resolved
CWD-1459 Group/User memberships do not obey the tree scope or object filters Major Resolved
CWD-1458 Added crosses for removing group in Add Application Wizard Major Resolved
CWD-1457 Removing expired tokens from the database token repository requires all tokens to be loaded into memory Major Resolved
CWD-1448 Test buttons for directory pages Major Resolved
CWD-1446 Disable roles by default on newly created LDAP directories for 2.0 Major Resolved
CWD-1443 Upgrade Crowd to Plugins 2.2.0 Major Resolved
CWD-1435 Google Apps SSO with Crowd results in Bad Request Error during authentication for IE7 Major Resolved
CWD-1419 Directory Encryption Type is not available for generic Posix or OpenLDAP Posix directories Major Resolved
CWD-1409 crowd-integration-saml plugin bundles too many jar files Major Resolved
CWD-1408 Provide api to access currently logged in user Major Resolved
CWD-1406 security filter should be added to path "/plugins/servlet" in web.xml Major Resolved
CWD-1405 pluginManager and pluginEventManager beans should be available to plugins Major Resolved
CWD-1398 Content-Encoding is unset for SOAP requests Major Resolved
CWD-1390 Provide user feedback if SSO Domain setting is preventing users from logging in Major Resolved
CWD-1374 JavaScript error in the Add Application Wizard Major Resolved
CWD-1373 Improve UI for removing groups in the Add Application Wizard Major Resolved
CWD-1372 Crowd creates new tokens for applications and users even if valid ones already exist Major Resolved
CWD-1370 CSV importer fails with '|' used as separator Major Resolved
CWD-1357 Remote Addresses not added when enter pressed Major Resolved
CWD-1337 Provide support for OS X Open Directory 10.5.6 Major Resolved
CWD-1327 NullPointerException when using "Reset Password" function Major Resolved
CWD-1293 toLower when importing mixedCase usernames from LDAP into a Crowd internal directory. Major Resolved
CWD-1292 Officially support Tomcat 6 Major Resolved
CWD-1187 Nested groups do not work with JIRA Global Permissions Major Resolved
CWD-1030 Investigate ability to add account aliases for "change username" capability for Atlassian apps. Major Closed
CWD-996 Check if user is active before counting against license Major Resolved
CWD-991 Need better user/group managment UI that included ability to bulk add users to groups (like JIRA) Major Resolved
CWD-990 UTF-8 support for MySQL Major Resolved
CWD-980 Add Nested Groups for Internal Directories Major Resolved
CWD-919 Place a "Test Search" button on the Delegated Directory Configuration tab and also on the Configuration tab when viewing a directory Major Resolved
CWD-732 Crowd client should pass version, configuration information to server Major Resolved
CWD-635 Edit members of the group or role Major Resolved
CWD-605 Bulk change of principals Major Resolved
CWD-174 Add wildcard support for application IP restrictions. Major Resolved
CWD-84 Allow specifying network addresses by netblock Major Resolved
CWD-76 Aliases needed for legacy integration Major Resolved
CWD-33 Improve searching attributes on a principal. Major Resolved
CWD-1497 Change text "In-Active" to "Inactive" in dropdown lists for user and group status Minor Resolved
CWD-1472 ClientPropertiesImpl.generateBaseURL() assumes that server URL contains /services Minor Resolved
CWD-1411 Make Crowd database schema lowercase Minor Resolved
CWD-1399 Re-add MYSQL + UTF-8 documentation to mysql.properties Minor Resolved
CWD-1384 Please update Crowd's Evaluation Expiry message Minor Resolved
CWD-879 Allow admin to designate local Crowd groups for auto-assignment on creation/import of users. Minor Resolved
CWD-770 Automated adding of users to groups/roles Minor Resolved
CWD-310 Mail Template size is limited to 255 characters Minor Resolved
CWD-1180 Retain Test Connection & Search after adding Directory Trivial Resolved


3.png (image/png)
2.png (image/png)
1.png (image/png)
medium-download-latest-version-button.png (image/png)
8.png (image/png)
7.png (image/png)
6.png (image/png)
5.png (image/png)
4.png (image/png)
9.png (image/png)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
UserAliases (application/octet-stream)
Crowd_UserAliases_Diagram.png (image/png)
AddUsersToGroup_Annotated.png (image/png)
UserManagement_Annotated.png (image/png)
UserManagement_Annotated.png (image/png)
GroupDirectMembers_Annotated.png (image/png)
DirectoryDefaultGroup_Annotated.png (image/png)
Crowd_UserAliases_Diagram.png (image/png)
UserManagement_Annotated.png (image/png)
DirectoryDefaultGroup_Annotated.png (image/png)
Document generated by Confluence on Jul 30, 2009 01:29