This page last changed on Jul 29, 2009 by smaddox.

The SSO domain is used when setting HTTP authentication cookies in a user's browser. If this attribute is not correct, single sign-on (SSO) will not work when the user switches between applications.

The core Crowd functionality supports SSO across applications within a single domain, such as *.mydomain.com. Crowd uses a browser cookie to manage SSO. Because your browser limits cookie access to hosts in the same domain, this means that all applications participating in SSO must be in the same domain.

Example 1: If you wish to have single sign-on (SSO) support for *.mydomain.com, you will need to configure the SSO domain in Crowd as .mydomain.com — including the full stop ('.') at the beginning. All your Crowd-connected applications must be in the same domain. For example:

Crowd crowd.mydomain.com
JIRA jira.mydomain.com
Confluence confluence.mydomain.com
FishEye fisheye.mydomain.com
FishEye in different domain fisheye.example.com

Example 2: If you wish to have single sign-on (SSO) support for mydomain.com/*, you will need to configure the SSO domain in Crowd as mydomain.com. All your Crowd-connected applications must be in the same domain. For example:

Crowd mydomain.com/crowd
JIRA mydomain.com/jira
Confluence mydomain.com/confluence
FishEye mydomain.com/fisheye
FishEye in different domain example.com/fisheye

You can find information the comparison of host name strings in RFC 2965 (pages 2 and 3).

When developing on your local machine, you should set the domain to localhost.

To specify the domain,

  1. Log in to the Crowd Administration Console.
  2. Click the 'Administration' tab in the top navigation bar.
  3. The 'General Options' screen will appear. Type the new domain into the 'SSO Domain' field.
  4. Click the 'Update' button.

Screenshot: 'General Options'

RELATED TOPICS

Overview of SSO
Configuring Trusted Proxy Servers

Crowd Documentation


Document generated by Confluence on Jul 30, 2009 01:29