Crowd 2.6 : Crowd 2.6 Release Notes

11th February 2013

The Atlassian Crowd team is pleased to bring you the faster, better-integrated Crowd 2.6.

We've made significant performance improvements to LDAP and Active Directory synchronisation for large directories. REST resource improvements give integrated applications more control over SSO sessions. The CrowdID provider now supports OpenID 2.0, with identifier selection to improve your users' experience when authenticating against Crowd.

 

Highlights of this release:

Crowd 2.6 Upgrade Notes

Responding to your feedback:
(green star) 63 votes satisfied

 

Faster LDAP and Active Directory synchronisation

If your LDAP or Active Directory server contains thousands of users and groups, then you'll be delighted to know that we have sped up directory synchronisation. The dialogue between Crowd and remote servers has been simplified to request what's needed and avoid redundancy. These changes significantly improve the performance of full synchronisations. In our test environment we synchronised 10,000 users, 1,000 groups and an increasing numbers of memberships. OpenLDAP showed great improvements, and the results with Active Directory are even more impressive:

In tests with Active Directory we've seen directories with huge numbers of memberships go from an hour to ten minutes.

REST resource improvements for SSO sessions

Integrated applications that use SSO sessions now have more control over session lifetimes. Integrated applications can create a short-lived session by specifying a session expiry time when they create a new session token. Combined with the ability to specify additional validation factors, this makes it possible to have many concurrent sessions for the same user, each with its own lifetime. Applications can now retrieve the creation and expiry date and use this information to implement their own expiration policies.

See the Crowd SSO Token Resource for details. Additionally, Crowd now exposes WADL files for its REST API.

OpenID improvements

This release includes a number of improvements to OpenID in the CrowdID server:

  • OpenID 2 support
  • Support for usernames with non-ASCII characters
  • Server-side identifier selection, to save users from entering their OpenID URL

Identifier selection when endpoint URLs are used, along with with a whitelist of trusted consumers, allows for a streamlined experience for users.

Local groups management for LDAP connectors

Administrators can now create directories backed by an LDAP server, but create and manage groups locally in Crowd. This makes it possible to augment the group structure with new groups even with a read-only LDAP server. When local groups are enabled, new groups are created and updated in the Crowd database and not propagated to the LDAP server. Memberships of local groups are also stored locally.

 

Complete list of improvements and fixes

JIRA Issues (55 issues)

Key Summary Priority Status
CWD-1284 Allow local Crowd groups to be associated with LDAP users. Major Resolved
CWD-1310 Support OpenID 2.0 server-side identifier selection Major Resolved
CWD-2732 Nested Groups do not work with Delegated Authentication Directory Major Resolved
CWD-1329 OpenID 2.0 rel attribute should be specified in discovery HTML Major Resolved
CWD-1860 Retrieve only the necessary attributes when searching for LDAP users and groups Major Resolved
CWD-2763 Optimize LDAP sync behavior for non-AD structures Resolved
CWD-1666 Facebook interop fails. CrowdId or Facebook to blame? Minor Resolved
CWD-1185 OpenID does not work with non-ascii characters Major Resolved
CWD-1625 REST API could offer list of services for requests sent to the root URL Major Resolved
CWD-2470 Support OpenID 2.0 and identifier select for a single endpoint URL Major Resolved
CWD-2665 Installation creates username and groups when it fails to resolve local host name. Major Resolved
CWD-2943 Don't re-fetch users while fetching memberships during synchronisation Major Resolved
CWD-2713 USNChangedMapper throws NPEs if AD does not return the uSNChanged attribute Minor Resolved
CWD-3000 Support for WebSudo Critical Resolved
CWD-3001 Ability to specify a different LDAP instance for each Crowd Critical Resolved
CWD-3122 Getting names of group memberships for a user in an RFC 2307 directories fails with ClassCastException Critical Resolved
CWD-3058 SearchResource JSON format has changed Critical Resolved
CWD-2944 Directory synchronisation retrieves all group memberships when synchronising an individual membership Major Resolved
CWD-3045 Allow a whitelist of automatically-approved sites for CrowdID Major Resolved
CWD-1247 Non-HTML <content> element in output Major Resolved
CWD-3060 Use OpenID Realm for approval requests Major Resolved
CWD-2999 Username returned in the /session REST services has incorrect casing Major Resolved
CWD-3083 TokenReaper task does not delete expired tokens in the background Major Resolved
CWD-3088 DirectoryDAOFile should log when it is no longer using a local file Major Resolved
CWD-3094 Update copy in exceeding user limit warning email to administrators Major Resolved
CWD-3075 Upgrade openid4java to 0.9.7 Major Resolved
CWD-3071 Create a regression test suite for XML/JSON representations for REST API Major Resolved
CWD-3074 Redirect non-canonical OpenID URIs Major Resolved
CWD-3065 Accept 'GET' requests to the OpenID endpoint Major Resolved
CWD-3034 Improve Active Directory full synchronisation of memberships Major Resolved
CWD-3090 UpdateGroupMembers fails with no UI feedback Major Resolved
CWD-3031 Stacktrace is displayed if updating a directory fails Minor Resolved
CWD-3029 Add a new validation factor to distinguish between tokens with different privileges Minor Resolved
CWD-2290 Upgrade ehcache and disable phone-home timers Minor Resolved
CWD-2963 Use generics for ContextMapperWithRequiredAttributes Minor Resolved
CWD-3022 Crowd uses platform-dependent encoding to parse XML file when importing a backup Minor Resolved
CWD-3017 Remove unused remote_address_binary and remote_address_mask columns Minor Resolved
CWD-3006 Return the token creation date in the /session/{token} POST response Minor Resolved
CWD-2998 Log a message when Crowd Tokens do not validate/are rejected Minor Resolved
CWD-2997 Update crowd test runner to bring up the app with proper encoding Minor Resolved
CWD-2992 Declare all pages as HTML 5 Minor Resolved
CWD-3079 Implement Read Only with Local Groups in Crowd Directory Minor Resolved
CWD-3032 Create an acceptance test suite for Crowd running with a file-based directory configuration Minor Resolved
CWD-3033 Produce directory configuration files from the current database-based directory configuration Minor Resolved
CWD-3028 As an application, I want to create short-lived tokens Minor Resolved
CWD-3049 The SQL query to expire old tokens truncates the date Minor Resolved
CWD-3041 Clean up HTML in the web interface Minor Resolved
CWD-3039 Fix spelling of CSS class 'successsBox'. Minor Resolved
CWD-3070 Local groups in connector directories are not imported/exported in XML backups Minor Resolved
CWD-3067 UnsupportedCrowdApiException is not actually thrown by RestCrowdClient when the REST API is missing Minor Resolved
CWD-3057 Add an operation in the REST client to invalidate all tokens of a given user Minor Resolved
CWD-2980 Upgrade Hibernate to 3.5 Minor Resolved
CWD-2873 Remove Acegi Security support Minor Resolved
CWD-2677 Don't preallocate arrays for LDAP queries Minor Resolved
CWD-2909 Upgrade JWebUnit to version 3 Minor Resolved