This page last changed on Feb 25, 2007 by justen.stepka@atlassian.com.
Atlassian's popular Confluence wiki can quickly be configured to use the atlassian-user libraries to link in single or multiple directory servers through [Crowd].
 | Supported Versions
Crowd supports Confluence version 2.2 and later. |
To configure the atlassian-user framework, perform the following:
- Copy the Crowd integration libraries and configuration files as described in the 3.2 - Client Configuration documentation.
 | Use Confluence Spring JAR
Use the Spring JAR shipped with Confluence. Using the Spring JAR shipped with Crowd will not work with Confluence and prevent the starting of Confluence. |
- Edit the confluence\WEB-INF\classes\atlassian-user.xml file to add the following respository:
<repository key="crowd" class="com.atlassian.crowd.integration.atlassianuser.CrowdRepository">
<classes>
<processor>com.atlassian.crowd.integration.atlassianuser.CrowdRepositoryProcessor</processor>
<userManager>com.atlassian.crowd.integration.atlassianuser.CrowdUserManager</userManager>
<groupManager>com.atlassian.crowd.integration.atlassianuser.CrowdGroupManager</groupManager>
<authenticator>com.atlassian.crowd.integration.atlassianuser.CrowdAuthenticator</authenticator>
<propertySetFactory>com.atlassian.crowd.integration.atlassianuser.CrowdPropertySetFactory</propertySetFactory>
<entityQueryParser>com.atlassian.crowd.integration.atlassianuser.CrowdEntityQueryParser</entityQueryParser>
</classes>
</repository>
You will need to comment out the OSUser repository key
You will also need to comment out the Hibernate repository key
- The Confluence file confluence\WEB-INF\classes\oscache.properties has a default cache limit of 100 objects. This should be commented out or adjusted to something beyond the total number of users and/or groups in your configuration.
cache.memory=true
# CACHE SIZE
# Default cache size in number of item. If a size is specified but not
# an algorithm, the cache algorithm used will be LRUCache.
#cache.size=100
# CACHE UNLIMITED DISK
# Use unlimited disk cache or not
#cache.unlimited_disk=false
- This step is only necessary if you with to enable single sign-on:
 | Enabling Single Sign-On
Single sign-on (SSO) is optional when integrating Confluence and other Atlassian products. To use centralised authentication do not configure Seraph based authentication. |
Edit the \confluence\webapp\WEB-INF\classes\seraph-config.xml, changing the authenticator node to read:
<authenticator class="com.atlassian.crowd.integration.seraph.ConfluenceAuthenticator"/>
Confluence's authentication and access request calls will now be performed using the atlassian-user\Seraph Crowd plugin.
When utilising the atlassian-user and Crowd framework together with Confluence, it is highly recommended that caching be enabled. Multiple redundant calls to the atlassian-user framework are made on any given request. These results can be stored locally between calls by enabling caching in the Crowd 'Options' menu. In doing so, Confluence will obtain all necessary information for the period specified by the cache in minutes. If a security change or addition occurs in Crowd, these changes will not be visible in Confluence until the item cache expires.
Additional configuration steps:
- Create the 'confluence' application in the Crowd administration console. Make sure that you use the same password as configured in the crowd.properties file. More information on adding an application is available here
- Create two groups, confluence-users, and confluence-administrators, through the Crowd console or directly in your directory server.
- You will need to assign the confluence-users, and confluence-administrators group to the newly configure 'confluence' application through the Crowd administration console or authentication attempts will fail.
- Confluence's security requires that principals be members of a Confluence group that has the 'Global Permission' Confluence Users.
- In the General Configuration administration section, turn on External user management.
It looks like the httpclient library that comes with Confluence (commons-httpclient-2.0.2.jar) doesn't work with the Crowd integration. It works ok if you get rid of that one and add the 3.0 version (commons-httpclient-3.0.jar) from Crowd. I'm using Confluence 2.2.2.

Posted by at Nov 28, 2006 20:13
|
It appears there are also conflicts with other libs, where you will want to use the following versions of jars:
- commons-collections-2.1.jar
- commons-httpclient-3.0.jar
- spring-1.1.1.jar
- log4j-1.2.7.jar
- oscache-2.2.jar
- xbean-spring-2.2.jar
Make sure there are not two different versions of the same library or Confluence will fail to property load.

Posted by justen.stepka@atlassian.com at Dec 27, 2006 21:46
|
If we are using LDAP today for all of our users what happens if I move to Crowd? How should one go about migrate from direct LDAP to Crowd?
I am worried about losing the links between people and the content they created as well as space permissions.

Posted by csummers@lrnelson.com at Jan 17, 2007 12:36
|
So long as the user names are the same all relationships will remain the same.
If you remove a user in the future confluence will displace the username as 'Anonymous'.

Posted by justen.stepka@atlassian.com at Jan 23, 2007 17:21
|
Is that just the label that will change to 'Anonymous', or is it a irreversible change of Confluence data? What happens if the username is added again to a directory in a later moment? Will the username be displaced back by the original creator or modifier name? How is Jira handling this? What do you mean in the future? How is it working then today?

Posted by bselders at Jan 24, 2007 03:17
|
I've got Crowd 0.7.2 running fine and I have it integrated with 3 applications:
- JIRA v3.6.2 - works fine, and performance degradation is negligible
- Confluence v2.2.4 - works, but is noticeably bit slower (10-15 seconds per page vs 3-5)
- Confluence v2.3.1 - works, but when logging in / logged in each page load can take in excess of 50 seconds with Crowd vs about 5 seconds without
Crowd, JIRA, and Confluence v2.3.1 are all on the same machine - Confluence v2.2.4 is on the same LAN. Access to crowd is behind Apache 2 with mod_proxy.
I have turned on External User Management in Confluence (although I would like to reverse that as I want to use the normal Confluence user management API so that user/group managing plugins still work) but this has made no effect.
While monitoring the Apache logs around Crowd I notice:
- JIRA asks Crowd 4 times and seems to cache them for a good while - making it nicely responsive.
- Confluence v2.2.4 asked around 180 times per page - making it slow (12.4 seconds for that request).
- Confluence v2.3.1 asked a shocking 950 times per page - making it incredibly slow.
It should be noted that I measured these by clearing the Apache log before the request, making the request and then counting the lines that were in the log file after the page had loaded.
It should also be noted that we are using the Builder theme which does a fair amount of permission checking when building the menus - however this should still be cached effectively to negate the impact.
Am I doing something wrong? I am sure this isn't the performance I can expect!

Posted by dhardiker@adaptavist.com at Feb 02, 2007 08:19
|
With regards to Builder menus, they do herds of permission checks depending on which menu items are used. However, they cache internally to avoid repeat checks on permissions for the same page view.

Posted by gfraser@adaptavist.com at Feb 02, 2007 09:52
|
Even if they weren't cached by Builder, I would expect the Crowd client to be caching them so that they were still only requested inside of the application (removing redundant checks from causing consultation with the Crowd server).
I can clearly see the option in the Crowd configuration site for setting the caching on the server, but are there similar settings for the client?

Posted by dhardiker@adaptavist.com at Feb 02, 2007 13:30
|
I've found that Confluence can manage Crowd if I don't turn off the External User Management ... are there any unexpected side effects to doing this?
I cant say I've noticed any performance differences regardless of this settings state.

Posted by dhardiker@adaptavist.com at Feb 02, 2007 13:38
|
You will want to make sure you have caching enabled in the server or else the client will not cache any downloaded data from the Crowd server.

Posted by justen.stepka@atlassian.com at Feb 02, 2007 17:00
|
Using Confluence 2.3.2 and Crowd 0.4.4, I cannot view my own profile or preferences. Says "You are not permitted to perform this operation." Everything else seems to work (surprisingly well).
If this is a configuration issue, does anyone know where and what to look for?

Posted by jsade at Feb 13, 2007 08:39
|
For anyone who is stuck with "Repository key cannot be null", please be aware that the newer builds of Confluence to not include key="crowd" in atlassian-user.xml
I noticed that a lot of newer releases of Confluence and JIRA already have the crowd code included it's just commented out.

Posted by at Feb 21, 2007 22:14
|
I am having the exact same problem as well using Confluence and Crowd.
One other issue i noticed (feel free to examine on your machine) is that only creators of spaces are allowed access to the "Space Admin" page. I noticed this when I imported a site that was created from another user (not in the LDAP directory), and now there is no way to delete the site since I cannot administer it.
Anyone else run into this problem as well?

Posted by at Feb 23, 2007 02:06
|
I got rid of that problem. When I was experiencing that issue I was running a standalone Confluence with HSQLdb, in Windows.
Did a fresh install to RHEL4 using mysql and the problem disappeared.
I think I did the configs exactly the same, so afaik the only variables that changed were OS and database.

Posted by jsade at Feb 23, 2007 08:21
|
|