Products: Crowd 2.6.4, JIRA 6.2.1, Confluence 5.2.5, Stash 2.11.6, Bamboo - 5.1.1
Hello,
My team is in the process of implementing a custom authentication and authorization solution using PKi for authentication and a custom authorization service for authorization. Currently, we use Crowd as the LDAP for users to log into our other Atlassian applications and determine a user's level of access based on the assigned groups. Here is our entire drafted process:
What we would like to do is implement a non-interactive single sign-on system for our product suite where users can access each application without having to enter in their login credentials to each application. What we have discovered in that for each application, we would need to create a separate authentication provider since the way the each Atlassian product stores the user principal in the session is different.
Is that any documentation or sample coding out there that allows for non-interactive single sign on? Any input is appreciated.
Community moderators have prevented the ability to post new answers.
Eric - you are correct that unique authenticators are needed for each app for those SSO legs. (Crowd authenticator is not required - except if want SSO for the Crowd admns). For the rest, AppFusions' Kerberos SSO Authenticators for LDAP and Atlassian servers are packaged solutions for your need.
http://www.appfusions.com/display/KBRSCJ/Home
If you have questions, email info@appfusions.com - but at a minimum, here's some questions with regards to your environment:
Justin,
Thanks for the link. It seems like the AppFusions site you will need to purchase their solution. If all possible, we are looking for something that is Open Source. Is there another solution out there by chance?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Not that I know of. AppFusions tried to do the open source thing initially, but it was not very successful. They talk abt it here - http://www.appfusions.com/display/KBRSCJ/FAQ There are other SSO solutions out there which are very very pricey (you will find in your research). It's a tricky problem. And once done, it's done. Not really a repeatable expertise in most people's jobs.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.