This plugin allows using Atlassian Crowd or JIRA as an authentication and authorization provider for Jenkins (Crowd version 2 and later). Crowd is a commercial identity management and Single Sign-On (SSO) application.
Requirements
The current version of the plugin is tested against Crowd 3.7 and Crowd 5.1, with Jenkins 2.275.4. This plugin uses Crowd REST APIs for connecting to the Crowd and therefore requires Crowd >= 2.1 (see Crowd REST API docs). If you have an older Crowd server, use the older “Crowd Plugin” instead.
License
This project is licensed under the MIT License – see the LICENSE file for details
Configuration
To configure the plugin, you first need to create a new application in Crowd [Atlassian adding-an-application docs].(https://confluence.atlassian.com/crowd/adding-an-application-18579591.html) has additional information on how to configure applications in the Crowd.
Be sure to also allow connections to Crowd from the server Jenkins runs on.
Next, you need to configure a group that contains all users who are allowed to log in into Jenkins. Atlassian has further information on how to manage users and groups.
Once you have the application and group configured in Crowd, you can enable Crowd-based security in Jenkins on the “Manage Jenkins” page. Enter the URL of your Crowd server (will typically end with …/crowd) as well as the application name, password, and group name you configured in the Crowd.
Click on the “Check Connection” button to ensure that your connection credentials are valid.
Crowd supports nested groups, i.e. groups which contain other groups as members and groups that are members of other groups (see nested groups documentation). If you want to use this feature, click on the “Advanced…” button and enable it. This may degrade performance, depending on your server configuration.
This plugin doesn't support Crowd roles. As long as there's not enough interest, it's unlikely that they will be supported in a future version because they have been deprecated since Crowd 2.0 (see here for details).
This plugin works well with Matrix Authorization Strategy Plugin. You can use the Crowd users and groups to define permissions on folder/pipeline/job level.
Development
These instructions will get you a copy of the project up and running on your personal machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
A classic approach.
git clone https://github.com/jenkinsci/crowd2-plugin.git
cd crowd2-plugin
mvn install
# to start the plugin in a local embedded test environment, run
mvn hpi:run
Standalone Test Environment
To start a personal build of the plugin in a standalone test environment, run
mvn install
Then upload the resulting .hpi file (target/crowd2-VERSION.hpi) like described in the [official documentation] (https://jenkins.io/doc/book/managing/plugins/#advanced-installation).
More advanced one with docker
More about it in CONTRIBUTING.md
git clone https://github.com/jenkinsci/crowd2-plugin.git
cd crowd2-plugin
# run this if you want to use mvn jenkins repo
./_init.sh
# this command will set up local crowd and jenkins instance
# with all integration already setup
./_start.sh 11
Built With
Versioning
We use SemVer for versioning (starting from version 2.0.0). For the versions available, see the tags on this repository.
Authors
See the list of contributors who participated in this project.
FAQ
Is Single-Sign-On (SSO) supported?
Yes :-) That was the main reason I wrote this plugin.
What's the difference between this plugin and “Crowd Plugin”?
Apart from SSO, this plugin contains fixes for almost all open issues of the “Crowd Plugin”. (If you look at the issue navigator, there are current seven; five of them are almost or even older than one year. Looking at the source code at GitHub (https://github.com/jenkinsci/crowd-plugin), there doesn't seem to be much activity trying to fix them). I have to admit that I haven't tested JENKINS-9924 so far, i.e. what happens when the Crowd server is down. This will be done in the near future.
A more technically answer is that this plugin code was written from scratch using a different API to connect to the Crowd server, i.e. the Crowd REST APIs. These are recommended by Atlassian for long-term compatibility.
In contrary, the “Crowd Plugin” uses Crowd's Java integration libraries that have the disadvantage that one perhaps has to re-compile the source code when a new Crowd release is available and one has to update these libraries.
Why do I have to choose a group for users?
To restrict the number of your Crowd users who are allowed to log in. I thought it's cool to have such a feature because, for example, Confluence and JIRA, other well-known products from Atlassian, also work that way.
Is there Localization support?
Yes.
If you want to add some translation, please feel free to add some in here. After proper review, it will be automatically added to the plugin.
Roadmap
The following changes and improvements are planned for the following releases
3.x.x
- Work on the open JIRA issues
- Improve test coverage by adding new tests
- Merge open pull requests to fix caching and http client to solve performance and compatibility issues
- Fix logging for plugin