Crowd 2 Integration

Build Status Coverage Security Rating Crowdin

Open in Gitpod

This plugin allows using Atlassian Crowd or JIRA as an authentication and authorization provider for Jenkins (Crowd version 2 and later). Crowd is a commercial identity management and Single Sign-On (SSO) application.

Requirements

Current version of plugin is tested agains Crowd 3.7, with Jenkins 2.303.1. This plugin uses Crowd REST APIs for connecting to Crowd and therefore requires Crowd >= 2.1 (see Crowd REST Api docs). If you have an older Crowd server, use the older "Crowd Plugin" instead.

License

This project is licensed under the MIT License - see the LICENSE file for details

Configuration

To configure the plugin, you first need to create a new application in Crowd. Atlassian adding-an-application docs has more information on how to configure applications in Crowd.

crowd screen

Be sure to also allow connections to Crowd from the server Jenkins runs on.

Next you need to configure a group that contains all users that are allowed to login into Jenkins. Atlassian managing-users-and-groups docs has more information how to manage users and groups.

crowd add group

Once you have the application and group configured in Crowd, you can enable Crowd-based security in Jenkins on the "Manage Jenkins" page. Enter the URL of your Crowd server (will typically end with .../crowd) as well as the application name, password and group name you configured in Crowd.

jenkins security configuration

Click on the "Check Connection" button to ensure that your connection credentials are valid.

Crowd supports nested groups, i.e. groups which contain other groups as members and groups that are members of other groups (see nested groups docs). If you want to use this feature, click on the "Advanced..." button and enable it. This may degrade performance, depending on your server configuration.

This plugin doesn't support Crowd roles. As long as there's not enough interest, it's unlikely that they are supported in a future version because they are deprecated since Crowd 2.0 (see here for details).

This plugin works well with Matrix Authorization Strategy Plugin: You can use Crowd users and groups to define permissions on folder/pipeline/job level.

Development

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.

A classic approach.

git clone https://github.com/jenkinsci/crowd2-plugin.git
cd crowd2-plugin
mvn install

# to start the plugin in a local embedded test environment, run
mvn hpi:run

Standalone Test Environment

To start a local build of the plugin in a standalone test environment, run

mvn install

then upload the resulting .hpi file (target/crowd2-VERSION.hpi) like described in the official documentation.

More advanced one with docker

More about it in CONTRIBUTING.md

git clone https://github.com/jenkinsci/crowd2-plugin.git
cd crowd2-plugin

# run this if you want to use mvn jenkins repo
./_init.sh

# this command will set up local crowd and jenkins instance
# with all integration already setup 
./_start.sh 11

Built With

Versioning

We use SemVer for versioning (starting from version 2.0.0). For the versions available, see the tags on this repository.

Authors

See the list of contributors who participated in this project.

FAQ

Is Single-Sign-On (SSO) supported?

Yes :-) That was the main reason I wrote this plugin.

What's the difference between this plugin and "Crowd Plugin"?

Apart from SSO this plugin contains fixes for almost all open issues of the "Crowd Plugin". (If you look at the issue navigator, there are actually seven; five of them are almost or even older than one year. Looking at the source code at GitHub (https://github.com/jenkinsci/crowd-plugin), there doesn't seem to be much activity trying to fix them). I have to admit that I haven't tested JENKINS-9924 so far, i.e. what happens when the Crowd server is down. This will be done in the near future.

A more technically answer is that this plugin code was written from scratch using a different API to connect to the Crowd server, i.e. the Crowd REST APIs. These are recommended by Atlassian for long-term compatibility.

In contrary, the "Crowd Plugin" uses Crowd's Java integration libraries that have the disadvantage that one perhaps has to re-compile the source code when a new Crowd release is available and one has to update these libraries.

Why do I have to choose a group for users?

To restrict the number of your Crowd users that are allowed to login. I thought it's cool to have such a feature because for example Confluence and JIRA, other well known products from Atlassian, also work that way.

Is there Localization support?

Yes.

If you want to add some translation please feel free to add some in https://crowdin.jenkins.io/crowd2-plugin After proper review it will be automaticaly added to plugin.

Roadmap

The following changes and improvements are planned for the following releases

3.x.x

  • Work on the open JIRA issues
  • Improve test coverage by adding new tests
  • Merge open pull requests to fix caching and httpclient to solve performance and compatibility issues
  • Fix logging for plugin