Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-1348

Client applications should only see principals which have been authorised to access the application



    • Type: Suggestion
    • Status: Resolved (View Workflow)
    • Priority: Low
    • Resolution: Won't Fix
    • Affects Version/s: 1.5.2
    • Fix Version/s: None
    • Component/s: Administration
    • Labels:


      Atlassian Status as of 27 April 2011

      Hi folks,
      Thanks for your continued support and feedback, we wanted to give you an update on the status of this issue.
      Over the medium term, the direction we're taking with Crowd is to focus on scalability, reliability and performance. Unfortunately, it means that this feature is unlikely to be included in any near-term improvements to the product, as workflows and management don't align with our future direction.

      We are aware of the issue, and recognise that it is something that needs to be done, however, it's unrealistic that it will ship within the next 18 months.
      Atlassian Product Management

      Currently, a client application can "see" all the principals in the directories configured for that application.

      Ideally, if Allow All To Authenticate on a directory is set to False, only the principals that belong to the configured groups should be visible to the application. If Allow All To Authenticate on a directory is set to True, then the current behaviour of retrieving all groups is acceptable.

      In addition to the SSC findAllPrincipalNames() method, there should be some sort of findAllAuthenticatablePrincipalNames()


          Issue Links



              • Votes:
                36 Vote for this issue
                36 Start watching this issue


                • Created:
                  Last commented:
                  2 days ago