-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
None
-
9
-
Currently, Crowd requires the Admins to provide Login and Password to have access to the Crowd database.
As an improvement, Crowd could use the current Windows Authentication to access the database (MS SQL)
[CWD-1681] Support Windows Authentication For MS SQL Database
| Support reference count | New: 9 |
| Remote Link | New: This issue links to "Page (Confluence)" [ 963597 ] |
| Workflow | Original: JAC Suggestion Workflow [ 3363197 ] | New: JAC Suggestion Workflow 3 [ 3626896 ] |
| Workflow | Original: Simplified Crowd Development Workflow v2 [ 1392173 ] | New: JAC Suggestion Workflow [ 3363197 ] |
| Issue Type | Original: New Feature [ 2 ] | New: Suggestion [ 10000 ] |
| Status | Original: Open [ 1 ] | New: Gathering Interest [ 11772 ] |
| Workflow | Original: Crowd Development Workflow v2 [ 272241 ] | New: Simplified Crowd Development Workflow v2 [ 1392173 ] |
Richard Marskell
added a comment - I was able to get integrated authentication to work (after installing initially to a temp database using mixed-mode).
Note: Make sure you stop JIRA before doing this.
First I changed my dbconfig.xml (in JIRA home directory) to have the following:
<url>jdbc:sqlserver://SERVER;databaseName=JIRADATABASE;integratedSecurity=true</url>
<driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
I then downloaded the Microsoft SQL Server JDBC Driver 2.0 from here: http://www.microsoft.com/en-us/download/details.aspx?id=2505
Once you extract the files from that, copy sqljdbc4.jar into the "lib" folder in the JIRA install (not home) directory.
Then, you'll want to find the appropriate dll file from the "auth" folder (within the files extracted above) called "sqljdbc_auth.dll". Copy that into c:\windows\system32. Make sure you choose the right file for your system (i.e. x86 = 32-bit).
That's it. I restarted JIRA and it worked.
Richard Marskell
added a comment - I was able to get integrated authentication to work (after installing initially to a temp database using mixed-mode).
Note: Make sure you stop JIRA before doing this.
First I changed my dbconfig.xml (in JIRA home directory) to have the following:
<url>jdbc:sqlserver://SERVER;databaseName=JIRADATABASE;integratedSecurity=true</url>
<driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
I then downloaded the Microsoft SQL Server JDBC Driver 2.0 from here: http://www.microsoft.com/en-us/download/details.aspx?id=2505
Once you extract the files from that, copy sqljdbc4.jar into the "lib" folder in the JIRA install (not home) directory.
Then, you'll want to find the appropriate dll file from the "auth" folder (within the files extracted above) called "sqljdbc_auth.dll". Copy that into c:\windows\system32. Make sure you choose the right file for your system (i.e. x86 = 32-bit).
That's it. I restarted JIRA and it worked. | Remote Link | New: This issue links to "Wiki Page (Extranet)" [ 40300 ] |
| Workflow | Original: Feature Request Workflow [ 183011 ] | New: Crowd Development Workflow v2 [ 272241 ] |
| Status | Original: Awaiting Review [ 10033 ] | New: Open [ 1 ] |
I'm not sure why David suggested installing the SSO support for it. In my understanding SSO needs to be installed only if you don't want to provide user/password and use the OS service user to authenticate the connection.
http://jtds.sourceforge.net/faq.html#urlFormat
domain
Specifies the Windows domain to authenticate in. If present and the user name and password are provided, jTDS uses Windows (NTLM) authentication instead of the usual SQL Server authentication (i.e. the user and password provided are the domain user and password). This allows non-Windows clients to log in to servers which are only configured to accept Windows authentication.
If the domain parameter is present but no user name and password are provided, jTDS uses its native Single-Sign-On library and logs in with the logged Windows user's credentials (for this to work one would obviously need to be on Windows, logged into a domain, and also have the SSO library installed – consult README.SSO in the distribution on how to do this).
My understanding is that, if you are OK with providing tomcat AD user/password, the only required change is the domain parameter in JDBC URL .
Bogdan Dziedzic [Atlassian]
added a comment - - edited I'm not sure why David suggested installing the SSO support for it. In my understanding SSO needs to be installed only if you don't want to provide user/password and use the OS service user to authenticate the connection.
http://jtds.sourceforge.net/faq.html#urlFormat
domain
Specifies the Windows domain to authenticate in. If present and the user name and password are provided, jTDS uses Windows (NTLM) authentication instead of the usual SQL Server authentication (i.e. the user and password provided are the domain user and password). This allows non-Windows clients to log in to servers which are only configured to accept Windows authentication.
If the domain parameter is present but no user name and password are provided, jTDS uses its native Single-Sign-On library and logs in with the logged Windows user's credentials (for this to work one would obviously need to be on Windows, logged into a domain, and also have the SSO library installed – consult README.SSO in the distribution on how to do this).
My understanding is that, if you are OK with providing tomcat AD user/password, the only required change is the domain parameter in JDBC URL .
Sorry, didn't realize I was in a Crowd bug. The above was for JIRA, but may be helpful here too.