-
Suggestion
-
Resolution: Unresolved
-
None
-
170
-
I'm not sure if this is a support or feature request. I'd like to setup Postini to authenticate against Crowd via SAML. The only mention of Crowd+SAML I've heard of involves Google Apps. Does Crowd actually function as a general SAML service?
Fwiw, here's the Postini SSO docs:
I got so far as "Enter your SSO issuer ID and paste your SSO PEM (base64) format certificate" under "Configure SSO for Your Account Org".
Thanks!
- is duplicated by
-
- Closed
- is related to
-
- Gathering Interest
-
- Gathering Interest
- mentioned in
-
Page Failed to load
-
Page Failed to load
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
[CWD-1822] General SAML Support
Hi @Marek Radochonski, it seems your official announcement on this ticket confuses the "SAML support" between:
- Crowd => SAML provider
- and Application => Crowd as SAML provider
This ticket is intented to help any application authenticate against Crowd via SAML
This ticket has a comment on july 2018, made by Marek Radochonski
But his is Inactiva since march 2020
Is there anyone in Atlassian considering this ticket?
For those that have moved away from Crowd: what do you guys do for groups? Do you just use locally created groups within each application or are you somehow getting group memberships from your IDP or another source?
I'll be honest - I haven't tested Keycloak with Jira or Confluence yet as I wanted to evaluate the actual SSO process itself first so went with our low hanging fruit of Bamboo and BitBucket.
Keycloak can provide group membership information for a given logged in user but that - as I understand it - isn't enough because you won't have a list of groups in Jira or Confluence that you can then use to grant permissions to. I'm intending to solve this by configuring Jira/Confluence to use LDAP as a second-tier directory, i.e. just so that Jira/Confluence can get a list of the groups that exist.
I don't have a solution for a scenario where a social authenticator like Google or GitHub is used. I think you'd then have to implement groups some other way.
For those that have moved away from Crowd: what do you guys do for groups? Do you just use locally created groups within each application or are you somehow getting group memberships from your IDP or another source?
At our site, we want to use Jira project role memberships to grant permissions in other applications. To do that, we use groups in crowd. I suppose we could synchronize the Jira project role memberships into each of the other tools separately, but it's kind of convenient to have them all in one place that they can all see.
Just to share with others watching this issue that we're shifting over to using Keycloak instead of Crowd. We've started with the lesser-used Atlassian products in our company (Bitbucket and Bamboo) but that has worked well so far. Going to tackle the larger ones later this year now that we've found a provider of OIDC plugins for all of the products (miniOrange).
(I said OIDC there instead of SAML simply because that was the choice I made on how to integrate the Atlassian apps with Keycloak. It works just as well with SAML. It was a personal preference).
Well, this is a downer for us too. We actually do use crowd and we find it useful, and we still hope you will deliver this as soon as possible.
Same situation for us as for Martin - we found Crowd to be a useless single-point-of-failure for us and no longer have it.
No problem. We never actually expected this to be added given Atlassian's tepid commitment here, and hence we no longer use Crowd...
This issue is of serious concern for us because of the impending removal of CrowdID. We use CrowdID as an identify provider for third-party applications with OpenID support, and full support for SAML IdP functionality in Crowd would allow us to replace the existing CrowdID functionality.