• Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      I'm not sure if this is a support or feature request. I'd like to setup Postini to authenticate against Crowd via SAML. The only mention of Crowd+SAML I've heard of involves Google Apps. Does Crowd actually function as a general SAML service?

      Fwiw, here's the Postini SSO docs:

      https://ac-s9.postini.com/help/admin_ee_cu/wwhelp/wwhimpl/common/html/wwhelp.htm?context=EEHelp&file=sso_toc.html#2973241

      I got so far as "Enter your SSO issuer ID and paste your SSO PEM (base64) format certificate" under "Configure SSO for Your Account Org".

      Thanks!

            [CWD-1822] General SAML Support

            This issue is of serious concern for us because of the impending removal of CrowdID. We use CrowdID as an identify provider for third-party applications with OpenID support, and full support for SAML IdP functionality in Crowd would allow us to replace the existing CrowdID functionality.

            Isaac Vaughn added a comment - This issue is of serious concern for us because of the impending removal of CrowdID. We use CrowdID as an identify provider for third-party applications with OpenID support, and full support for SAML IdP functionality in Crowd would allow us to replace the existing CrowdID functionality.

            Hi @Marek Radochonski, it seems your official announcement on this ticket confuses the "SAML support" between:

            • Crowd => SAML provider
            • and Application => Crowd as SAML provider

            This ticket is intented to help any application authenticate against Crowd via SAML

            Vincent Kopa (Ovyka) added a comment - Hi @Marek Radochonski, it seems your official announcement on this ticket confuses the "SAML support" between: Crowd => SAML provider and Application => Crowd as SAML provider This ticket is intented to help any application authenticate against Crowd via SAML

            This ticket has a comment on july 2018, made by Marek Radochonski

            But his is Inactiva since march 2020

            Is there anyone in Atlassian considering this ticket?

            Marcelo Mella added a comment - This ticket has a comment on july 2018, made by Marek Radochonski But his is Inactiva since march 2020 Is there anyone in Atlassian considering this ticket?

            For those that have moved away from Crowd: what do you guys do for groups? Do you just use locally created groups within each application or are you somehow getting group memberships from your IDP or another source?

            I'll be honest - I haven't tested Keycloak with Jira or Confluence yet as I wanted to evaluate the actual SSO process itself first so went with our low hanging fruit of Bamboo and BitBucket.

            Keycloak can provide group membership information for a given logged in user but that - as I understand it - isn't enough because you won't have a list of groups in Jira or Confluence that you can then use to grant permissions to. I'm intending to solve this by configuring Jira/Confluence to use LDAP as a second-tier directory, i.e. just so that Jira/Confluence can get a list of the groups that exist.

            I don't have a solution for a scenario where a social authenticator like Google or GitHub is used. I think you'd then have to implement groups some other way.

             

             

            Philip Colmer added a comment - For those that have moved away from Crowd: what do you guys do for groups? Do you just use locally created groups within each application or are you somehow getting group memberships from your IDP or another source? I'll be honest - I haven't tested Keycloak with Jira or Confluence yet as I wanted to evaluate the actual SSO process itself first so went with our low hanging fruit of Bamboo and BitBucket. Keycloak can provide group membership information for a given logged in user but that - as I understand it - isn't enough because you won't have a list of groups in Jira or Confluence that you can then use to grant permissions to. I'm intending to solve this by configuring Jira/Confluence to use LDAP as a second-tier directory, i.e. just so that Jira/Confluence can get a list of the groups that exist. I don't have a solution for a scenario where a social authenticator like Google or GitHub is used. I think you'd then have to implement groups some other way.    

            For those that have moved away from Crowd: what do you guys do for groups? Do you just use locally created groups within each application or are you somehow getting group memberships from your IDP or another source?

            At our site, we want to use Jira project role memberships to grant permissions in other applications. To do that, we use groups in crowd. I suppose we could synchronize the Jira project role memberships into each of the other tools separately, but it's kind of convenient to have them all in one place that they can all see.

            Dave Thomas added a comment - For those that have moved away from Crowd: what do you guys do for groups? Do you just use locally created groups within each application or are you somehow getting group memberships from your IDP or another source? At our site, we want to use Jira project role memberships to grant permissions in other applications. To do that, we use groups in crowd. I suppose we could synchronize the Jira project role memberships into each of the other tools separately, but it's kind of convenient to have them all in one place that they can all see.

            Just to share with others watching this issue that we're shifting over to using Keycloak instead of Crowd. We've started with the lesser-used Atlassian products in our company (Bitbucket and Bamboo) but that has worked well so far. Going to tackle the larger ones later this year now that we've found a provider of OIDC plugins for all of the products (miniOrange).

            (I said OIDC there instead of SAML simply because that was the choice I made on how to integrate the Atlassian apps with Keycloak. It works just as well with SAML. It was a personal preference).

             

            Philip Colmer added a comment - Just to share with others watching this issue that we're shifting over to using Keycloak instead of Crowd. We've started with the lesser-used Atlassian products in our company (Bitbucket and Bamboo) but that has worked well so far. Going to tackle the larger ones later this year now that we've found a provider of OIDC plugins for all of the products (miniOrange). (I said OIDC there instead of SAML simply because that was the choice I made on how to integrate the Atlassian apps with Keycloak. It works just as well with SAML. It was a personal preference).  

            Jakub Ring added a comment -

            Well, this is a downer for us too. We actually do use crowd and we find it useful, and we still hope you will deliver this as soon as possible.

            Jakub Ring added a comment - Well, this is a downer for us too. We actually do use crowd and we find it useful, and we still hope you will deliver this as soon as possible.

            David S added a comment -

            Yeah, disappointing.

            David S added a comment - Yeah, disappointing.

            David N added a comment -

            Same situation for us as for Martin - we found Crowd to be a useless single-point-of-failure for us and no longer have it.

            David N added a comment - Same situation for us as for Martin - we found Crowd to be a useless single-point-of-failure for us and no longer have it.

            No problem. We never actually expected this to be added given Atlassian's tepid commitment here, and hence we no longer use Crowd...

            martin_paulo added a comment - No problem. We never actually expected this to be added given Atlassian's tepid commitment here, and hence we no longer use Crowd...

              mradochonski@atlassian.com Marek Radochonski (Inactive)
              cmclaughlin CharlesA
              Votes:
              87 Vote for this issue
              Watchers:
              166 Start watching this issue

                Created:
                Updated: