• Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • OpenID
    • 38
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Atlassian Update - 28 January 2020

      Hello everyone,

      We are pleased to announce that we have released support for OpenID Connect for Jira, Confluence, Bitbucket and Jira Service Desk Data Center.

      You can learn more about it here: https://www.atlassian.com/blog/enterprise/openid-connect

      Please note that in order to use OpenID Connect you will need Data Center license.

      You can create your evaluation license for your Data Center product here https://my.atlassian.com/license/evaluation

      We hope that you will enjoy it!

      Please reply directly to my email to share your feedback or just add your comments in this ticket. We'd love to hear your thoughts!

      Best regards,

      Marek Radochonski
      Senior Product Manager
      mradochonski@atlassian.com

      OpenID Connect performs many of the same tasks as OpenID 2.0, but does so in a way that is API-friendly, and usable by native and mobile applications. OpenID Connect defines optional mechanisms for robust signing and encryption. Whereas integration of OAuth 1.0a and OpenID 2.0 required an extension, in OpenID Connect, OAuth 2.0 capabilities are integrated with the protocol itself.

      Source:
      http://openid.net/connect/

            [CWD-3995] Provide support for OpenID Connect

            Is there any ETA for this?

            Mikalai Hrynchuk added a comment - Is there any ETA for this?

            Lloyd Lett added a comment -

            pleaseeeee

            Lloyd Lett added a comment - pleaseeeee

            Actualy DEX can act as Gateway ... 

            Not Nice but works..

             

            Holger Rojahn added a comment - Actualy DEX can act as Gateway ...  Not Nice but works..  

            We have released OpenID Connect support in Jira, Confluence, Bitbucket and JSD Data Center. We are still considering adding support for it in Crowd Data Center in the future.

            Marek Radochonski (Inactive) added a comment - We have released OpenID Connect support in Jira, Confluence, Bitbucket and JSD Data Center. We are still considering adding support for it in Crowd Data Center in the future.

            I think your product direction makes sense to me. Integrate the Relying Party role into your popular apps (JIRA, Confluence, Bitbucket) so that they can connect to any certified OIDC Provider. Keep in mind that OIDC also includes the features of OAuth2. OAuth2 isn't actually a standard, and is a generalized framework. I think the exposed claims from the IdP should be sufficient to authorize various user roles for the Atlassian suite of apps.

            Then you could position Crowd to be an OIDC Provider, packaged as a standalone enterprise identity provider. That would place it in competition with products like Ping Identity, RedHat Keycloak, etc.

            Cal Heldenbrand added a comment - I think your product direction makes sense to me. Integrate the Relying Party role into your popular apps (JIRA, Confluence, Bitbucket) so that they can connect to any certified OIDC Provider. Keep in mind that OIDC also includes the features of OAuth2. OAuth2 isn't actually a standard, and is a generalized framework. I think the exposed claims from the IdP should be sufficient to authorize various user roles for the Atlassian suite of apps. Then you could position Crowd to be an OIDC Provider, packaged as a standalone enterprise identity provider. That would place it in competition with products like Ping Identity, RedHat Keycloak, etc.

            benjamin.buffereau

            Thank you for feedback and for being honest with us. That is very important for us.
            Regarding Crowd acting as OIDC Identity provider and OAuth 2.0 Authorization Server, which one is more important for you?

            Best Regards,
            Marcin Kempa

            Marcin Kempa added a comment - benjamin.buffereau Thank you for feedback and for being honest with us. That is very important for us. Regarding Crowd acting as OIDC Identity provider and OAuth 2.0 Authorization Server, which one is more important for you? Best Regards, Marcin Kempa

            @Macin : my organization (Regional Council of Brittany, France) use Crowd as a general-purpose identity server (dozens of apps connected to Crowd, many directories, thousands of accounts). More and more Apps (On-premise + Cloud) now support OIDC and OAuth2 out of the box as standard protocols to delegate authentication and autorisation to an identity server. That's why we need either Crowd to act as an OIDC provider and OAuth2 authorization server, or to replace Crowd with Keycloak for example.

            IMHO, Atlassian has only 2 choices regarding Crowd : either invest heavily and quickly to add OIDC and OAuth2 support, or let him die. It's almost too late for us, we are going to take the decision on the future of Crowd in the next few weeks ...

            Benjamin Buffereau added a comment - @Macin : my organization (Regional Council of Brittany, France) use Crowd as a general-purpose identity server (dozens of apps connected to Crowd, many directories, thousands of accounts). More and more Apps (On-premise + Cloud) now support OIDC and OAuth2 out of the box as standard protocols to delegate authentication and autorisation to an identity server. That's why we need either Crowd to act as an OIDC provider and OAuth2 authorization server, or to replace Crowd with Keycloak for example. IMHO, Atlassian has only 2 choices regarding Crowd : either invest heavily and quickly to add OIDC and OAuth2 support, or let him die. It's almost too late for us, we are going to take the decision on the future of Crowd in the next few weeks ...

            Any clues as to timeline/ETA?

            Preston Lee added a comment - Any clues as to timeline/ETA?

            Hi mvdkleijn and marcin.kwapisz,

            Thank you very much for your comments and interest in this issue. We are always keen to listen for feedback about Atlassian products.

            Regarding phasing out Crowd, there are no such plans. We are constantly working on improving Crowd with new capabilities and with extending current ones. I am sorry that recent releases did not bring value you needed.
            As I understand your comment you need Crowd to act as an OIDC provider and OAuth2 authorization server as you would like to centralized authentication and authorization management for you Atlassian on premise products. Is that correct assumption? Please let us know what are your requirements and needs with OIDC and OAuth2 and how would you like to use it with Crowd. Your feedback will help us to understand the problem space better.

            Best Regards,
            Marcin Kempa
            Crowd Dev Lead

            Marcin Kempa added a comment - Hi mvdkleijn and marcin.kwapisz , Thank you very much for your comments and interest in this issue. We are always keen to listen for feedback about Atlassian products. Regarding phasing out Crowd, there are no such plans. We are constantly working on improving Crowd with new capabilities and with extending current ones. I am sorry that recent releases did not bring value you needed. As I understand your comment you need Crowd to act as an OIDC provider and OAuth2 authorization server as you would like to centralized authentication and authorization management for you Atlassian on premise products. Is that correct assumption? Please let us know what are your requirements and needs with OIDC and OAuth2 and how would you like to use it with Crowd. Your feedback will help us to understand the problem space better. Best Regards, Marcin Kempa Crowd Dev Lead

            Hi Gaurav,

            Is there any way to get this (Crowd as an OIDC provider) in scope?

            Crowd is rapidly losing its value for us as a DC customer due to the lack of OIDC provider and OAuth2 server capabilities. If Atlassian's intention is to phase out Crowd, please let us know so we don't invest too much time and effort in this product.

            Cheers, Martijn

            Deleted Account (Inactive) added a comment - Hi Gaurav, Is there any way to get this (Crowd as an OIDC provider) in scope? Crowd is rapidly losing its value for us as a DC customer due to the lack of OIDC provider and OAuth2 server capabilities. If Atlassian's intention is to phase out Crowd, please let us know so we don't invest too much time and effort in this product. Cheers, Martijn

              mradochonski@atlassian.com Marek Radochonski (Inactive)
              gnedel Guilherme Nedel (Inactive)
              Votes:
              162 Vote for this issue
              Watchers:
              124 Start watching this issue

                Created:
                Updated: