-
Suggestion
-
Resolution: Fixed
-
None
Stash should support Single Sign On (SSO) with Crowd, to integrate into the Atlassian suite better.
![[Extranet] Page](/images/icons/generic_link_16.png "[Extranet] Page"){kind=icon}
[BSERV-2493] Support Crowd SSO
i'm using a Apache Proxy to access my atlassian tools
f.e.
https://mydomain/stash
https://mydomain/confluence
https://mydomain/jira
https://mydomain/crowd
so in every server.xml config i configured proxyName proxyPort ans scheme=https
Single Sign own worked perfectly between jira and confluence, but not with Stash
in my stash-config.properties i setup the required stuff:
plugin.auth-crowd.sso.enabled=true
plugin.auth-crowd.sso.http.proxy.host=mydomain
plugin.auth-crowd.sso.http.proxy.port=443
but it will still not work.
Solution:
=======
remove
plugin.auth-crowd.sso.http.proxy.host=mydomain
plugin.auth-crowd.sso.http.proxy.port=443
from stash-config.properties
don't forget to uncomment
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
in the server.xml file in stash app dir
Martin Schweizer
added a comment - - edited i'm using a Apache Proxy to access my atlassian tools
f.e.
https://mydomain/stash
https://mydomain/confluence
https://mydomain/jira
https://mydomain/crowd
so in every server.xml config i configured proxyName proxyPort ans scheme=https
Single Sign own worked perfectly between jira and confluence, but not with Stash
in my stash-config.properties i setup the required stuff:
plugin.auth-crowd.sso.enabled=true
plugin.auth-crowd.sso.http.proxy.host=mydomain
plugin.auth-crowd.sso.http.proxy.port=443
but it will still not work.
Solution:
=======
remove
plugin.auth-crowd.sso.http.proxy.host=mydomain
plugin.auth-crowd.sso.http.proxy.port=443
from stash-config.properties
don't forget to uncomment
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
in the server.xml file in stash app dir Is Single Sign On broke at the moment ?
I tried everything that is described in the Confluence Wiki Page.
Got it working.
https://confluence.atlassian.com/display/STASH/Connecting+Stash+to+Crowd#ConnectingStashtoCrowd-SSO
here Stands <STASH_HOME>/shared/stash-config.properties
I assumed that home is the application folder and not the data folder. 
Pierre Humberdroz
added a comment - - edited Is Single Sign On broke at the moment ?
I tried everything that is described in the Confluence Wiki Page.
Got it working.
https://confluence.atlassian.com/display/STASH/Connecting+Stash+to+Crowd#ConnectingStashtoCrowd-SSO
here Stands <STASH_HOME>/shared/stash-config.properties
I assumed that home is the application folder and not the data folder. Hi Jason,
Thanks for the feedback! The Crowd SSO plugin will only enable SSO integration when it can. It tests:
- whether you've got a User Directory set up pointing to Crowd.
- whether the remote Crowd has got a valid SSO cookie configuration.
It's the second test that is causing problems for you. I've created STASH-3264 for this problem.
Jason Stiefel
added a comment - I think I nailed this down to having an empty domain cookie configuration in Crowd. When I configured Crowd with a value of "localhost" SSO seemed to work for Stash.
It's worth noting that all other apps (Jira, Conf, etc..) seem to work fine with the empty domain setting.
Jason Stiefel
added a comment - I think I nailed this down to having an empty domain cookie configuration in Crowd. When I configured Crowd with a value of "localhost" SSO seemed to work for Stash.
It's worth noting that all other apps (Jira, Conf, etc..) seem to work fine with the empty domain setting. Jason Stiefel
added a comment - Unfortunately this doesn't seem to be working. I've enabled
plugin.auth-crowd.sso.enabled=true
and I can see the authenticator:
2013-03-26 09:59:37,265 DEBUG [http-bio-8085-exec-16] 599x244x1 0:0:0:0:0:0:0:1%0 "GET /logout HTTP/1.1" c.a.s.i.s.s.PluginAuthenticationProvider attempting authentication with authenticator com.atlassian.stash.stash-authentication:crowdHttpAuthHandler 2013-03-26 09:59:46,078 DEBUG [http-bio-8085-exec-17] 599x245x1 1szwp6r 127.0.0.1,127.0.0.1 "GET / HTTP/1.1" c.a.s.i.s.s.PluginAuthenticationProvider attempting authentication with authenticator com.atlassian.stash.stash-auth-crowd-sso:crowdSsoAuthHandler
But that's all the logging I can get out of it and it doesn't seem to be working. Nothing is happening (that I can see) on the Crowd side either.
Thoughts?
Jason Stiefel
added a comment - Unfortunately this doesn't seem to be working. I've enabled
plugin.auth-crowd.sso.enabled= true
and I can see the authenticator:
2013-03-26 09:59:37,265 DEBUG [http-bio-8085-exec-16] 599x244x1 0:0:0:0:0:0:0:1%0 "GET /logout HTTP/1.1" c.a.s.i.s.s.PluginAuthenticationProvider attempting authentication with authenticator com.atlassian.stash.stash-authentication:crowdHttpAuthHandler
2013-03-26 09:59:46,078 DEBUG [http-bio-8085-exec-17] 599x245x1 1szwp6r 127.0.0.1,127.0.0.1 "GET / HTTP/1.1" c.a.s.i.s.s.PluginAuthenticationProvider attempting authentication with authenticator com.atlassian.stash.stash-auth-crowd-sso:crowdSsoAuthHandler
But that's all the logging I can get out of it and it doesn't seem to be working. Nothing is happening (that I can see) on the Crowd side either.
Thoughts? Jason Stiefel
added a comment - Stoked to see the fix scheduled! Thanks team! 
Todd Fiala
added a comment - Awesome to see the fix version coming up!!!! Thanks, Stash team Jason Stiefel
added a comment - I'm mobile at the moment but will tomorrow afternoon - it's 100% predictable for us.
Jason Stiefel
added a comment - I'm mobile at the moment but will tomorrow afternoon - it's 100% predictable for us. jason.stiefel, can you create a support request for the re-direct issue? I've just tried it and can't reproduce it. Might be related to an environment specific configuration.
Please note that you should not be uncommenting the SingleSignOn Valve in the server.xml for Tomcat. This has nothing to do with Crowd SSO and make in fact interfere with it functioning.