Bamboo 3.4 : Integrating Bamboo with Crowd

Atlassian's Crowd identity management system can be integrated with Bamboo. This allows you to use Crowd as a user directory manager for Bamboo.

The integration process requires you to configure Crowd to talk to Bamboo, then configure Bamboo to talk to Crowd. Hence, the instructions below reference the Crowd documentation. Ensure that you are referring to the correct version of the Crowd documentation.

If you have JIRA 4.3 or later, you can also manage your users via JIRA. The process for connecting Bamboo to JIRA for user management is the same as the process for connecting Bamboo to Crowd for user management (described below).

Bamboo 3.2 should work with versions of Crowd from 2.1 onwards. We recommend Crowd 2.3 or later for performance reasons. Versions earlier than 2.1 are not supported.

Step 1. Configuring Crowd to Talk to Bamboo

For instructions on how to configure Crowd to talk to Bamboo, please refer to the Integrating Crowd with Atlassian Bamboo for the latest version of Crowd, which can be found in the Crowd Administrator's Guide. If you are using an older version of Crowd, find the documentation via the Crowd documentation homepage.

Step 2. Configuring Bamboo to Talk to Crowd

  1. Navigate to 'Administration' > 'User Repositories' ('Security' section).
  2. Choose 'Users and groups from JIRA or Crowd' and configure the connection settings, as follows:

    'Server URL'

    Enter the URL of your Crowd server, e.g. http://localhost:8095/crowd/services/
    If your Crowd server's port is configured differently from the default (8095), set it accordingly.

    'Application Name'

    Enter application name that you specified when defining the application in Crowd (see Step 1 above).

    'Change Password' checkbox

    Tick this checkbox and set 'Application Password' to the password that you specified when defining the application in Crowd (see Step 1 above).

    'Cache Refresh Interval'

    Set to 0, if you want authentication checks to occur on each request. Otherwise set to the number of minutes between requests to validate if the user is logged in or out of the Crowd SSO server. Setting this value to 1 or higher will increase the performance of Crowd's integration.

    'Synchronise now'

    Click this link to synchronise users and groups from Crowd to Bamboo. Note, this operation may take a long time depending on the number of users that need to be synchronised.

  3. Click 'Save'

2.1 Configure External User Management in Bamboo

If you are connecting Bamboo to an external user management system and do not have rights to update user attributes there, you will need to prevent users from being updated in Bamboo. In this case, you should ensure that the 'Read-only External User Management?' check-box is checked.

To configure the external user management option in Bamboo:

  1. Navigate to 'Administration' > 'Security Settings'.
  2. Click the 'Edit' button to edit the settings.
  3. Set the 'Read-only External User Management?' checkbox. The table below outlines the correct configuration for Bamboo, depending on your external user management setup:

    External User Management Setup

    'Read-only External User Management?' check-box

    Bamboo integrated with — Crowd using the Crowd database (i.e. Internal Directories)

    Unchecked

    Bamboo integrated with — Crowd connected to a read-only LDAP

    Checked

    Bamboo integrated with — Crowd connected to a read-write LDAP

    Unchecked

    Bamboo integrated with — Crowd with authentication-only delegated to LDAP.

    Unchecked

  4. Click 'Save'.

2.2 (Optional) Enable Single Sign-On

Single sign-on (SSO) is optional when integrating Bamboo and other Atlassian products with Crowd. To use centralised authentication without SSO, skip the steps below.

To enable single sign-on (SSO), you will configure Bamboo's authentication and access request calls to use Seraph. To configure Seraph-based authentication:

  1. Shut down Bamboo.
  2. Edit the \BAMBOO\webapp\WEB-INF\classes\seraph-config.xml
  3. Comment out the authenticatornode:

    <!--<authenticator class="com.atlassian.bamboo.user.authentication.BambooAuthenticator"/>-->
  4. Add a new authenticator, by adding the following tag:

    <authenticator class="com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator"/>
  5. Start Bamboo. Bamboo's authentication and access request calls will now be performed using Seraph.

Notes

  • Test times for synchronising Bamboo-Crowd — As a guideline, we were able to synchronise 5000 users in six seconds in our internal tests using Crowd 2.3.1. Older versions of Crowd took three minutes to complete the same task.
  • If you want to configure the Bamboo-Crowd connection settings manually (e.g. to change the proxy settings), you can find the crowd.properties and atlassian-user.xml files in the $BAMBOO_HOME/xml-data/configuration/ directory.
Related Topics

Working with External User Repositories
Integrating Crowd with Atlassian Bamboo (Crowd documentation)