This page last changed on Feb 27, 2007 by justen.stepka@atlassian.com.

Managing an Application Client

The management of an application client through the administration console allows administrators to configure the authentication, linked directories, access groups and valid application host that are allowed to make API calls versus the Crowd security server.

Application Directory Mappings

Directory mappings control which user stores will be used when authenticating and authorizing a principal's access request. For a principal to be considered a valid application user, their account must belong to a group that is assigned to the application. The order of the assigned directories can be configured as necessary.

The Directory listed first will be called when authentication or authorization calls are necessary. If the security call can be processed by the associated directory the operation will then return the result. If the call can not be processed, the next directory in the list will then be used when running the security call until all directory servers have been exhausted.

If the security call can not be processed, an Exception based on the method will be thrown.

To allow all users from a directory to authenticate, change the Allow all to Authenticate option to true. This will allow anyone in the configured directory to authenticate with application.

Application Group Mappings

Group mappings control which principals are allowed to authenticate versus the application. If the principal is a member of an assigned group their authentication will be valid.

Application Addresses

Address mappings are used to validate the remote address of a requesting application client.

Common Misconfiguration

For an application to be able to use the remote API of the security server, the client address must be valid and active.

Configuration Test.

The Configuration Test tool allows you to validate that user is valid for an application. Authentications are valid only when a group the user is a member of is enabled to login to an application. If the username and password provided are valid but the authentication check fails, the security settings for the integrated Directories or Groups will need to be adjusted.


Document generated by Confluence on Mar 08, 2007 18:50