Skip to content
This repository has been archived by the owner on Dec 10, 2023. It is now read-only.
/ crowd2-plugin Public archive

A plugin for Jenkins to use Atlassian Crowd or JIRA as an identity manager

License

Notifications You must be signed in to change notification settings

jenkinsci/crowd2-plugin

Repository files navigation

Distribution of this plugin has been suspended by the Jenkins project because it uses several closed source dependencies. The closed source dependencies in the most recent release include:

  • com.atlassian.crowd:crowd-integration-api:5.1.5
  • com.atlassian.crowd:crowd-integration-client-rest:5.1.5
  • com.atlassian.crowd:embedded-crowd-api:5.1.5
  • com.atlassian.crowd:crowd-integration-client-common:5.1.5
  • com.atlassian.collectors:atlassian-collectors-util:1.1

The Jenkins project governance document and the plugin hosting instructions both note that the Jenkins project requires that plugins distributed by the Jenkins project must be open source and use open source dependencies.

Atlassian announcement

Atlassian has announced Crowd Server will no longer be supported after February 15, 2024. Users of Crowd Server must migrate to Crowd Data Center.

Restoring distibituion

This plugin distribution may be restored if there are any volunteers willing to replace closed-source products with their own open-source implementation. If you are willing to do this, please open a ticket at https://github.com/jenkins-infra/helpdesk to unarchive this repo and add yourself to the maintainers.

Crowd 2 Plugin for Jenkins (crowd2-plugin)

Build Status Coverage Security Rating Crowdin

Open in Gitpod This plugin allows using Atlassian Crowd or JIRA as an authentication and authorization provider for Jenkins (Crowd version 2 and later). Crowd is a commercial identity management and Single Sign-On (SSO) application.

Requirements

The current version of the plugin is tested against Crowd 3.7 and Crowd 5.1, with Jenkins 2.401.3. This plugin uses Crowd REST APIs for connecting to the Crowd and therefore requires Crowd >= 2.1 (see Crowd REST API docs). If you have an older Crowd server, use the older "Crowd Plugin" instead.

License

This project is licensed under the MIT License - see the LICENSE file for details

Configuration

To configure the plugin, you first need to create a new application in Crowd [Atlassian adding-an-application docs].(https://confluence.atlassian.com/crowd/adding-an-application-18579591.html) has additional information on how to configure applications in the Crowd.

Crowd screen

Be sure to also allow connections to Crowd from the server Jenkins runs on.

Next, you need to configure a group that contains all users who are allowed to log in into Jenkins. Atlassian has further information on how to manage users and groups.

Crowd add group

Once you have the application and group configured in Crowd, you can enable Crowd-based security in Jenkins on the "Manage Jenkins" page. Enter the URL of your Crowd server (will typically end with …/crowd) as well as the application name, password, and group name you configured in the Crowd.

Jenkins' security configuration

Click on the "Check Connection" button to ensure that your connection credentials are valid.

Crowd supports nested groups, i.e. groups which contain other groups as members and groups that are members of other groups (see nested groups documentation). If you want to use this feature, click on the "Advanced…" button and enable it. This may degrade performance, depending on your server configuration.

This plugin doesn't support Crowd roles. As long as there's not enough interest, it's unlikely that they will be supported in a future version because they have been deprecated since Crowd 2.0 (see here for details).

This plugin works well with Matrix Authorization Strategy Plugin. You can use the Crowd users and groups to define permissions on folder/pipeline/job level.

Development

These instructions will get you a copy of the project up and running on your personal machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.

A classic approach.

git clone https://github.com/jenkinsci/crowd2-plugin.git
cd crowd2-plugin
mvn install

# to start the plugin in a local embedded test environment, run
mvn hpi:run

Standalone Test Environment

To start a personal build of the plugin in a standalone test environment, run

mvn install

Then upload the resulting .hpi file (target/crowd2-VERSION.hpi) like described in the [official documentation] (https://jenkins.io/doc/book/managing/plugins/#advanced-installation).

More advanced one with docker

More about it in CONTRIBUTING.md

git clone https://github.com/jenkinsci/crowd2-plugin.git
cd crowd2-plugin

# run this if you want to use mvn jenkins repo
./_init.sh

# this command will set up local crowd and jenkins instance
# with all integration already setup
./_start.sh 11

Built With

Versioning

We use SemVer for versioning (starting from version 2.0.0). For the versions available, see the tags on this repository.

Authors

See the list of contributors who participated in this project.

FAQ

Is Single-Sign-On (SSO) supported?

Yes :-) That was the main reason I wrote this plugin.

What's the difference between this plugin and "Crowd Plugin"?

Apart from SSO, this plugin contains fixes for almost all open issues of the "Crowd Plugin". (If you look at the issue navigator, there are current seven; five of them are almost or even older than one year. Looking at the source code at GitHub (https://github.com/jenkinsci/crowd-plugin), there doesn't seem to be much activity trying to fix them). I have to admit that I haven't tested JENKINS-9924 so far, i.e. what happens when the Crowd server is down. This will be done in the near future.

A more technically answer is that this plugin code was written from scratch using a different API to connect to the Crowd server, i.e. the Crowd REST APIs. These are recommended by Atlassian for long-term compatibility.

In contrary, the "Crowd Plugin" uses Crowd's Java integration libraries that have the disadvantage that one perhaps has to re-compile the source code when a new Crowd release is available and one has to update these libraries.

Why do I have to choose a group for users?

To restrict the number of your Crowd users who are allowed to log in. I thought it's cool to have such a feature because, for example, Confluence and JIRA, other well-known products from Atlassian, also work that way.

Is there Localization support?

Yes.

If you want to add some translation, please feel free to add some in here. After proper review, it will be automatically added to the plugin.

Roadmap

The following changes and improvements are planned for the following releases

4.x.x

  • Work on the open JIRA issues
  • Improve test coverage by adding new tests