Configure Atlassian Crowd security for Release
Release has a role-based security system with two types of users:
- Internal users: Users that are managed by Release. For more information, see Internal users.
- External users: Users that are maintained in an LDAP repository such as Active Directory or Atlassian Crowd. For more information, see LDAP repository.
This topic describes how to configure Release to use an Atlassian Crowd to authenticate users and retrieve role (group) membership. In Release, Atlassian Crowd users and groups become principals that you can assign to roles. Global permissions are assigned at the role level. For more information, see Configure permissions
While role memberships and permissions assigned to roles are stored in the Release repository, Release treats the Atlassian Crowd as read-only. This means that Release will use information from the Atlassian Crowd, but it cannot make changes to that information.
Note: Release cookies store security information that is provided by the Spring Security framework. Release does not store any additional information in cookies. Atlassian Crowd provided centralized authentication connectors for Spring Security is used for this integration.
Important: Integration based on CrowdID is not supported.
Step 1 - Configure Atlassian Crowd to communicate with the Release Application
To configure Atlassian Crowd to receive authentication requests from Release:
- Add Release application to Atlassian Crowd.
- Add and configure the directories that are visible to Release.
- Add and map the groups which that will authenticate with Release.
For more information, see Adding an Application.
Step 2 - Configure Release to use an Atlassian Crowd
To configure Release to use an Atlassian Crowd, modify the
xl-release-security.xml security configuration file. This following is an example
Note: Depending on your version of Release and the customizations it has, this sample may differ from your
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <import resource="xl-crowd-deploy-security.xml"/> <bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl"> <property name="crowdClient" ref="crowdClient"/> <property name="authorityPrefix" value=""/> </bean> <bean id="crowdAuthenticationProvider" class="com.xebialabs.deployit.security.authentication.XLCrowdAuthenticationProvider"> <constructor-arg ref="crowdClient"/> <constructor-arg ref="crowdHttpAuthenticator"/> <constructor-arg ref="crowdUserDetailsService"/> </bean> <bean id="rememberMeAuthenticationProvider" class="com.xebialabs.deployit.security.authentication.RememberMeAuthenticationProvider"/> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="rememberMeAuthenticationProvider"/> <security:authentication-provider ref="xlAuthenticationProvider"/> <security:authentication-provider ref="crowdAuthenticationProvider"/> </security:authentication-manager> </beans>
Step 3 - Add the cache configuration file to your Release directory
Copy the following file into your
|Copy From||Copy To|
This file can be adjusted to change the cache behavior.
Step 4 - Configure the Atlassian Crowd Spring Security connector properties
The Atlassian Crowd Spring Security connector must be configured with the details of the Atlassian Crowd server.
Copy the default
crowd.propertiesfile into your
Copy From Copy To
crowd.propertiesand populate the following fields appropriately:
Use the same application name that you used when adding the application to Atlassian Crowd.
Use the same application password that you used when adding the application to Atlassian Crowd.
URL to use when connecting with the integration libraries that are used to communicate with the Atlassian Crowd server i.e.
This is the time interval between requests which validates whether the user is logged in or out of the Atlassian Crowd server. Set this value to 0, if you want authentication checks to occur on each request. Otherwise, set to the number of minutes you wish to wait between requests. Setting this value to 1 or higher will increase the performance of the Atlassian Crowd integration.
For more information, see crowd.properties.
Example team security setup
You can setup a Atlassian Crowd group called devs to be used by the members of a team in Release. Assign this group to a role in Release called Developers. At folder or release level, you can add permissions for a team called Dev Team that contains the Release role Developers. This role contains the created Atlassian Crowd group called devs.
When you log in as a user into the devs group using Atlassian Crowd, you will have the permissions for the Developers role at folder or release level.
Note: For more information about this integration, see Integrating Crowd with Spring Security. Required artifacts are used from the Atlassian public Maven repository.