Authentication Through Atlassian Crowd

Overview

Atlassian Crowd is a centralized identity management solution providing single sign-on and user identity.

Current connector uses request to Crowd REST APIendpoints:

  • /user - to get user-info
  • /session - to authenticate the user

Offline Access scope support provided with a new request to user authentication and user info endpoints.

Configuration

To start using the Atlassian Crowd connector, firstly you need to register an application in your Crowd like specified in the docs.

The following is an example of a configuration for dex examples/config-dev.yaml:

  1. connectors:
  2. - type: atlassian-crowd
  3. # Required field for connector id.
  4. id: crowd
  5. # Required field for connector name.
  6. name: Crowd
  7. config:
  8. # Required field to connect to Crowd.
  9. baseURL: https://crowd.example.com/crowd
  10. # Credentials can be string literals or pulled from the environment.
  11. clientID: $ATLASSIAN_CROWD_APPLICATION_ID
  12. clientSecret: $ATLASSIAN_CROWD_CLIENT_SECRET
  13. # Optional groups whitelist, communicated through the "groups" scope.
  14. # If `groups` is omitted, all of the user's Crowd groups are returned when the groups scope is present.
  15. # If `groups` is provided, this acts as a whitelist - only the user's Crowd groups that are in the configured `groups` below will go into the groups claim.
  16. # Conversely, if the user is not in any of the configured `groups`, the user will not be authenticated.
  17. groups:
  18. - my-group
  19. # Prompt for username field.
  20. usernamePrompt: Login
  21. # Optionally set preferred_username claim.
  22. # If `preferredUsernameField` is omitted or contains an invalid option, the `preferred_username` claim will be empty.
  23. # If `preferredUsernameField` is set, the `preferred_username` claim will be set to the chosen Crowd user attribute value.
  24. # Possible choices are: "key", "name", "email"
  25. preferredUsernameField: name