This plugin allows using Atlassian Crowd or JIRA as an authentication and authorization provider for Jenkins (Crowd version 2 and later). Crowd is a commercial identity management and Single Sign-On (SSO) application.
This plugin has been tested with Jenkins 1.431 and Crowd 2.3.x, but was built using Jenkins core 1.398 so it should work with Jenkins >= 1.398.
This plugin uses Crowd REST APIs for connecting to Crowd and therefore
requires Crowd >= 2.1
(see http://developer.atlassian.com/display/CROWDDEV/Crowd+REST+APIs).
If you have an older Crowd server, use the older "Crowd Plugin" instead.
This project is licensed under the MIT License - see the LICENSE file for details
To configure the plugin, you first need to create a new application in Crowd. https://confluence.atlassian.com/crowd/adding-an-application-18579591.html has more information on how to configure applications in Crowd.
Be sure to also allow connections to Crowd from the server Jenkins runs on.
Next you need to configure a group that contains all users that are allowed to login into Jenkins. https://confluence.atlassian.com/crowd/managing-users-and-groups-193223.html has more information how to manage users and groups.
Once you have the application and group configured in Crowd, you can enable Crowd-based security in Jenkins on the "Manage Jenkins" page. Enter the URL of your Crowd server (will typically end with .../crowd) as well as the application name, password and group name you configured in Crowd.
Click on the "Check Connection" button to ensure that your connection credentials are valid.
Crowd supports nested groups, i.e. groups which contain other groups as members and groups that are members of other groups (see http://confluence.atlassian.com/display/CROWD/Nested+Groups+in+Crowd). If you want to use this feature, click on the "Advanced..." button and enable it. This may degrade performance, depending on your server configuration.
This plugin doesn't support Crowd roles. As long as there's not enough interest, it's unlikely that they are supported in a future version because they are deprecated since Crowd 2.0 (see here for details).
This plugin works well with Matrix Authorization Strategy Plugin: You can use Crowd users and groups to define permissions on folder/pipeline/job level.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
git clone https://github.com/pingunaut/crowd2-plugin/
cd crowd2-plugin
mvn install
# to start the plugin in a local embedded test environment, run
mvn hpi:run
To start a local build of the plugin in a standalone test environment, run
mvn install
then upload the resulting .hpi file (target/crowd2-VERSION.hpi) like described in the official documentation.
We use SemVer for versioning (starting from version 2.0.0). For the versions available, see the tags on this repository.
See the list of contributors who participated in this project.
Yes :-) That was the main reason I wrote this plugin.
Apart from SSO this plugin contains fixes for almost all open issues of the "Crowd Plugin". (If you look at the issue navigator, there are actually seven; five of them are almost or even older than one year. Looking at the source code at GitHub (https://github.com/jenkinsci/crowd-plugin), there doesn't seem to be much activity trying to fix them). I have to admit that I haven't tested JENKINS-9924 so far, i.e. what happens when the Crowd server is down. This will be done in the near future.
A more technically answer is that this plugin code was written from scratch using a different API to connect to the Crowd server, i.e. the Crowd REST APIs. These are recommended by Atlassian for long-term compatibility.
In contrary, the "Crowd Plugin" uses Crowd's Java integration libraries that have the disadvantage that one perhaps has to re-compile the source code when a new Crowd release is available and one has to update these libraries.
To restrict the number of your Crowd users that are allowed to login. I thought it's cool to have such a feature because for example Confluence and JIRA, other well known products from Atlassian, also work that way.
Yes.
Actually only German localization is included. If you can translate a couple of messages and info texts into other languages, please send me a note, and I'll include them in a newer version.
The following changes and improvements are planned for the following releases
- Make RememberMe work
- Add java 11 support
- Improve test coverage by adding new tests
- Merge open pull requests to fix caching and httpclient to solve performance and compatibility issues
- Update to latest libs
- Pickup changes from the refactoring branch
- Bump crowd rest client version
- Work on the open JIRA issues