3

I'm trying to implement SSO using Atlassian Crowd, and there's a surprising lack of good documentation or even examples out there.

So far, I authenticate a user using CrowdClient.authenticateSSOUser, and get back a SSO Token (String) if successful. Then, I take this token and stuff it in the cookies myself (via HttpServletResponse). On subsequent page visits, I grab all the cookies, search for this one, and then call the CrowdClient.validateSSOAuthentication method on it.

My question is this: Am I supposed to be using more Crowd code for SSO? I seem to be doing more manually than I'd expect.

...I DO see hints of other possibilities out there... For example:

  1. In crowd.properties, you can specify a crowd.token_key, which is apparently what name the app should use store the token in a cookie (though setting this value doesn't magically make that happen).

  2. Things like the CrowdHttpTokenHelper exist in the latest version - yet seem to have no easily-found related examples (or documentation other than JavaDoc).

Kara
  • 6,115
  • 16
  • 50
  • 57
jcovert
  • 550
  • 1
  • 7
  • 21

1 Answers1

1

Yes, there are possibilities out there that will hopefully help or at least serve as reference.

For a readily available implementation, you might want to look into Integrating Crowd with Spring Security.

If you need finer control, use a CrowdHttpAuthenticator. It will allow you to authenticate a request with a username and password as well as check if a session has an existing session cookie. (Its concrete implementation will accept properties and uses crowd.token_key.)

CrowdClient is available if these don't fit your needs, but it's not the only option.

Steffen Opel
  • 63,899
  • 11
  • 192
  • 211
Joe
  • 29,416
  • 12
  • 68
  • 88