This repository has been archived on 2023-08-14. You can view files and clone it, but cannot push or open issues or pull requests.
dex/Documentation/connectors/atlassian-crowd.md

40 lines
1.7 KiB
Markdown
Raw Normal View History

2019-08-09 13:05:50 +00:00
Authentication through Atlassian Crowd
## Overview
Atlassian Crowd is a centralized identity management solution providing single sign-on and user identity.
Current connector uses request to [Crowd REST API](https://developer.atlassian.com/server/crowd/json-requests-and-responses/) endpoints:
* `/user` - to get user-info
* `/session` - to authenticate the user
Offline Access scope support provided with a new request to user authentication and user info endpoints.
## Configuration
To start using the Atlassian Crowd connector, firstly you need to register an application in your Crowd like specified in the [docs](https://confluence.atlassian.com/crowd/adding-an-application-18579591.html).
The following is an example of a configuration for dex `examples/config-dev.yaml`:
```yaml
connectors:
- type: atlassian-crowd
# Required field for connector id.
id: crowd
# Required field for connector name.
name: Crowd
config:
# Required field to connect to Crowd.
baseURL: https://crowd.example.com/crowd
# Credentials can be string literals or pulled from the environment.
clientID: $ATLASSIAN_CROWD_APPLICATION_ID
clientSecret: $ATLASSIAN_CROWD_CLIENT_SECRET
# Optional groups whitelist, communicated through the "groups" scope.
# If `groups` is omitted, all of the user's Crowd groups are returned when the groups scope is present.
# If `groups` is provided, this acts as a whitelist - only the user's Crowd groups that are in the configured `groups` below will go into the groups claim.
# Conversely, if the user is not in any of the configured `groups`, the user will not be authenticated.
groups:
- my-group
# Prompt for username field.
usernamePrompt: Login
```