This project is a plugin for Digital.ai Deploy that enables authentication and user management via Atlassian Crowd. It provides integration with Crowd for user authentication within Digital.ai Deploy.
This project uses Gradle for building. To build the plugin, run:
./gradlew clean build
The built plugin xldp file will be located in build/distributions.
This plugin was tested against Digital.ai Deploy 24.3. Compatibility with other versions is not guaranteed.
- Ensure your Crowd server is properly configured and accessible from the Digital.ai Deploy server.
- This plugin may not be compatible with future or earlier versions of Digital.ai Deploy.
- Always test in a non-production environment before deploying to production.
- Review and configure security settings according to your organization's policies.
To configure Atlassian Crowd to receive authentication requests from Deploy:
- Add Deploy application to Atlassian Crowd.
- Add and configure the directories that are visible to Deploy.
- Add and map the groups which that will authenticate with Deploy.
For more information, see Adding an Application.
- Download the latest plugin file from the Releases page.
- Copy the plugin file into the following directory on your Digital.ai Deploy server:
DAI_DEPLOY_SERVER/plugins/__local__ - To configure Deploy to use an Atlassian Crowd, modify the
deployit-security.xmlsecurity configuration file. The following is an exampledeployit-security.xmlfile:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
">
<bean id="resourceLocator" class="com.atlassian.crowd.service.client.ClientResourceLocator">
<constructor-arg value="crowd.properties" />
</bean>
<bean id="clientProperties" class="com.atlassian.crowd.service.client.ClientPropertiesImpl"
factory-method="newInstanceFromResourceLocator">
<constructor-arg type="com.atlassian.crowd.service.client.ResourceLocator"
ref="resourceLocator" />
</bean>
<bean id="crowdClientFactory"
class="com.atlassian.crowd.integration.rest.service.factory.RestCrowdClientFactory" />
<bean id="crowdClient" factory-bean="crowdClientFactory" factory-method="newInstance">
<constructor-arg ref="clientProperties" />
</bean>
<bean id="validationFactorExtractor"
class="com.atlassian.crowd.integration.http.util.CrowdHttpValidationFactorExtractorImpl"
factory-method="getInstance" />
<bean id="tokenHelper"
class="com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelperImpl"
factory-method="getInstance">
<constructor-arg ref="validationFactorExtractor" />
</bean>
<bean id="crowdHttpAuthenticator"
class="com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl">
<constructor-arg ref="crowdClient" />
<constructor-arg ref="tokenHelper" />
<constructor-arg ref="clientProperties" />
</bean>
<bean id="crowdSpringSessionConverterFactory"
class="com.xebialabs.xldeploy.plugins.security.crowd.converter.CrowdSpringSessionConverterFactory" />
<bean id="crowdUserDetailsService"
class="com.xebialabs.xldeploy.plugins.security.crowd.userdetails.CrowdUserDetailsServiceImpl">
<property name="crowdClient" ref="crowdClient" />
<property name="authorityPrefix" value="" />
</bean>
<bean id="principalDataProviderFactoryBean" primary="true"
class="com.xebialabs.xldeploy.plugins.security.crowd.principaldata.CrowdPrincipalDataProviderFactoryBean"/>
<bean id="crowdAuthenticationProvider"
class="com.xebialabs.xldeploy.plugins.security.crowd.authentication.XLCrowdAuthenticationProvider">
<constructor-arg ref="crowdClient" />
<constructor-arg ref="crowdUserDetailsService" />
</bean>
<bean id="crowdAuthenticationProviderPostProcessor"
class="com.xebialabs.xldeploy.plugins.security.crowd.config.CrowdAuthenticationProviderPostProcessor">
<constructor-arg>
<list>
<ref bean="crowdAuthenticationProvider" />
</list>
</constructor-arg>
</bean>
</beans>Copy the following file into your DAI_DEPLOY_SERVER/conf directory:
| Copy From | Copy To |
|---|---|
CROWD/client/conf/crowd-ehcache.xml |
DAI_DEPLOY_SERVER/conf/crowd-ehcache.xml |
This file can be adjusted to change the cache behavior.
The Atlassian Crowd Spring Security connector must be configured with the details of the Atlassian Crowd server.
- Copy the default
crowd.propertiesfile into yourDAI_DEPLOY_SERVER/confdirectory:
| Copy From | Copy To |
|---|---|
CROWD/client/conf/crowd.properties |
DAI_DEPLOY_SERVER/conf/crowd.properties |
- Edit
crowd.propertiesand populate the following fields appropriately:
| Key | Value |
|---|---|
| application.name | Use the same application name that you used when adding the application to Atlassian Crowd. |
| application.password | Use the same application password that you used when adding the application to Atlassian Crowd. |
| crowd.server.url | URL to use when connecting with the integration libraries that are used to communicate with the Atlassian Crowd server, e.g. http://localhost:8095/crowd/services/. |
| session.validationinterval | Time interval (in minutes) between requests to validate whether the user is logged in or out of Atlassian Crowd. Set to 0 for validation on each request. Setting to 1 or higher increases performance. |
For more information, see crowd.properties.
Restart the Digital.ai Deploy server after all changes.
This project is licensed under the MIT License.