Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

sso into webauth

Deleted user May 6, 2020

Hello.
If I have an existing installation of Crowd doing SSO with JIRA, Confluence, Bitbucket, Bamboo.... is it possible to add something like Webauthn?

There are some plugins for Webauthn like this one

https://marketplace.atlassian.com/apps/1222278/webauthn-for-confluence/

But I haven't seen something for doing SSO between all the Atlassian products.

Answer
Watch
Like Be the first to like this
1094 views

1 answer

0 votes
Yuliia Maidanova -Alpha Serve-
Yuliia Maidanova -Alpha Serve-
Atlassian Partner
May 20, 2020

Hello @[deleted] 

First of all thank you for your interest in our plugin. It is highly appreciated!

We will certainly consider your request and think about implementing SSO for our 2FA and Webauthn products.

View More Comments
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 20, 2020

@[deleted] just out of curiosity, do you know what protocol you are using for Crowd SSO? Is it the "old" Crowd one or the SAML present in Crowd Data Center?

I suspect it will be very hard if not darn impossible to implement 2FA on top of the old protocol (since the actual communication happens in the background of the Atlassian application via REST) as a single app i.e. on the Crowd side. And to make the app commercial in each application you'd still have to buy separate apps.

So this is more of "if I passed 2FA in one application, how to securely store this fact and pass it to the other application so it doesn't have to ask it again"... And "securely" implies some central verification authority (like Crowd is for the cookies it issues to facilitate SSO) so... potentially an app in Confluence/Jira/Bitbucket/Bamboo each + app in Crowd they all talk to orchestrate the "I've already asked for 2FA in Confluence so don't bother do it again in Jira"

Honestly, sounds easier to ditch Crowd as the SSO solution and hook up to a SAML IdP that supports 2FA and webauthn (not sure if there are any)

@Yuliia Maidanova -Alpha Serve- all of the above just thoughts out loud, as this is an interesting domain, no "you can't do it" intended. In fact I am genuinely interested to see a solution

Like
Deleted user May 20, 2020

I don't know what protocol is being used but I know it's the datacenter edition.

Like
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 20, 2020

I think it will be extremely important to clarify this if you hope to get a solution

Like
Deleted user May 20, 2020

I think this is the way it's being done now.

https://confluence.atlassian.com/adminjiraserver/connecting-to-crowd-or-another-jira-application-for-user-management-938847056.html

I'm not sure what kind of sso that uses... you basically do it throught the GUI of Crowd.

Like
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 20, 2020

The link is for the old protocol when you only ever enter your password credentials in the login form of the application you are logging into e.g. Jira. Then switch to Confluence but you are already logged in.

If when going to Jira you are actually redirected to Crowd UI to login - that's SSO 2.0 which is SAML based: https://confluence.atlassian.com/crowd/crowd-sso-2-0-967322291.html via this app https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=server&tab=overview (with which, being free, we, the vendor of commercial EasySSO compete furiously... but futilely)

I was hoping to find a screenshot or video of how the experience looks like, but alas...

Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events