powered by Jive Software

Openfire & Atlassian Crowd

Quick question: can Openfire use Atlassian Crowd as its SingleSignOn backend?

Kind regards,

Arjan

I know this is some what dated at this point but we are curious to know the same thing here.

Atlassian makes simply amazingly great software so if we could re-use Crowd for more thing, all the better.

Thanks kindly.

There’s no Atlassian Crowd integration in Openfire, nor is it planned (to my best knowledge). Users are invited to contribute their own code, of course

This should help potential developers started: http://confluence.atlassian.com/display/CROWDDEV/Java+Integration+Libraries

update: If you’d like to use the Crowd SOAP API, and you’re going to use Apache Axis in Openfire, be very, very aware of a memory-related bug in Axis, that can cause outages in Openfire: http://issues.apache.org/jira/browse/AXIS2-595

We have a PoC available: http://labs.atlassian.com/wiki/display/OPENF/Home . Because Openfire is GPL, we can’t have it in the main distribution of Crowd. When Openfire is released under the Apache2 license, we’ll integrate it into the next release of Crowd.

That’s great news, as Openfire is being released under the Apache license (see OF-65)! There hasn’t been a release of code yet, but the code in SVN has already been adapted.

Because Crowd has a maven build system, we need a release to use as a dependency, so as soon as you get a chance to release, we’ll get on it :slight_smile:

Good luck - license changes are tedious, but need to be done correctly.

I haven’t looked at any of the code yet, but what about doing it the other way around? Can we introduce Crowd integration in the Openfire source (or is the API likely to change a lot at your side)?

That’s pretty much exactly what the link above it - a separate module. Unfortunately, our API isn’t as slick as it should be if you’re using Nested Groups (ie, groups that contain other groups). You need to do a little client-side magic.

That magic is baked into our client libraries, which can’t be GPL’d as they link to too much other stuff. I haven’t gotten 'round to implementing the client-side nested groups support again - I was planning to let you do the work in releasing Openfire as Apache2 :wink:

Since I could not find a definitive solution to this, I took a weekend project to create a library that allows Openfire (3.7.1) to authenticate to, and pull user and group information from, Crowd (2.3.6).

I have released the project on GitHub. You can find installation instructions and a jar download here:

https://github.com/bpfoster/openfire-crowd-auth-module.

While I have sucessfully been running and testing it, please note that this is still an early-stage release. I welcome any bug and feature requests via the GitHub issues system.

Wow, that looks cool! Thanks for providing the code.

Has anyone else had any luck with the crowd authenticator? I am trying it and having issues. It cant seem to find the properties. (or at least some of them) It seems like the base module gets it, as it can find the crowd server, but the atlassian provided module doesnt seem to work…

Also, anyone know if this module supports nested groups?

Hi,

I’ve written a crowd integration based on the crowd REST API which is now the prefered way to integrate with Atlassian products.

The code is Apache licenced.

How can I post it to you guys ?

Thx

Issa

Hi,

Thanks for your willingness to share this. Is it a plugin? Would you like to host the code on ignite’s resources and develop/support it here?

Otherwise, you can attach files to your forum posts.

daryl

No, no plugin. See attachment. It is a collection of classes implementing the different Provider interfaces. It uses the Crowd REST API.

Dependencies are: jersey-apache-client-1.14.jar; jersey-client-1.1.4 and jersey-core-1.14 (and openfire-3.7.1)

It expects a crowd.properties file (see class CrowdProperties)

It defines 3 variables in JiveGlobals

  • admin.authorizedGroups which contained a list of crowd groups having admin right in Openfire web console

  • crowd.groups.cache.ttl.seconds and crowd.users.cache.ttl.seconds which define the interval for user and group synch with crowd

It supports vcard and will always overwrite the fields which crowd has on the user (in case that user changes them in his xmpp client).

I’m not sure I will have time to support it once included in Openfire but you can always ping me if there is a big problem with it…

1 Like

Someone sent me this tutorial. It covers installing Openfire, while integrating with a Crowd backend: http://www.antelink.com/blog/using-openfire-connected-crowd.html

Has anyone got any experience using this integration option with a large user set (and hopefully Shared Groups)?

This really seems the way to go since it uses the REST API, seems to be well-written and is the most recent one.

@guus - the article is using really old and unsupported code. I would suggest to people to use the new REST API based one. Assuming it performs…

I’m going to deploy it soon on a crowd user base of 10K on openfire 3.8.1 and report

The REST based integration you can find above supports the nested groups (it calls the correct REST URL for

  • getGroupNames(JID user) - nested groups
  • getGroup(String name) - nested users (in nested groups)

Sounds good! I’m very interested in hearing your results.