Skip to content

A way to integrate Crowd as an Authentication and Authorization in TeamCity

License

Notifications You must be signed in to change notification settings

sereda/TeamCity-Crowd-Plugin

 
 

Repository files navigation

TeamCity Crowd Plugin

Latest version of plugin is 0.3.0 and available on BinTray. Build for TeamCity 9.0.2 and Crowd 2.6.7 .

    PLEASE NOTE IT IS RECOMMENDED TO BUILD THE PLUGIN FOR A SPECIFIC VERSION OF TEAMCITY AND CROWD.

Plugin should be compatible within a major releases, however I can't guarantee this as I can't test all different combinations.

Introduction

TeamCity Crowd integration plugin is used by TeamCity for user authentication.

Plugin listed on Jetbrains page.

The plugin replaces standard TeamCity Authentication mechanism by talking to Atlassian Crowd. When user logs in with username and password, plugin validates credentials with Crowd. If the user "checks out" fine, the plugin creates user in TeamCity if the user doesn't exists.

Once the user is created Plugin will update user's group membership. There are two modes in which Plugin can work (configured via plugin configuration file):

  • Plugin will only update membership of a user with groups that already exists in TeamCity. Previously created. This means that user will only be added to groups that already exist in TeamCity (default functionality)
  • Plugin will create missing groups and update user membership (set via configuration file, not default)
Note

Plugin uses different REALM to TeamCity. Once plugin activated the entire user base and groups prior to installation will be NOT accessible.

Building the plugin

To build the plugin you need Java installed on your machine and access to the Internet. Plugin uses Gradle to build the project.

gradlew buildPlugin

The build will run tests and prepare zip file in the build/dist project folder.

You can modify a specific versions of TeamCity and Crowd you are building for, in the build.gradle file (see teamCityVersion and crowdVersion in the ext section).

Note

First time the plugin is build it will download a distribution of TeamCity, it might take a while (~500MB).

If you have a distribution of TeamCity deployed somewhere you might copy it to project directory teamcitydist/ folder or modify build.gradle file.

You can also change the versions of TeamCity distribution and Crowd libraries in the build.gradle file.

Versions

The plugin was tested with Teamcity 9.0.2 and Atlassian Crowd 2.6.1, 2.6.3 and 2.6.7. Build with JDK 8 on Mac, Windows and Linux.

Installation

To install TeamCity Crowd plugin you need to copy the plugin distribution file (build/dist/teamcity-crowd-plugin-(version).zip) into TeamCityDataDir/plugins folder. TeamCityDataDir is the server data folder. By default it is in the User Home/.Buildserver. More info at JetBrains TeamCity WIKI.

You can also copy presets file crowd.xml from this repository and place it in the _TeamCityDataDir/config/auth folder. It is Authentication preset file that will make Crowd Authentication selectable from the Administrator view in TeamCity.

If you don't copy the file you need to manually modify auth-config.xml in TeamCityDataDir/config folder. Sample configuration auth-config.xml can be found in this repository.

For the plugin to work you need to create or copy Plugin Configuration file called teamcity-crowd-plugin.properties and place it in the TeamCityDataDir/config. It has to be the exact name. Sample configuration file can be found in this repository.

Note

Plugin uses different REALM to TeamCity. The entire user base created prior to plugin activation will not be visible/usable. One plugin activated you can log into TeamCity with your Crowd credentials. To see the administration panel you will have to log in as SUPER USER into TeamCity with TOKEN from the teamcity-server.log file and make your user administrator (via checkbox on user page).

Remember to restart TeamCity for plugin to work.

Configuration

If you have the presets file copied to TeamCity configuration folder, you can select the Authentication mechanism in the Administration -> Authentication panel of TeamCity. You can manually enable the plugin by modifying auth-config.xml file.

You also need to configure Crowd Server details in the teamcity-crowd-plugin.properties file. Example configuration:

    application.name=teamcity
    application.password=password
    application.login.url=http://localhost:8111/login.html

    crowd.base.url=http://localhost:8095/crowd

    session.isauthenticated=session.isauthenticated
    session.tokenkey=whateva
    session.validationinterval=0
    session.lastvalidation=session.lastvalidation

!Note! Make sure to add Application to the Crowd server with appropriate name and password.

Extra config parameter for group creation

There is one additional property that you can setup in the teamcity-crowd-plugin.properties file.

    tc.crowd.plugin.createGroups=true # default false

If you set this up the Plugin will create Groups in TeamCity when user logs in and Group is not there. It is switched off by default. Creation of a group requires the creation of a Group Key in TeamCity is limited to 16 characters. If multiple groups are created with the same 16 character prefix then and id is generated by appending an incrementing 3 digit number to the end of the first 13 chars of the group name. Creating Groups manually gives more control over Project Permissions, etc.

About

A way to integrate Crowd as an Authentication and Authorization in TeamCity

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 63.0%
  • Groovy 37.0%