Skip to main content

Configure Crowd Integration

Enable the Crowd Capability

To enable Crowd perform the following steps:

  1. Select Capabilities to open the Capabilities panel, located in the Administration menu under System

  2. Click the Create capability button to get to the Select Capability Type table

  3. Select Crowd to open the Create Crowd Capability panel

  4. Complete the form by entering the Crowd Server URL and the Application Name and Application Password that correspond to your Crowd application

This form also includes an option to Use the NXRM truststore. You would check this box if you configured and want to manage Crowd with the HTTPS protocol, mentioned in Configure Pro to Trust Crowd’s Secure URL.

After you create the capability, you will see the Enable Crowd box checked automatically in the Atlassian Crowd panel in the Administration menu under Security. Further, you can see the Crowd server URL, Crowd application name and Crowd application password, all automatically filled in. Additionally here, you can configure Connection timeout, a value that specifies the number of milliseconds the repository manager will wait for a response from Crowd. A value of zero indicates that there is no timeout limit. Leave the field blank to use the default timeout.

You can use the Verify Connection button to confirm your connection to Crowd is working. Pressing Save will save any changes made to the Crowd configuration.

Atlassian Crowd configuration form

Configure Pro to Trust Crowd’s Secure URL (Optional)

Although optional, we advise the connection from Nexus Repository Manager Pro to your Crowd server to use the HTTPS protocol.

If the Crowd certificate is not signed by a public certificate authority, you may have to explicitly trust the server certificate as explained in Outbound SSL - Trusting SSL Certificates of Remote Repositories. A common symptom observed is the peer not authenticated message, when trying to connect to the untrusted Crowd server.

Adding the Crowd Server Certificate to the Truststore

In order to add the server certificate of your Crowd server to the truststore, go to SSL Certificates, located under Security in the Administration menu. In the SSL Certificates panel click the Load Certificate button, which prompts a dropdown menu with two options:

  • Load from server: where you can enter the full https:// URL from the Crowd server

  • Paste PEM: where you can enter an encoded, remote certificate generated from Crowd

Read more about centralizing SSL certificates to the Nexus Repository Manager in Access Control.

Configure Nexus Repository Manager Pro Crowd Security

There are two approaches available to manage what privileges a Crowd user has when they log in to the repository manager. You can map Crowd groups to roles or map Crowd users to roles.

Note

Mapping Crowd groups to Nexus Repository Manager Pro roles is preferred because there is less configuration involved overall in Nexus Repository Manager Pro and assigning users to Crowd groups can be centrally managed inside of Crowd by your security team after the initial repository manager setup.

Mapping a Crowd Group to Roles

When mapping a Crowd group to a Nexus Repository Manager Pro role, you are specifying the permissions (via roles) that users within the Crowd group will have after they authenticate.

To map a Crowd group to a Nexus Repository Manager Pro role, open the Roles panel by clicking on the Roles link under Security in the Administration panel. Click on Create role button, select External Role Mapping, then click Crowd. This will take you Create Role panel, as mentioned in Roles.

After choosing the Crowd realm, the Role drop-down should list all the Crowd groups to which the Crowd application has access. Select the group you would like to map in the Role field.

Note

If you have two or more groups in a Crowd application with identical names but in different directories, the repository manager will only list the first one that Crowd finds. Therefore, Crowd administrators should avoid identically named groups in Crowd directories.

Before you save, you must add at least one role or privilege to the mapped group. After you have them added using the > button or drag and drop to the Contained or Given areas (respectively), click the Save button.

Saved mappings will appear in the list of roles with a mapping value of Crowd.

Mapping a Crowd User to Roles

Consider the Crowd server user with an id of johnsmith. In the Crowd administrative interface, the johnsmith Crowd realm user as a member of both dev and crowd-administrators groups.

To add an external user go to the Administration menu in the repository manager, then click Users in the Security section.

Click the Source dropdown button and select Crowd. To search for users from the Crowd realm you can either enter an individual username within the filter box, or click the magnifying glass icon to generate the list of all users from the Crowd realm.

When the name you entered appears, click on the row of the name you desire to create the mapping for. This will take you to a form where you can assign available roles. You must map at least one role to the Crowd managed user in order to Save.

Security

To administrate NXRM's Crowd configuration via capability, you will need either the nx-capabilities or nx-all privilege assigned to your user. To access the Atlassian Crowd panel nx-crowd (or nx-all) privilege is needed.