I started working with the Crowd application for single sign-on and identity management about four months ago. I have been quite impressed with it. The application allows your applications to use a centralized repository for user authentication. Additionally, it provides an OpenID service for your same users as well.

The Crowd application is a java based program which runs on Tomcat. It is best installed by downloading the stand-alone application from Atlassian and installing it on a dedicated server. If you do plan to run other java applications on this same server, then you should use a separate instance of Tomcat.

Managing users is rather simple. It gives you an out of the box directory for you to use as the listing of your users. It also gives you the ability to integrate with your Active Directory. And best of all, it allows you to manage the users of your application by allowing the application to draw from the users of the Active Directory and the users of your own directories. So now you can give contractors access to the applications without adding them to the AD.

Crowd has been well developed to easily integrate with your Java applications that use well known standards such as Acegi. Getting the other Atlassian products to use Crowd takes about 20 minutes each (if that long). Set up the application in Crowd and establish the user base and establish the groups used by the application. Next, go to the application, add the version compatible jar file, make some minor modifications in a couple of xml files and you are good to go – actual instructions are on the Atlassian site.

I have never seen an implementation of single sign-on go so easily as it does with Jira, Confluence, Fisheye, and Bamboo. Even getting Subversion over Apache to work with Crowd was not a difficult task. Crowd integration with all of these applications is well documented. The next application I need to try this on will be Jive SBS – this integraton is not well documented except I do know that Jive does make use of Acegi. I am hoping this will be easy.

Lastly, Crowd will work as an OpenID server for you. If you are not familiar with OpenID, it is a standard that many applications have adopted. By logging onto the Crowd OpenID application, you can get a URL that OpenID compliant applications will accept for authentication. When you drop the url into the third party application the first time, it will send notification to your Crowd server for you to allow Crowd to acknowledge the third party application as a valid application of yours for authentication. From that time forward, you no longer need to remember your password -just drop in the URL and you are logged in. I tested the functionality on the Teligent community application and it worked beautifully.

One current weakness is the lack of documentation of getting dotNet applications to work with Crowd.

I really like this Crowd Application. I intend to continue working with it for some time now.