Configure Crowd Integration
Enable the Crowd Capability
To enable Crowd perform the following steps:
Select Capabilities to open the Capabilities panel, located in the Administration menu under System
Click the Create capability button to get to the Select Capability Type table
Select Crowd to open the Create Crowd Capability panel
Complete the form by entering the Crowd Server URL and the Application Name and Application Password that correspond to your Crowd application
This form also includes an option to Use the NXRM truststore. You would check this box if you configured and want to manage Crowd with the HTTPS protocol, mentioned in Configure Pro to Trust Crowd’s Secure URL.
After you create the capability, you will see the Enable Crowd box checked automatically in the Atlassian Crowd panel in the Administration menu under Security. Further, you can see the Crowd server URL, Crowd application name and Crowd application password, all automatically filled in. Additionally here, you can configure Connection timeout, a value that specifies the number of seconds the repository manager will wait for a response from Crowd. A value of zero indicates that there is no timeout limit. Leave the field blank to use the default timeout.
You can use the Verify Connection button to confirm your connection to Crowd is working. Pressing Save will save any changes made to the Crowd configuration.
Configure Pro to Trust Crowd’s Secure URL (Optional)
Although optional, we advise the connection from Nexus Repository Manager Pro to your Crowd server to use the HTTPS protocol.
If the Crowd certificate is not signed by a public certificate authority, you may have to explicitly trust the server certificate as explained in Outbound SSL - Trusting SSL Certificates of Remote Repositories. A common symptom observed is the peer not authenticated
message when trying to connect to the untrusted Crowd server.
Adding the Crowd Server Certificate to the Truststore
To add the server certificate of your Crowd server to the truststore, go to SSL Certificates, located under Security in the Administration menu. In the SSL Certificates panel click the Load Certificate button, which prompts a dropdown menu with two options:
Load from server: where you can enter the full
https://
URL from the Crowd serverPaste PEM: where you can enter an encoded, remote certificate generated from Crowd
Read more about centralizing SSL certificates to the Nexus Repository Manager in Access Control.
Configure Nexus Repository Manager Pro Crowd Security
There are two approaches available to manage what privileges a Crowd user has when they log in to the repository manager. You can map Crowd groups to roles or map Crowd users to roles.
Note
Mapping Crowd groups to Nexus Repository Manager Pro roles is preferred because there is less configuration involved overall in Nexus Repository Manager Pro and assigning users to Crowd groups can be centrally managed inside of Crowd by your security team after the initial repository manager setup.
Mapping a Crowd Group to Roles
When mapping a Crowd group to a Nexus Repository Manager Pro role, you are specifying the permissions (via roles) that users within the Crowd group will have after they authenticate.
To map a Crowd group to a Nexus Repository Manager Pro role, open the Roles panel by clicking on the Roles link under Security in the Administration panel. Click on Create role button, select External Role Mapping, then click Crowd. This will take you Create Role panel, as mentioned in Roles.
After choosing the Crowd realm, the Role drop-down should list all the Crowd groups to which the Crowd application has access. Select the group you would like to map in the Role field.
Note
If you have two or more groups in a Crowd application with identical names but in different directories, the repository manager will only list the first one that Crowd finds. Therefore, Crowd administrators should avoid identically named groups in Crowd directories.
Before you save, you must add at least one role or privilege to the mapped group. After you have them added using the >
button or drag and drop to the Contained or Given areas (respectively), click the Save button.
Saved mappings will appear in the list of roles with a mapping value of Crowd.
Mapping a Crowd User to Roles
Consider the Crowd server user with an id of johnsmith
. In the Crowd administrative interface, the johnsmith
Crowd realm user as a member of both dev and crowd-administrators groups.
To add an external user go to the Administration menu in the repository manager, then click Users in the Security section.
Click the Source dropdown button and select Crowd. To search for users from the Crowd realm you can either enter an individual username within the filter box, or click the magnifying glass icon to generate the list of all users from the Crowd realm.
When the name you entered appears, click on the row of the name you desire to create the mapping for. This will take you to a form where you can assign available roles. You must map at least one role to the Crowd managed user in order to Save.
Security
To administrate NXRM's Crowd configuration via capability, you will need either the nx-capabilities or nx-all privilege assigned to your user. To access the Atlassian Crowd panel nx-crowd (or nx-all) privilege is needed.