Atlassian Crowd 体验?
我们(大约 150 人的团队)正在考虑将 ALM 解决方案从 Bugzilla/CVS 迁移到 Jira/svn/Confluence/Bamboo/Fisheye。 SO 有很多关于这些的好信息,但我有兴趣了解 Atlassian 的另一个工具 - 单点登录 (SSO) Crowd,我正在考虑将其添加到组合中,以便与我们的 Novell id 进行 LDAP 集成。
- 有人有过 Crowd 的经验吗?
- 它如何处理 100/200/500(经济衰退后)用户?
- 有什么提示/技巧吗?
- 您会选择不同的开源 SSO 解决方案吗?
谢谢
编辑: 一年过去了...
我们获得了 Crowd,并与 ActiveDirectory 集成以及内部 Crowd 目录(用于短期承包商等)。 到目前为止,该解决方案效果很好。
编辑2: 又一年:依然强劲(我们现在有 1000 名用户)。 嵌套组是一个杀手级功能,值得庆幸的是,它在上一个版本发布后运行良好。
编辑3: 2012 年中期 - 7,500 位用户 - 势头强劲。 带有一点自动化的入门功能(带有 Ajaxified 表单的 Confluence 页面 + 一点 Crowd 插件)
we (a team of about 150) are considering moving our ALM solution from Bugzilla/CVS to Jira/svn/Confluence/Bamboo/Fisheye. SO has a lot of good info on those, but I would be interested to learn about another tool from Atlassian - a Single Sign On (SSO) Crowd, I am considering adding it to the mix for an LDAP integration with our Novell id's.
- has someone had any experience with Crowd?
- how does it handle 100/200/500 (after recession, that is) users?
- any tips/tricks?
- would you choose different, open source SSO solutions?
thanks
EDIT:
a year has passed...
We got Crowd and went with ActiveDirectory integration along with internal Crowd directory (for short-term contractors, etc.). So far the solution works just great.
EDIT2:
Another year: still going strong (We have 1K users now). Nested groups is a killer feature, thankfully it is working fine after last point release.
EDIT3:
mid-2012 - 7.5K users - going strong. with a little automation for onboarding (Confluence pages with Ajaxified forms + a little Crowd plugin)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
主要披露:我是 Crowd 产品经理。 因此,尽可能多地施用氯化钠。
如果您对 500 个用户有任何问题,我会感到非常惊讶。 尤其是从性能角度来看,Novell 似乎是更好的目录服务器之一。 我预计会出现问题的唯一情况是您的 Crowd 服务器和 Novell 目录服务器位于世界的两端。 除非迫不得已,否则不要这样做:-)
我们有大量用户将数千个用户连接到 JIRA、Confluence 和 Crowd 开发工具。
如有任何问题 - 请给我们留言 ([email protected] 或 http://support.atlassian.com),我们会提供帮助。
干杯,
戴夫.
PS:我希望这不会成为一种销售宣传或“我们制造在各方面都很完美的神奇产品,现在把你的钱给我们!”
Major disclosure: I'm the Crowd Product Manager. So, apply as much NaCl as you think wise.
I'd be very surprised if you had any issues with 500 users. Especially since Novell seems to be one of the better directory servers in terms of performance. The only time I'd expect to see problems is if your Crowd server and Novell directory server are on opposite sides of the world. Don't do that unless you have to :-)
We have plenty of users connecting thousands of users to JIRA, Confluence, and the Dev Tools with Crowd.
Any issues - drop us a line ([email protected] or http://support.atlassian.com) and we'll help out.
Cheers,
Dave.
ps: I hope that didn't come off as a sales pitch or "we make magic products that are perfect in every possible way, now give us your money!"
我们使用 Crowd 的用户数量约为 80 名,预计当我们将其推出供客户端访问时,该数字将攀升至 100 名。 Crowd 对我们很重要,因为它使我们能够将 Jira 和 Confluence(Atlassian wiki)与 SSO 集成,这一点至关重要。
Crowd 对我们来说效果很好,但它确实有一些怪癖。 我们使用它从 Active Directory 进行身份验证。 有些事情有点不优雅。 我们需要做更多的挖掘来解决这些问题。
但除此之外,Crowd 对我们来说是一个巨大的胜利,因为以下两个原因:
我们对所有这些都非常满意Atlassian 工具。
We're using Crowd with about 80 users and expect that number to climb into the hundred when we roll it out for client access. Crowd is important to us because it allows us to integrate Jira and Confluence (the Atlassian wiki) with SSO, which is critical.
Crowd works well for us but it does have some quirks. We are using it to draw authentications from Active Directory. There are some things that are a little inelegant. We need to do some more digging to troubleshoot those.
But that aside, Crowd is a big win for us, for these two reasons:
We're very happy with all the Atlassian tools.
我没有像您这样使用 Crowd 处理如此多的用户的经验,但我确实发现使用 Crowd 设置和管理我们的 JIRA、Confluence 和 SVN 实例非常容易(我们只有 25 个用户)。 它也将处理 Apache 身份验证,因此我计划将我们的各种经过身份验证的网站也切换到 Crowd。
根据 Atlassian 网站,Crowd 应该能够轻松处理 500 个用户; 该网站上有一些有用的案例研究和网络研讨会录音,可以告诉您更多信息。
I haven't had experience with Crowd on such a large set of users as yours, but I did find it very easy to set up and manage our JIRA, Confluence and SVN instances with Crowd (we only have 25 users). It will handle Apache authentication as well, so I'm planning to switch our various authenticated Web sites to Crowd as well.
According to Atlassian's site, Crowd should easily be able to handle 500 users; there are some useful case studies and Webinar recordings on the site that will tell you more.
我确实安装了一些拥有超过 16000 个用户的 Crowd,大多数来自 LDAP/Active Directory,我想说性能不会成为问题,但 Atlassian 多年来确实考虑解决其他问题:
如果您没有很多用户,您可以将 Confluence 配置为直接连接到 Jira,而不是使用 Crowd。 Atlassian 产品中确实已经有一个内部人群实例,但其性能仅限于大约 200 个用户左右(更多的是关于进行的身份验证的数量,而不是用户总数)。
考虑到上述限制,我总结一下,Crowd 的价格远远过高,除非您符合资格获得免费许可证。
I do have few installations of Crowd with over 16000 users, most comming from LDAP/Active Directory and I would say that the performance would not be a problem but there are other problems which Atlassian did considered solving in years:
If you do no have many users you can configure Confluence to coonect to Jira directly instead of using Crowd. Atlassian products do already have an interal crowd instance in them, but its performance is limited to about 200 users or so (it's more about the number of authentications made, not the total number of users).
Considering the above limitations, I would summarize that Crowd is far overpriced for what it delivers, unless you are getting a free license if you are eligible.
我们还在 Atlassian 产品系列中安装并连接了 Crowd。 它由企业 LDAP (M$ AD) 支持。 到目前为止,它非常棒并且工作得很好。
但是目前我们正在努力整合所谓的自定义应用程序。 例如,我们有用于监控数据的 Prometheus,它没有内置任何身份验证。因此,我们前面有一个 Apache 2.4 作为 SSL 端点。 为了添加身份验证,我们考虑将其与 Crowd 集成。 有一个 Apache Crowd 连接器不再受支持(这对我来说没问题)。 仅提供可用的源代码,但基于 Apache 2.2 构建。 我们必须使用 Apache 2.4(公司政策),其中一些必需的 API 已被删除。
因此,我们要么投入大量时间将连接器迁移到当前的 Apache API,要么做其他事情(例如使用针对 AD 的通用 LDAP 连接器)。 这使得整个群体的想法对我们来说有点像一把双面剑。 (我们希望将项目中的用户管理集中到 Crowd 这样的单一工具中,以摆脱中央 LDAP 上的公司流程和法规)。
更新:我们现在使用https://github.com/fgimian/cwdapache Apache 2.4 的连接器(稍加修改即可为 Ubuntu 16.04 构建)。 这增加了对 Crowd 组/用户的 Apache Basic Auth 的支持。
UDAPTE2: Bitbucket、Jira、Confluence、Crucible 当然可以开箱即用。 不过,用户迁移有点麻烦(重命名旧用户,然后与 Crowd 集成或使用不受支持的 SQL)。
Jenkins 2 和 Nexus 3 似乎运行良好。
进一步发展:
现在我正在考虑将 Crowd 作为 Atlassian 产品的身份和访问管理的集中式工具。 在那里它工作得很好并且做了它应该做的事情。 集成许多其他应用程序很糟糕,因为不支持/更新可用的集成。
示例:如果您想使用 nginx 进行 Crowd 身份验证,则没有任何可用的东西。 有一个 OpenId Connect 模块可用,但 Crowd 缺乏对此的支持(他们只支持过时的 OpenId v2.0)。 甚至没有谈论 OAuth。 有一个 Atlassian OAuth 库,但 Crowd 还没有(或永远不会) 。 甚至 Google Apps 支持也会消失,因为 Google 放弃了支持:https://developers.google.com /身份/协议/OpenID2Migration
We have also Crowd installed and connected within the Atlassian product family. It is backed by a corporate LDAP (M$ AD). So far it is great and works pretty well.
BUT currently we're struggling with integration of so called custom applications. We have e.g. Prometheus for monitoring data which doesn't have any authentication built in. So we have an Apache 2.4 in front as SSL endpoint. To add authentication we considered integrating it with Crowd. There is a Apache Crowd connector that is no longer supported (which would be fine by me). There are only the sources available, but built on Apache 2.2. We have to use Apache 2.4 (corporate policy) where some of the required API has been removed.
So either we invest considerable amount of time to migrate the Connector to current Apache API or we do something else (like using a generic LDAP connector towards AD). Which makes the whole Crowd idea a bit a two sided sword for us. (We wanted to centralize user management within our project into a single tool like Crowd to get rid of corporate processes and regulations on the central LDAP).
UPDATE: We now use https://github.com/fgimian/cwdapache connector for Apache 2.4 (with slight adaptions it can be built for Ubuntu 16.04). This adds support for Apache Basic Auth with Crowd groups/users.
UDAPTE2: Bitbucket, Jira, Confluence, Crucible work out of the box of course. User migration is a bit cumbersome though (renaming old users and then integrate with Crowd or use unsupported SQLs).
Jenkins 2 and Nexus 3 seem to work fine.
FURTHER DOWN THE ROAD:
Right now I am considering Crowd as a centralized tool for identity and access management for Atlassian products. There it works fine and does what it should. Integrating numerous other applications just sucks since available integrations are not supported/updated.
Example: if you want to have Crowd authentication with nginx there is nothing usable available. There is a OpenId Connect module available, but Crowd lacks support for that (they only support outdated OpenId v2.0). Not even talking about OAuth. There is a Atlassian OAuth library, but Crowd doesn't have it yet (or will ever). Even the Google Apps support will vanish, since Google dropped support: https://developers.google.com/identity/protocols/OpenID2Migration