atende / crowd

This is a image to with atlassian crowd software
1 stars 3 forks source link

crowd properties fail #3

Open BraunreutherA opened 9 years ago

BraunreutherA commented 9 years ago

Hi,

I installed crowd and at the step of logging into the crowd console I get the following error: Connection to authentication server failed. Please review the logs for more information.

I went into the crowd container an changed the crowd.properties file to some modifications recommended at the atlassian forums but this doesn't work. How did you get it running?

at the logs this error occurs:

unable to unset crowd sso token

giovannicandido commented 9 years ago

I remember a problem with how crowd process auth from IP Address. I should have documented but anyway: By default it allows only a certain class of ips, localhost is one of then. The problem is docker containers run on virtual networks in the host, so the crowd application do not run in localhost when the proxy is used.

To work around, the first login should be direct in the crowd port exposed by the container, the port is 8095. Then it should be configured to allow a class of ips to authenticate, the class could be different for any installation. Use crane status to show the containers ip's and configure crowd to permit login from then.

In my case a have:

172.17.0.38
172.17.0.86
172.17.0.40
and so on

So I open for 172.17.*.* because other containers (jira, stash, etc...) will authenticate too

See: https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Address+or+Hostname

BraunreutherA commented 9 years ago

Thank, that worked.

I had to go into the crowd container in /opt/crowd-home and edit the crowd.properties file. Just change the server url and auth url for sub.domain.com to the ip crane status gives you for your crowd application with the port 8095. Then you can log in and add the other apps.

giovannicandido commented 9 years ago

I don't knew it could be changed in crowd.properties file. I will update the script to automate this.