kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

atlassian-{jira,confluence}: add crowd sso support

Browse Source
wip/yesman
Franz Pletz 7 years ago committed by Robin Gloster
parent 1075919413
commit 02791ced34
No known key found for this signature in database
GPG Key ID: 5E4C836C632C2882
4 changed files with 126 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 53
      nixos/modules/services/web-apps/atlassian/confluence.nix
  2. 51
      nixos/modules/services/web-apps/atlassian/jira.nix
  3. 13
      pkgs/servers/atlassian/confluence.nix
  4. 13
      pkgs/servers/atlassian/jira.nix

53
nixos/modules/services/web-apps/atlassian/confluence.nix
Unescape View File

@ -6,7 +6,22 @@ let
cfg = config.services.confluence;
pkg = pkgs.atlassian-confluence;
pkg = pkgs.atlassian-confluence.override {
enableSSO = cfg.sso.enable;
crowdProperties = ''
application.name ${cfg.sso.applicationName}
application.password ${cfg.sso.applicationPassword}
application.login.url ${cfg.sso.crowd}/console/
crowd.server.url ${cfg.sso.crowd}/services/
crowd.base.url ${cfg.sso.crowd}/
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval ${toString cfg.sso.validationInterval}
session.lastvalidation session.lastvalidation
'';
};
in
@ -76,6 +91,42 @@ in
};
};
sso = {
enable = mkEnableOption "SSO with Atlassian Crowd";
crowd = mkOption {
type = types.str;
example = "http://localhost:8095/crowd";
description = "Crowd Base URL without trailing slash";
};
applicationName = mkOption {
type = types.str;
example = "jira";
description = "Exact name of this Confluence instance in Crowd";
};
applicationPassword = mkOption {
type = types.str;
description = "Application password of this Confluence instance in Crowd";
};
validationInterval = mkOption {
type = types.int;
default = 2;
example = 0;
description = ''
Set to 0, if you want authentication checks to occur on each
request. Otherwise set to the number of minutes between request
to validate if the user is logged in or out of the Crowd SSO
server. Setting this value to 1 or higher will increase the
performance of Crowd's integration.
'';
};
};
jrePackage = let
jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free;
in mkOption {

51
nixos/modules/services/web-apps/atlassian/jira.nix
Unescape View File

@ -6,7 +6,22 @@ let
cfg = config.services.jira;
pkg = pkgs.atlassian-jira;
pkg = pkgs.atlassian-jira.override {
enableSSO = cfg.sso.enable;
crowdProperties = ''
application.name ${cfg.sso.applicationName}
application.password ${cfg.sso.applicationPassword}
application.login.url ${cfg.sso.crowd}/console/
crowd.server.url ${cfg.sso.crowd}/services/
crowd.base.url ${cfg.sso.crowd}/
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval ${toString cfg.sso.validationInterval}
session.lastvalidation session.lastvalidation
'';
};
in
@ -82,6 +97,40 @@ in
};
};
sso = {
enable = mkEnableOption "SSO with Atlassian Crowd";
crowd = mkOption {
type = types.str;
example = "http://localhost:8095/crowd";
description = "Crowd Base URL without trailing slash";
};
applicationName = mkOption {
type = types.str;
example = "jira";
description = "Exact name of this JIRA instance in Crowd";
};
applicationPassword = mkOption {
type = types.str;
description = "Application password of this JIRA instance in Crowd";
};
validationInterval = mkOption {
type = types.int;
default = 2;
example = 0;
description = ''
Set to 0, if you want authentication checks to occur on each
request. Otherwise set to the number of minutes between request
to validate if the user is logged in or out of the Crowd SSO
server. Setting this value to 1 or higher will increase the
performance of Crowd's integration.
'';
};
};
jrePackage = let
jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free;
in mkOption {

13
pkgs/servers/atlassian/confluence.nix
Unescape View File

@ -1,4 +1,7 @@
{ stdenv, fetchurl }:
{ stdenv, lib, fetchurl
, enableSSO ? false
, crowdProperties ? null
}:
stdenv.mkDerivation rec {
name = "atlassian-confluence-${version}";
@ -19,6 +22,14 @@ stdenv.mkDerivation rec {
rm -r logs; ln -sf /run/confluence/logs/ .
rm -r work; ln -sf /run/confluence/work/ .
rm -r temp; ln -sf /run/confluence/temp/ .
'' + lib.optionalString enableSSO ''
substituteInPlace confluence/WEB-INF/classes/seraph-config.xml \
--replace com.atlassian.confluence.user.ConfluenceAuthenticator\
com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator
'' + lib.optionalString (crowdProperties != null) ''
cat <<EOF > confluence/WEB-INF/classes/crowd.properties
${crowdProperties}
EOF
'';
installPhase = ''

13
pkgs/servers/atlassian/jira.nix
Unescape View File

@ -1,4 +1,7 @@
{ stdenv, fetchurl }:
{ stdenv, lib, fetchurl
, enableSSO ? false
, crowdProperties ? null
}:
stdenv.mkDerivation rec {
name = "atlassian-jira-${version}";
@ -17,6 +20,14 @@ stdenv.mkDerivation rec {
rm -r logs; ln -sf /run/atlassian-jira/logs/ .
rm -r work; ln -sf /run/atlassian-jira/work/ .
rm -r temp; ln -sf /run/atlassian-jira/temp/ .
'' + lib.optionalString enableSSO ''
substituteInPlace atlassian-jira/WEB-INF/classes/seraph-config.xml \
--replace com.atlassian.jira.security.login.JiraSeraphAuthenticator \
com.atlassian.jira.security.login.SSOSeraphAuthenticator
'' + lib.optionalString (crowdProperties != null) ''
cat <<EOF > atlassian-jira/WEB-INF/classes/crowd.properties
${crowdProperties}
EOF
'';
installPhase = ''

Write Preview
Loading…
Cancel
Save