Crowd 2.6 Release Notes
11th February 2013
The Atlassian Crowd team is pleased to bring you the faster, better-integrated Crowd 2.6.We've made significant performance improvements to LDAP and Active Directory synchronization for large directories. REST resource improvements give integrated applications more control over SSO sessions. The CrowdID provider now supports OpenID 2.0, with identifier selection to improve your users' experience when authenticating against Crowd.
Highlights of this release:
Faster LDAP and Active Directory synchronization
If your LDAP or Active Directory server contains thousands of users and groups, then you'll be delighted to know that we have sped up directory synchronization. The dialog between Crowd and remote servers has been simplified to request what's needed and avoid redundancy. These changes significantly improve the performance of full synchronizations. In our test environment we synchronized 10,000 users, 1,000 groups and an increasing numbers of memberships. OpenLDAP showed great improvements, and the results with Active Directory are even more impressive:
In tests with Active Directory we've seen directories with huge numbers of memberships go from an hour to ten minutes.
REST resource improvements for SSO sessions
Integrated applications that use SSO sessions now have more control over session lifetimes. Integrated applications can create a short-lived session by specifying a session expiry time when they create a new session token. Combined with the ability to specify additional validation factors, this makes it possible to have many concurrent sessions for the same user, each with its own lifetime. Applications can now retrieve the creation and expiry date and use this information to implement their own expiration policies.
See the Crowd SSO Token Resource for details. Additionally, Crowd now exposes WADL files for its REST API.
OpenID improvements
This release includes a number of improvements to OpenID in the CrowdID server:
- OpenID 2 support
- Support for usernames with non-ASCII characters
- Server-side identifier selection, to save users from entering their OpenID URL
Identifier selection when endpoint URLs are used, along with with a whitelist of trusted consumers, allows for a streamlined experience for users.
Local groups management for LDAP connectors
Administrators can now create directories backed by an LDAP server, but create and manage groups locally in Crowd. This makes it possible to augment the group structure with new groups even with a read-only LDAP server. When local groups are enabled, new groups are created and updated in the Crowd database and not propagated to the LDAP server. Memberships of local groups are also stored locally.
Complete list of improvements and fixes