atlassian-{jira,confluence}: add crowd sso support
This commit is contained in:
Franz Pletz
Robin Gloster
parent
1075919413
commit
02791ced34
@ -6,7 +6,22 @@ let
|
||||
|
||||
cfg = config.services.confluence;
|
||||
|
||||
pkg = pkgs.atlassian-confluence;
|
||||
pkg = pkgs.atlassian-confluence.override {
|
||||
enableSSO = cfg.sso.enable;
|
||||
crowdProperties = ''
|
||||
application.name ${cfg.sso.applicationName}
|
||||
application.password ${cfg.sso.applicationPassword}
|
||||
application.login.url ${cfg.sso.crowd}/console/
|
||||
|
||||
crowd.server.url ${cfg.sso.crowd}/services/
|
||||
crowd.base.url ${cfg.sso.crowd}/
|
||||
|
||||
session.isauthenticated session.isauthenticated
|
||||
session.tokenkey session.tokenkey
|
||||
session.validationinterval ${toString cfg.sso.validationInterval}
|
||||
session.lastvalidation session.lastvalidation
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
@ -76,6 +91,42 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
sso = {
|
||||
enable = mkEnableOption "SSO with Atlassian Crowd";
|
||||
|
||||
crowd = mkOption {
|
||||
type = types.str;
|
||||
example = "http://localhost:8095/crowd";
|
||||
description = "Crowd Base URL without trailing slash";
|
||||
};
|
||||
|
||||
applicationName = mkOption {
|
||||
type = types.str;
|
||||
example = "jira";
|
||||
description = "Exact name of this Confluence instance in Crowd";
|
||||
};
|
||||
|
||||
applicationPassword = mkOption {
|
||||
type = types.str;
|
||||
description = "Application password of this Confluence instance in Crowd";
|
||||
};
|
||||
|
||||
validationInterval = mkOption {
|
||||
type = types.int;
|
||||
default = 2;
|
||||
example = 0;
|
||||
description = ''
|
||||
Set to 0, if you want authentication checks to occur on each
|
||||
request. Otherwise set to the number of minutes between request
|
||||
to validate if the user is logged in or out of the Crowd SSO
|
||||
server. Setting this value to 1 or higher will increase the
|
||||
performance of Crowd's integration.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
jrePackage = let
|
||||
jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free;
|
||||
in mkOption {
|
||||
|
||||
@ -6,7 +6,22 @@ let
|
||||
|
||||
cfg = config.services.jira;
|
||||
|
||||
pkg = pkgs.atlassian-jira;
|
||||
pkg = pkgs.atlassian-jira.override {
|
||||
enableSSO = cfg.sso.enable;
|
||||
crowdProperties = ''
|
||||
application.name ${cfg.sso.applicationName}
|
||||
application.password ${cfg.sso.applicationPassword}
|
||||
application.login.url ${cfg.sso.crowd}/console/
|
||||
|
||||
crowd.server.url ${cfg.sso.crowd}/services/
|
||||
crowd.base.url ${cfg.sso.crowd}/
|
||||
|
||||
session.isauthenticated session.isauthenticated
|
||||
session.tokenkey session.tokenkey
|
||||
session.validationinterval ${toString cfg.sso.validationInterval}
|
||||
session.lastvalidation session.lastvalidation
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
@ -82,6 +97,40 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
sso = {
|
||||
enable = mkEnableOption "SSO with Atlassian Crowd";
|
||||
|
||||
crowd = mkOption {
|
||||
type = types.str;
|
||||
example = "http://localhost:8095/crowd";
|
||||
description = "Crowd Base URL without trailing slash";
|
||||
};
|
||||
|
||||
applicationName = mkOption {
|
||||
type = types.str;
|
||||
example = "jira";
|
||||
description = "Exact name of this JIRA instance in Crowd";
|
||||
};
|
||||
|
||||
applicationPassword = mkOption {
|
||||
type = types.str;
|
||||
description = "Application password of this JIRA instance in Crowd";
|
||||
};
|
||||
|
||||
validationInterval = mkOption {
|
||||
type = types.int;
|
||||
default = 2;
|
||||
example = 0;
|
||||
description = ''
|
||||
Set to 0, if you want authentication checks to occur on each
|
||||
request. Otherwise set to the number of minutes between request
|
||||
to validate if the user is logged in or out of the Crowd SSO
|
||||
server. Setting this value to 1 or higher will increase the
|
||||
performance of Crowd's integration.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
jrePackage = let
|
||||
jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free;
|
||||
in mkOption {
|
||||
|
||||
@ -1,4 +1,7 @@
|
||||
{ stdenv, fetchurl }:
|
||||
{ stdenv, lib, fetchurl
|
||||
, enableSSO ? false
|
||||
, crowdProperties ? null
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "atlassian-confluence-${version}";
|
||||
@ -19,6 +22,14 @@ stdenv.mkDerivation rec {
|
||||
rm -r logs; ln -sf /run/confluence/logs/ .
|
||||
rm -r work; ln -sf /run/confluence/work/ .
|
||||
rm -r temp; ln -sf /run/confluence/temp/ .
|
||||
'' + lib.optionalString enableSSO ''
|
||||
substituteInPlace confluence/WEB-INF/classes/seraph-config.xml \
|
||||
--replace com.atlassian.confluence.user.ConfluenceAuthenticator\
|
||||
com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator
|
||||
'' + lib.optionalString (crowdProperties != null) ''
|
||||
cat <<EOF > confluence/WEB-INF/classes/crowd.properties
|
||||
${crowdProperties}
|
||||
EOF
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
|
||||
@ -1,4 +1,7 @@
|
||||
{ stdenv, fetchurl }:
|
||||
{ stdenv, lib, fetchurl
|
||||
, enableSSO ? false
|
||||
, crowdProperties ? null
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "atlassian-jira-${version}";
|
||||
@ -17,6 +20,14 @@ stdenv.mkDerivation rec {
|
||||
rm -r logs; ln -sf /run/atlassian-jira/logs/ .
|
||||
rm -r work; ln -sf /run/atlassian-jira/work/ .
|
||||
rm -r temp; ln -sf /run/atlassian-jira/temp/ .
|
||||
'' + lib.optionalString enableSSO ''
|
||||
substituteInPlace atlassian-jira/WEB-INF/classes/seraph-config.xml \
|
||||
--replace com.atlassian.jira.security.login.JiraSeraphAuthenticator \
|
||||
com.atlassian.jira.security.login.SSOSeraphAuthenticator
|
||||
'' + lib.optionalString (crowdProperties != null) ''
|
||||
cat <<EOF > atlassian-jira/WEB-INF/classes/crowd.properties
|
||||
${crowdProperties}
|
||||
EOF
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
|
||||
Loading…
Reference in New Issue
Block a user