Software:Crowd
| Developer(s) | Atlassian |
|---|---|
| Initial release | 5 April 2007 |
| Stable release | 1.0
/ 1.0 |
| Written in | Java |
| Operating system | |
| Type | Collaborative software |
| License | Proprietary |
| Website | www |
Crowd is a web-based identity access management and SSO service developed by Australian software company Atlassian.[2] Atlassian wrote Crowd in the Java programming language and first published it in 2007[3]. Crowd Standalone comes with a built-in Tomcat web server and support for multiple Database platforms including PostgreSQL, MySQL, and Microsoft SQL Server.[4]
The company markets Crowd as enterprise software, licensed as either on-premises software or software as a service running on AWS.[5] Crowd has captured a small amount of market share, but is in use by notable organizations such as the United Kingdom via their UK Government G-Cloud program[6], and NASA.[7]
History
Atlassian released Crowd 1.0 on March 5, 2007, saying its purpose was to "enable[s] IT administrators and application developers to quickly integrate and deploy single sign-on using popular directories such as Microsoft Active Directory and Apple OS X Open Directory. As well as giving IT administrators a single consolidated point of user management"[3]
In recent versions, Crowd has evolved to provide tighter integration with the Atlassian software suite– with additional features including license usage reporting[8], and limited automatic group management.[9] Despite this, customer reception has been lukewarm– With some customers stating that the product lacks the feature set of other solutions.[10]
In 2017, Atlassian released Crowd 3.0 Data Center to add high availability with load balancing across nodes in a clustered setup.[11]
Security
On May 22, 2019, Atlassian released a public security advisory affecting Crowd server and data center[12][13]– CVE-2019-11580. This vulnerability allowed a malicious actor to install an arbitrary plugin to affected versions via an unauthenticated request, effectively allowing unauthenticated remote code execution (RCE).[14]
See also
- Identity management
- Identity Access Management
- List of single sign-on implementations
- SAML-based products and services
References
- ↑ "Supported Platforms". Atlassian. https://confluence.atlassian.com/crowd/supported-platforms-191851.html.
- ↑ "Crowd Product Page". Atlassian. https://www.atlassian.com/software/crowd.
- ↑ 3.0 3.1 "Crowd Connects Web Apps, LDAP". atlassian.com. 5 March 2007. https://www.atlassian.com/blog/archives/crowd_connects$.
- ↑ "Supported Platforms". Atlassian. https://confluence.atlassian.com/crowd/supported-platforms-191851.html.
- ↑ "Atlassian Standard Infrastructure on AWS". https://aws.amazon.com/quickstart/architecture/atlassian-standard-infrastructure/.
- ↑ "UK Digital Marketplace". https://www.digitalmarketplace.service.gov.uk/g-cloud/services/388002439740739/.
- ↑ "Mini Orange". https://miniorange.com/atlassian/atlssian-single-sign-on-sso-for-nasa/.
- ↑ "Monitoring license usage". atlassian.com. https://confluence.atlassian.com/crowd/monitoring-license-usage-973480265.html.
- ↑ "Automatically Assigning Users to Groups". atlassian.com. https://confluence.atlassian.com/crowd/automatically-assigning-users-to-groups-194806197.html.
- ↑ "Why We Need to Talk About Crowd from Atlassian". isostech.com. https://blog.isostech.com/atlassian/we-need-to-talk-about-crowd.
- ↑ "Crowd 3.0 Release Notes". atlassian.com. https://confluence.atlassian.com/crowd/crowd-3-0-release-notes-934719586.html.
- ↑ "CVE-2019-11580" (in en). cvedetails.com. https://www.cvedetails.com/cve/CVE-2019-11580/.
- ↑ "Crowd CVE-2019-11580 bug tracking ticket CWD-5388" (in en). atlassian.com. https://jira.atlassian.com/browse/CWD-5388/.
- ↑ "CVE-2019-11580 proof-of-concept attack" (in en). Corben Leo. 14 July 2019. https://corben.io/atlassian-crowd-rce/.
 |  |
