Due to some maintenance issues, this service has been switched in read-only mode, you can find more information about the why

and how to migrate your plugin documentation in this blogpost

Skip to end of metadata
Go to start of metadata

Plugin Information

View Crowd 2 Integration on the plugin site for more information.

Older versions of this plugin may not be safe to use. Please review the following warnings before using an older version:

This plugin is up for adoption. The maintainer is looking for a co-maintainer or successor. Click here to learn more!

Crowd 2 Plugin

This plugin enables use of Atlassian Crowd >= 2.1.x as an authentication source.Crowd is a commercial identity management and Single Sign-On (SSO) application.


To configure the plugin, you first need to create a new application in Crowd. https://confluence.atlassian.com/crowd/adding-an-application-18579591.html has more information on how to configure applications in Crowd.

Be sure to also allow connections to Crowd from the server Jenkins runs on.

Next you need to configure a group that contains all users that are allowed to login into Jenkins. https://confluence.atlassian.com/crowd/managing-users-and-groups-193223.html has more information how to manage users and groups.

Once you have the application and group configured in Crowd, you can enable Crowd-based security in Jenkins on the "Manage Jenkins" page. Enter the URL of your Crowd server (will typically end with .../crowd) as well as the application name, password and group name you configured in Crowd.

Click on the "Check Connection" button to ensure that your connection credentials are valid.

Crowd supports nested groups, i.e. groups which contain other groups as members and groups that are members of other groups (see http://confluence.atlassian.com/display/CROWD/Nested+Groups+in+Crowd). If you want to use this feature, click on the "Advanced..." button and enable it. This may degrade performance, depending on your server configuration.

This plugin doesn't support Crowd roles. As long as there's not enough interest, it's unlikely that they are supported in a future version because they are deprecated since Crowd 2.0 (see here for details).


This plugin has been tested with Jenkins 1.431 and Crowd 2.3.x, but was built using Jenkins core 1.398 so it should work with Jenkins >= 1.398.

This plugin uses Crowd REST APIs for connecting to Crowd and therefore requires Crowd >= 2.1
(see http://developer.atlassian.com/display/CROWDDEV/Crowd+REST+APIs). If you have an older Crowd server, use the older "Crowd Plugin" instead.


Is Single-Sign-On (SSO) supported?

Yes :-) That was the main reason I wrote this plugin.

What's the difference between this plugin and "Crowd Plugin"?

Apart from SSO this plugin contains fixes for almost all open issues of the "Crowd Plugin". (If you look at the issue navigator, there are actually seven; five of them are almost or even older than one year. Looking at the source code at GitHub (https://github.com/jenkinsci/crowd-plugin), there doesn't seem to be much activity trying to fix them). I have to admit that I haven't tested JENKINS-9924 so far, i.e. what happens when the Crowd server is down. This will be done in the near future.

A more technically answer is that this plugin code was written from scratch using a different API to connect to the Crowd server, i.e. the Crowd REST APIs. These are recommeded by Atlassian for long-term compatibility.

In contrary, the "Crowd Plugin" uses Crowd's Java integration libraries that have the disadvantage that one perhaps has to re-compile the source code when a new Crowd release is available and one has to update these libraries.

Why do I have to choose a group for users?

To restrict the number of your Crowd users that are allowed to login. I thought it's cool to have such a feature because for example Confluence and JIRA, other well known products from Atlassian, also work that way.

Is there Localization support?


Actually only German localization is included. If you can translate a couple of messages and info texts into other languages, please send me a note, and I'll include them in a newer version.

Version History

Version 2.0.1 (Sep 25, 2018)

Version 2.0.0 (Jul 23, 2018)


Fixed Bugs

  • JENKINS-16703 - Too many periodic requests to Crowd server
  • JENKINS-27070 - Plenty of "SEVERE: Host connection pool not found, hostConfig=HostConfiguration"


  • JENKINS-40472 - Crowd2 plugin should allow blanks in parameter 'Restrict groups'
  • Added possibility to enable caching to reduce remote calls to Crowd

Thanks a lot Arnaud Héritier, Unknown User (gmshake) and all others who tested, gave input and had patience

Version 1.8 (Aug 1, 2014)

  • [JENKINS-23208] Fixed trace with enabled "remember me" checkbox.
  • isAuthenticated() in /whoAmI page is now true.

Version 1.7 (Apr 23, 2014)

  • [JENKINS-21852] Added http proxy configuration.
  • [JENKINS-18791] Session validation interval saved from ui.
  • [JENKINS-13279] Don't use ssoTokenHelper, work with Embedded Crowd in Jira.
  • [JENKINS-16703] More options for connection configuration.
  • Updated rest-api library to 2.7.1

Version 1.6 (Nov 23, 2013)

Note: check that your group list uses CSV separator and you have SSO checkbox enabled (if you use it).

  • pull #3 Fixed bug whereby bogus user IDs were created that included display names. When upgrading, manual cleanup of $JENKINS_HOME/users/ may be required.
  • JENKINS-15509: Don't require group.
  • JENKINS-15753: Allow spaces in group names.
  • JENKINS-19212: Make "useSSO" optional.
  • Updated rest-api library to 2.6.6.

Version 1.5 (Aug 23, 2012)

Version 1.4 (Nov 25, 2011)

  • Upgrade commons-httpclient version to 3.1.

Version 1.3 (Oct 27, 2011)

Fixed the following bugs:

  • JENKINS-11418: Crowd2 doesn't always show full user name
  • JENKINS-11507: Single-sign-on isn't working correctly in the Crowd 2 plugin

Version 1.2 (Oct 19, 2011)

  • Fixed a problem that prevented you at least from adding pre- or post build steps when reconfiguring a build job.
  • Added some debug log messages.

Version 1.1 (Oct 11, 2011)

  • Fix for a problem that I discovered in combination with the Email-ext plugin: Sending emails to the logged-in user was not possible because a lookup operation in the Crowd server for details about a user failed.
  • The Crowd user Id is now shown besides the display name of the logged-in user.
  • Added more debug log messages.

    The debug log messages are usually not shown in Jenkins' console output because they are logged with log level FINE or below. See here how to enable them (the plugin uses logger classes de.theit.jenkins.crowd.XXX).

Version 1.0 (Sep 23, 2011)

  • Initial release


  1. Unknown User (agent_orange)

    I think there is an issue with the "group" requirement or perhaps I dont understand how to use it. I have all my users of jenkins in a group, say jenkins-users and I have automation accounts (for sending messages on IRC or Jabber for instance) in another group service-accounts. I dont have control over these groups, they are set by external admins.

    I would like to allow both groups access, but the groups entry only allows me to specify one entry, if I leave it blank it complains that it must be specified. In JIRA, Fisheye, etc I can assign multiple groups to resolve from, and in general I specify this in the crowd admin panel when setting up the app.

    Is it possible to allow multiple groups, or perhaps a wildcard, or ideally disable this requirement since I already set it up in crowd?

    1. Unknown User (t_heit)

      Finally this feature is contained in the recently released version 1.5; see the version history above.

  2. Unknown User (krisse)

    Hi, we are having problems with this Crowd-plugin. 

    When logged in, Jenkins (+crowd-plugin) gets all user data from our crowd-server just fine (we checked that with tcpdump), but still there is "Log in" text upper right corner, instead of username that we tried to login with. There is no error messages or anything, it just returns to the Jenkins. Seems like it somehow does not "keep" the current login session on.. 

    Our access control setup on the Jenkins looks like this:

    We have tried with both; https/http, with or with out port number - it does make any different, and as said, connection works fine. Keeping the login session open is the thing..

    Any tips for this?

    Thanks, Kristian


    Jenkins ver.1.547
    Crowd 2 Integration 1.6
    Atlassian Crowd Version: 2.2.2 (Build:#478 - 08-03-2011)

    1. Unknown User (krisse)

      Hi, we now got Crowd authentication working with this new version (1.8). 

      Thanks, Kristian

  3. Unknown User (garybucher)

    Hello, We are having issues when specifying multiple groups with this plugin.  When the groups belong to the same crowd directory, it works fine. However, when the groups are in different crowd directories, the second group seems to be ignored.  i.e. none of the members of that second group appear in the list of known Jenkins users.

    Is there a trick that will allow it to add users from groups in different directories?  We need a different directory for our admin users.



  4. Unknown User (deepak841)


    Does anyone know if this plugin works with the latest versions of Crowd like 2.11 as well?

    I am having an issue with Crowd 2.11, I am not getting logged into Jenkins when logging into other applications like JIRA or Crowd.

    But other scenarios like Logging into Jenkins, and automatically get logged into other Atlassian apps are working fine.



  5. Unknown User (crbreingan)

    I have a similar problem to Deepak above. 

    The crowd authentication works fine, but when I enable SSO, I get a lot of issues.

    • If I log into Jira or other SSO tools, that does not log me in to Jenkins. However, if I log into Jenkins, it then also signs me into the other SSO tools. 
    • I frequently get logged out of Jenkins. Every few minutes I have to log in again. This happens regardless if SSO is turned on, but when SSO is on, I also get logged out of other tools. 

    I've had to disable the SSO because it just keeps logging people out of the other tools that we use. We just have to re-login to Jenkins every few minutes. 

    Using Jenkins version 2.138.1 and Crowd version 3.0.1

  6. Unknown User (tcsabina)

    I am struggling to make this plugin completely work. I have 3 directories in Crowd: 2 is not synchronized with Active Directory, and 1 is synched.

    Call them admin-fallback, none-AD, and AD.

    I've created new groups:

    jenkins-admins in admin-fallback, none-AD, and AD.

    jenkins-users in none-AD, and AD.

    But authentication only works for users in the jenkins-users group in the none-AD directory. How to debug this?