This documentation relates to an earlier version of FishEye.
View

Unknown macro: {spacejump}

or visit the current documentation home.

A 'trusted application' is an application that FishEye will allow to access specific functions in FishEye, on behalf of any user — without the user logging in to FishEye. Trusted applications is a new feature in Crucible 1.2.2 and FishEye 1.4.2. At this time, JIRA 3.12 and Confluence 2.7 can be configured as trusted applications.

Note: FishEye and Crucible share the same trusted applications — an application trusted by FishEye is also trusted by Crucible.

Before you begin, note that configuring a trusted application requires the transmission of sensitive data. To prevent 'man-in-the-middle attacks', it is recommended that you use an encrypted SSL connection while configuring a trusted application.

Adding a Trusted Application

To add a trusted application to FishEye:

  1. Click the menu labelled with your user name in the the FishEye/Crucible header, and click the 'Administration' option. You will need to be logged in as an administrator to see this link. The FishEye/Crucible administration console will be displayed.
  2. Click 'Trusted Applications' under 'Global Settings' on the left navigation bar.
  3. Click 'Add a Trusted Application'. The 'Trusted Application' screen opens.

Screenshot: Trusted Application setup

On this page, there are two areas, the 'Identification' area and the 'Access Permissions' area.

Configuring Identification Settings

Under the 'Identification' heading, there are two fields, 'URL' and 'Id'.

URL field

In this field is where you will enter the Trusted Application Public Key URL of the application you wish to trust. For example, if your application's base URL is;

'http://www.mycompany/jira/'

you would enter that into the URL field. Once you've done this, click the button. FishEye will then retrieve the Trust Certificate Id from the other application and display it in the Id field. If this step fails, you may not have not entered the correct URL for the other application.

Id field

This field contains the Trust Certificate ID, once you have filled out the URL field correctly (see above) and clicked the button. The contents of this field are not editable.

(Note: The application you are trusting must support Trusted Applications also. JIRA 3.12 and Confluence 2.7 support this.)

Configuring Access Permissions

Under the Access Permissions heading, there are three fields, URL Patterns, IP Address Patterns and Certificate Timeout. These allow you to further restrict requests from a trusted application.

URL Patterns field

With this field, you can limit the access a trusted application has to FishEye. It it not necessary to specify anything for this field; in fact a blank value is a sensible default. The default behaviour is no restriction.

The text that you specify should not include your hostname, IP address or port number, rather it relates to folders on the server, that start with the text you provide.

For example, if you use this setting:

/foo

then FishEye will trust only the requests to FishEye URLs starting with /foo, e.g. /foo/bar, /foobar and /foo/bar/baz/x. You can specify multiple URLs by separating them with a comma.

URL Patterns do not support wildcard characters or regular expressions in FishEye.

IP Address Patterns field

With this field, you can limit the trusted network addresses for other applications. You can use wildcards to specify a number range, and multiple addresses can be separated with commas. For example, if you use this setting:

192.168.*.*,127.0.0.0

then FishEye will only trust requests from machines with the IP addresses 192.168.anything.anything (a group of network addresses) and 127.0.0.0 (a single host). The default is no restriction.

Ensure that you specify an IP address for the application that you are trusting when configuring trusted applications in FishEye. Do not use the wild card *.*.*.* as the IP address. Failure to configure IP address restrictions is a security vulnerability, allowing an unknown site to log into your FishEye site under a user's login ID.

Certificate Timeout field

With this field, you can set the number of milliseconds before the certificate times out. This feature's purpose is to prevent 'replay attacks'. For example, if an attacker intercepts a request, they may attempt to extract the certificate and send it again independently. With the certificate timeout, the application will be able to tell that this is no longer a valid request. The default value is 1000 (one second).

A shorter time out is more secure, but if set too short, it may cause valid requests to be rejected on slower networks.

Once you've finished entering the settings for the Trusted Application, click to confirm and activate the trust relationship.

Editing Trusted Application Settings

Once you have configured your trusted application(s), you can view the settings on the main 'Trusted Applications' page.

Screenshot: Trusted Applications list

From this screen, you can click 'Edit' to make changes to the trusted application settings, or click 'Delete' to remove the trust relationship for that application.

  • No labels



Log a request with our support team.



Raise an issue for our developers.



See answers from the community.



Blog and update our documentation.

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.