Crucible 2.3 : Trusted Applications
This page last changed on Jun 29, 2009 by rosie@atlassian.com.
This page contains information about trusted application support in Crucible and how you can configure a trusted application relationship between Crucible and JIRA or Confluence. On this page: A 'trusted application' is an application that can access specific functions in Crucible, on behalf of any user — without the user logging in to Crucible.
Adding a Trusted ApplicationTo add a trusted application to Crucible:
Screenshot: Configuring Trusted Applications On this page, there are two areas, the 'Identification' area and the 'Access Permissions' area. Configuring Identification SettingsUnder the 'Identification' heading, there are two fields, 'URL' and 'Id'. URL fieldIn this field is where you will enter the Trusted Application Public Key URL of the application you wish to trust. For example, if your application's base URL is; 'http://www.mycompany/jira/' Id fieldThis field contains the Trust Certificate ID, once you have filled out the URL field correctly (see above) and clicked the 'Get ID' button. The contents of this field are not editable. Configuring Access PermissionsUnder the Access Permissions heading, there are three fields, URL Patterns, IP Address Patterns and Certificate Timeout. These allow you to further restrict requests from a trusted application. URL Patterns fieldWith this field, you can limit the access a trusted application has to Crucible. It it not necessary to specify anything for this field; in fact a blank value is a sensible default. The default behaviour is no restriction. The text that you specify should not include your hostname, IP address or port number, rather it relates to folders on the server, that start with the text you provide. For example, if you use this setting: /foo then Crucible will trust only the requests to Crucible URLs starting with /foo, e.g. /foo/bar, /foobar and /foo/bar/baz/x. You can specify multiple URLs by separating them with a comma.
IP Address Patterns fieldWith this field, you can limit the trusted network addresses for other applications. You can use wildcards to specify a number range, and multiple addresses can be separated with commas. For example, if you use this setting: 192.168.*.*,127.0.0.0 then Crucible will only trust requests from machines with the IP addresses 192.168.anything.anything(a group of network addresses) and 127.0.0.0 (a single host). The default is no restriction. Certificate Timeout fieldWith this field, you can set the number of milliseconds before the certificate times out. This feature's purpose is to prevent 'replay attacks'. For example, if an attacker intercepts a request, they may attempt to extract the certificate and send it again independently. With the certificate timeout, the application will be able to tell that this is no longer a valid request. The default value is 1000 (one second).
Once you've finished entering the settings for the Trusted Application, click the 'Save' button to confirm and activate the trust relationship. Editing Trusted Application SettingsOnce you have configured your trusted application(s), you can view the settings on the main 'Trusted Applications' page. Screenshot: Trusted Applications list From this screen, you can click 'Edit' to make changes to the trusted application settings, or click 'Delete' to remove the trust relationship for that application. ![]() ![]() |
![]() |
Document generated by Confluence on Jul 29, 2010 20:01 |