Security considerations for Rational Lifecycle Integration Adapters

You can take actions to ensure that your installation is secure, customize your security settings, and set up user access controls. You can also ensure that you know about any security limitations that you might encounter with this application.

Enabling security during installation

For the JIRA adapter:

For the HP ALM adapter:

For Tasktop Edition adapters:
  • There are no unique steps that are related to security during interaction with the installation wizard. If the product is installed as a Windows service, a password must be set for a service account that is used by the product on the system, see Windows Service How-to.
  • The product uses a local H2 database for storage. The database is not encrypted and accessible with fixed credentials: username user and password pass. The database is not accessible to the user. File access to the database and other local storage in the working directory must be secured by the product administrator.
  • Web container must use the HTTPS protocol in production. See Web Container Configuration.
  • Authentication must be enabled for the OSLC adapter. See Task Linking Configuration.

Ports, protocols, and services

For Tasktop Edition adapters:

  • Web container uses the HTTP or HTTPS protocol and a port that is chosen by the product administrator. For details, see Web Container Configuration.
  • The product communicates with the ALM repositories through protocols and ports that are configured by the repositories. Usually it is the HTTPS protocol.

Enabling secure communication between multiple applications

When applicable, use SSL HTTPS connections between the Rational® Lifecycle Integration Adapters and any other web-based application.

Secure communication among multiple applications is set through the Rational Collaboration for Lifecycle Management interface when establishing friend relationships to adapter servers. Consult Rational Collaboration for Lifecycle Management for further information.

Setting up user roles and access

For the Git adapter:

The GitWeb and Gerrit receive hooks communicate with the Jazz™ Team Server and the Git adapter application through https using the URLs you provide when you configure the hooks. You also specify a Jazz user ID and password as part of this configuration. This user ID is used to log into the Jazz Team Server and create resources in the Git adapter database. These credentials are stored in the Git configuration, and anybody with access to execute the git config command or view the Git config file can view these credentials in clear text. You must lock down the Jazz User ID you configure for the hooks as appropriate. This user ID requires JazzUsers repository permissions to write to the Git adapter database, but does not require read or write access to your Rational Team Concert™ projects and work items. For more information about the users that are required for the adapter to work with Rational Team Concert, Jazz Team Server, Gerrit, and Gitweb, see Adapter users.

For the HP adapter:

For best security, enable your HP ALM server for LDAP authentication and set up account lockouts.

Customizing your security settings

For Tasktop Edition:

Privacy policy considerations

This software offering does not use cookies or other technologies to collect personally identifiable information. For more information about cookies, see Notices.

The Rational Adapter for HP ALM might use a session cookie that tracks your browser session and persistent cookies that remember the state of folder trees. None of the cookies contain personally identifiable information. These cookies cannot be disabled.

Security limitations

It is possible to use the adapters without SSL, but not that is not recommended.


Feedback