Access Federation

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

Subscription Information

This feature is supported with the Enterprise+ license.

Access Federation gives you control over access to all, or any subset of your services from one location by synchronizing all security entities (users, groups, permissions, and access tokens) between the federated services. Once Access Federation has been set up, you can manage all security entities in the federated services from one place.

Access Federation supports setting up the security entities you want to synchronize across different federated services, and provides quick and easy configuration to set up a Full Mesh or Star topology. The synchronization process is moderated by a variety of different parameters whose default values have been set to satisfy most installations.

Before you proceed to the next step of configuring your Access Federation topologies, make sure to configure the Base URL on the Artifactory side and ensure that you have admin permissions.

Set up Access Federation

The following steps are involved in setting up Access Federation.

  1. Enable Mission Control for Access Federation

    Enable Mission Control so that you can register JPDs.

  2. Establish the Circle of Trust

    Establish the basis for your Access Federation topology by providing synchronization target services with the root certificate of the synchronization source service.

  3. Configure Access Federation Topologies

    Establish the connections required so that the Access service in the source JPD can synchronize security entities to the Access service in the target JPDs.

  4. Configure Synchronization in Access Federation

    Configure which security entities an Access service should synchronize to its target services.

Revival of Stale Service

A stale service is one that has been registered as a synchronization target, however, it has not responded to any attempt to synchronize data for a period of time greater than that defined in the consider-stale-hours parameter with which the source Access service was configured. Once a target service is deemed to be stale, the source service will not make any further attempts to synchronize data to it. To "revive" a stale service and resume synchronizing data you need to manually apply the Federation REST API endpoint described in Synchronize Data in Access Federation on the source service.

You can revive a stale service manually or, starting from Artifactory 7.77, configure the system to automatically revive a stale service. For more information, see Revive a Stale Service.

Conflict Resolution in Access Federation

Starting from Artifactory 7.77.x, Access Federation has implemented advanced conflict resolution methodology.

For more information, see Conflict Resolution in Access Federation.