Binding Tokens

JFrog Platform Administration Documentation
ft:sourceType
Paligo

Subscription Information

This feature is supported with Enterprise X and Enterprise+ licenses.

Overview

JFrog Platform supports access tokens when configuring the different JFrog products, which provides a flexible means of authentication. With the release of JFrog Artifactory 7.33.8, JFrog introduces a type of token called a binding token, which allows trust to be bi-directional. While binding was available with the older access methods (Circle of Trust, join key, etc.), it has now been implemented as part of the JFrog Platform Deployments function in the Administration tab.

Binding tokens are managed through the JFrog Platform UI. Binding tokens require you to have an enabled Mission Control service, since the binding token is created by Mission Control. Token renewal is also handled by Mission Control.

How do Binding Tokens Differ from a Circle of Trust?

A " Circle of Trust" is established by sharing a public certificate among all participating instances. It is up to the service administrator to make sure that all participating instances are equipped with the certificates. This means that any instance can generate a token to be used with any other instance within the Circle of Trust. In essence, a Circle of Trust means that a service will verify access token signatures against all trusted certificates, including ones generated by other services and set as 'trusted' as part of the Circle of Trust.Circle of Trust (Cross-Instance Authentication)

Binding tokens provide a narrowed trust scope for those customers that do not wish to provide full access to the other JPDs, and also full self-service for Cloud Enterprise customers that can build customizable binding to the other JPDs on their own.

Binding tokens enable admins to create trust between managed JFrog Platform Deployments (JPDs) once the JPDs have been added to the Mission Control instance, thus simplifying the setup across JPDs. This makes it possible to support use cases such as Federated Repositories for Cloud customers.

Circle of Trust for Self-hosted Customers

JFrog Platform will continue to support the Circle of Trust method for Self-hosted customers that allow full access to other JPDs.

From Artifactory version 7.33.8, the JFrog Platform enables you to manage your binding tokens through both the Platform UI (in the Platform Deployments tab in the Administration module).

To create binding tokens in the UI, you will need to make sure of the following:

  • You have Mission Control enabled in your Artifactory

  • You have added JPDs to the Mission Control instance by registering Platform Deployments

Setting up Binding Tokens for Federated Repositories

This section describes the steps for setting up binding tokens for Federated Repositories. To learn about binding tokens for Cold Storage, available from Artifactory release 7.38.4 see Setting Up Cold Artifact Storage.Setting Up Cold Artifact Storage

Note

Binding tokens require you to have an enabled Mission Control service, since the binding token is created by Mission Control. Token renewal is also handled by Mission Control.

  1. From the Administration module, click Platform Deployments | Bindings.

    This displays the list of available JPDs and their bindings.

  2. Click +Add Binding | Federated Repository.

    This displays the Create Binding window.

    create-binding-empty (1).png

  3. In the Select JPDs dropdown list, select the JPDs - source and target - that you wish to bind to each other.

  4. Click Apply.

    The Selection Summary now displays the target and source you selected.

    create-repo-binding.png

  5. To add more JPDs to the binding, add them in the Select JPDs field, and then click Apply again.

  6. Click Create to create the new binding.

    The results of the bindings you created are displayed.

    binding-result.png

If a binding action failed, you may want to go back and verify that the source JPD is available, then try again.

Removing Bindings

Removing a binding between a source JPD and target JPD means you are deleting a bi-directional connection (from source to target and target to source).

  1. From the Administration module, click Platform Deployments | Bindings.

  2. In the Deployment Bindings window, select the checkboxes of the bindings you wish to remove, and then click the Delete button to the right of the binding.

  3. If you are deleting multiple bindings, select all checkboxes, and at the bottom of the window, select Delete.

    This displays a confirmation message that asks if you are sure you wish to remove the binding.

    Removing a binding removes the bi-directional connection (from source to target and target to source).

  4. Click OK to confirm.

    Your action is applied and the results of the unbinding are now displayed.

    unbinding-result.png