Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. Platform Administration
  2. Topology

Access Federation

📘

Subscription Information

This feature is supported with the Enterprise+ license.

Access Federation gives you control over access to all, or any subset of your services from one location by synchronizing all security entities (users, groups, permissions, and access tokens) between the federated services. Once Access Federation has been set up, you can manage all security entities in the federated services from one place.

Access Federation supports setting up the security entities you want to synchronize across different federated services, and provides quick and easy configuration to set up a Full Mesh or Star topology. The synchronization process is moderated by a variety of different parameters whose default values have been set to satisfy most installations.

You can define and manage Access Federations using the Access Federation endpoints of the JFrog Platform API.

Before you proceed to the next step of configuring your Access Federation topologies, make sure to configure the Base URL on the Artifactory side and ensure that you have admin permissions.

❗️

Important

Access Federations do not currently support signed URL authentication.

Set Up an Access Federation

The following steps are involved in setting up Access Federation:

  1. Install Mission Control on JPDs to support the Access Federation topology.

  2. Register JPDs and Edge Nodes so you can include them in the Access Federation topology.

  3. Establish a Circle of Trust that includes the JPDs in the Access Federation topology..

  4. Configure Access Federation Topologies

    Establish the connections required so that the Access service in the source JPD can synchronize security entities to the Access service in the target JPDs.

  5. Configure Synchronization in Access Federation

    Configure which security entities an Access service should synchronize to its target services.

Reviving a Stale Service

A stale service has been registered as a synchronization target; however, it has not responded to any attempt to synchronize data for a period longer than that defined in the consider-stale-hours parameter with which the source Access service was configured. Once a target service is deemed stale, the source service will no longer attempt to synchronize data to it. To "revive" a stale service and resume synchronizing data, you need to manually apply the Federation REST API endpoint described in Apply a REST API Endpoint on the Source Service to Invoke a Full Broadcast .

You can revive a stale service manually or configure the system to automatically revive a stale service. For more information, see Revive a Stale Service.

Conflict Resolution in Access Federation

Access Federation has implemented an advanced conflict resolution methodology.

For more information, see Conflict Resolution in Access Federation.

Updated 2 months ago