The Integration Bridge can use OAuth authentication when connecting to Agile Manager, instead of using the credentials of an Agile Manager user.

All new Integration Bridge installations use OAuth authentication.

Existing bridges upgraded to version 1.03 or later continue to use Agile Manager user credentials until the password expires or until you manually update the bridge to use OAuth.

For details, see Synchronizer Integration Bridge: New way to connect to Agile Manager.

Communication between the Integration Bridge and Agile Manager is secured by SSL.

The bridge logs in to Agile Manager using the Agile Manager user credentials or client ID and secret provided during installation, or later as described in Set Agile Manager credentials.

Connections using a certificate that is not signed by a well-known Certificate Authority

If you connect to a secured Agile Manager or ALM server using a certificate that is not signed by a well-known Certificate Authority, you must establish trust for the certificate.

To establish this trust, import the issuer's certificate to the JRE's truststore in the following directory:

<Integration Bridge installation directory>\product\util\3rd-party\jre1.7.0_51\jre\lib\security\ (On Linux, reverse the slashes in this path and the ones below)

Do the following:

1. With Agile Manager or ALM open in your browser window, export the certificate from the browser, and save it to a file named server.cer.

2. On the Integration Bridge machine, place the server.cer file in the <Integration Bridge installation\product\util\3rd-party\jre1.7.0_51\jre\bin directory.

3. Use the keytool command from the <Integration Bridge installation>\product\util\3rd-party\jre1.7.0_51\jre\bin directory to import the server.cer file to the <Integration Bridge installation>\product\util\3rd-party\jre1.7.0_51\jre\lib\security\cacerts directory.

   For example:

   (Windows) keytool.exe -import -v -trustcacerts -alias <alias> -file server.cer -storepass <password> -keystore <Integration Bridge installation>\product\util\3rd-party\jre1.7.0_51\jre\lib\security\cacerts

   Note: You may need to repeat this command for the rest of the certificate chain, using a different alias each time.

4. Restart the Integration Bridge.

Passwords for connecting to endpoints are encrypted and saved on the customer's machine, preventing credentials from being transferred to another machine.

The encryption method uses keys that are randomly generated during installation. The bridge uses AES 128 as the main encryption method.

Download sources	Do not download the Integration Bridge installation file or updates from unknown sources.
Integration Bridge machine	Install the Integration Bridge on a dedicated, hardened machine.
Integration Bridge network	Deploy the Integration Bridge in an isolated network, with a firewall between the bridge and the target on-premises application. Port 443 must be open for communication with Agile Manager. Additional ports may be required to be opened for internal communications with other on-premises applications.
Integration Bridge permissions Windows only	By default, the Integration Bridge service runs using the Windows Local System service user. To increase system security, assign a simple Windows user to run the Integration Bridge. Install the Integration Bridge in a folder other than the Program Files folder. This will enable you to grant the simple user permissions on the Integration Bridge installation folder. Grant the user full permissions (Read/Write/Execute) on the installation folder. Grant the user permissions to manage the Integration Bridge Windows service. Open the Windows Service Manager, modify the HPE Integration Bridge service to run using the simple user's account and then restart the service. Tip: You can protect the Integration Bridge installation folder by granting permissions to that folder only to administrators, the Local System service user, and the dedicated user you created.
Integration Bridge permissions Linux only	The Integration Bridge runs using the permissions of the Linux user that installed it, and this user will have full read, write, and execute permissions on all of the folders and files installed with the bridge. Therefore, you may want to consider installing the Integration Bridge as a non-root user. If you do: We recommend creating a dedicated user for managing the Integration Bridge. Use this user to install the bridge, and to manage the bridge activation manually when necessary. Protect the following files by changing their owner to root: <Integration Bridge installation>/product/bin/HPEIntegrationBridge.sh <Integration Bridge installation>/product/conf/wrapper.properties
Installing multiple Integration Bridges	If you install multiple bridges, we recommend that you use a separate set of Agile Manager credentials (client ID and secret) for each bridge.
Integration Bridge user	The Agile Manager user with the Integration Bridge role should not have any other additional roles.
On-premises application users	When defining permissions for users of on-premises applications that communicate with Agile Manager, such as ALM users, limit permissions to specifically required operations only.

When a new version of the Integration Bridge is available, it is automatically downloaded from Agile Manager. The signature on the downloaded file is verified before the new version is installed.