Security considerations for Rational® Test Automation Server
For Rational® Test Automation Server, you can take actions to ensure that your installation is secure, customize your security settings, and set up user access controls.
- Enabling secure communication between multiple applications
- Ports, protocols, and services
- Customizing your security settings
- Setting up user roles and access
Enabling secure communication between multiple applications
This self-signed certificate must be replaced by a certificate signed by a certificate authority trusted by your organization. For more information, see X.509 Certificate User Authentication in the Keycloak documentation.
For information about how the self-signed certificate was created, see the ssl.sh
file in the
<install-directory>/prepare/
directory.
Ports, protocols, and services
TCP port 443 is used by the majority of communications with the server.
TCP port 7085+ is used by test execution agents to poll for work.
Customizing your security settings
User registration
By default, users can sign up themselves with the server. In some environments, this self sign-up might be undesirable. It can be changed by switching off user registration. For more information, see User Registration in the Keycloak documentation.
By default, user email addresses are not verified. This verification must be enabled in production environments. For more information, see Email settings.
Setting up user roles and access
Single sign-on
By default, Keycloak manages users and passwords locally. In production environments, it is normally appropriate to use single sign-on. For more information, see LDAP user administration.
Administration only accounts
Users in the Administrator group can discover all projects stored on the server (including private ones) and assign themselves and others roles in those projects.
For this reason, users who use the server to perform both administration and non-administration tasks must have two different accounts, one for each purpose. For more information, see Default user administration.