Generating Authentication Tokens
You can generate authentication tokens from either the ADMINISTRATION view in Fortify Software Security Center, or from the command-line interface. Only you can see the details of your tokens. A Fortify Software Security Center administrator can extend the life of a token you create, but not beyond the maximum days to live for that token.
Note: Be aware that you can create a token of any type, but if you do not have the permission required to perform the action that the token is designed to perform, you will not be able to use the token.
Generating a Token from the ADMINISTRATION View
To generate an authentication token from the Fortify Software Security Center user interface:
- On the Fortify page header, select ADMINISTRATION.
- In the left pane of the ADMINISTRATION view, expand the Users section, and then select Token Management.
-
To open the Create Token dialog box, on the Token Management toolbar, click NEW.
-
From the Token Type list, select the type of token you want to create.
To see a list of available token types, see the table in Generating a Token from the Command Line.
The Create Token dialog box displays a description of the selected token type in the right pane.
-
Use the Expiration calendar control to specify the date on which the token is to expire. (The expiration time is set to the current time on the specified date.)
Note: By default, the expiration date value is set to the maximum number of days to live for the selected token type. You can set this to an earlier date to give the token a shorter life. .
- In the Description box, type a description of the intended use of the new token.
-
Click SAVE.
The Create Token dialog box displays a message to let you know the token was successfully created.
-
At the bottom of the message, copy either the encoded or decoded token string and save it. (Software Security Center will not display these again.)
The Token Management page now lists the new token.
Generating a Token from the Command Line
To generate a token from the command line, run the following:
fortifyclient token -gettoken <token_name> -url <ssc_url> -user <username> ‑password <password>
The following table lists the available <token_name> options.
|
Option |
Description |
|---|---|
| AnalysisDownloadToken | Download merged result files |
|
AnalysisUploadToken |
Upload scan results to Fortify Software Security Center and list applications |
|
AuditToken |
Load details about current security issues and apply analysis tags |
| CIToken | Enables integration of Software Security Center with continuous integration plugins |
| PurgeProjectVersionToken | Provides the capability to programmatically request a list of all application versions, and to purge application versions from Fortify Software Security Center |
| ReportFileTransferToken | Typically created programmatically by automation scripts using the /fileTokens endpoint to support downloading an existing report within an authenticated session |
|
ReportToken |
Enables users to: Request list of saved reports Request saved report based on the report ID Delete saved reports Return list of saved reports associated with a specific application version Generate new reports |
| ScanCentralCtrlToken |
For ScanCentral communications using the Fortify ScanCentral CLI tools |
| ToolsConnectToken | Use this token with the Fortify Static Code Analyzer applications (including Audit Workbench, IDE plugins, and utilities) that connect to Fortify Software Security Center for collaborative auditing, remediation, and uploading of scan results. |
| UnifiedLoginToken | Enables access to most of the REST API. It is intended for short-run automations that last less than a day. |
Authentication tokens are defined at runtime in WEB-INF/internal/serviceContext.xml.
See Also
Specifying DaysToLive for fortifyclient Authentication Tokens.