A 'trusted application' is an application that JIRA will allow to access specified functions on behalf of any user — without the user logging in to JIRA.

For example, when Confluence is configured as a trusted application, every Confluence user will see exactly the same list of issues when they view the Confluence 'JIRA Issues' macro as they see when they use the JIRA Issue Navigator as a logged-in JIRA user. Likewise, the Confluence 'JIRA Portlet' macro will appear exactly the same as it does on the user's JIRA Dashboard.

At this time, Confluence (version 2.7 or later) is the only application that can be configured as a trusted application.

Trusted applications are a potential security risk. When you configure a trusted application, you are allowing the application to access JIRA as any user. By doing this, you are bypassing all the built-in JIRA security measures. Do not configure a trusted application unless you trust all code in this application to behave itself at all times, and are sure that the application will maintain the security of its private key.

Adding a trusted application

Before you begin: Note that configuring a trusted application requires the transmission of sensitive data. To prevent 'man-in-the-middle' attacks, it is recommended that you use SSL while configuring a trusted application.

To add a trusted application,

1. Log in as a user with the 'JIRA System Administrators' global permission.
2. Bring up the administration page by clicking either the 'Administration' link on the top bar or the title of the Administration box on the dashboard.
3. In the left-hand panel, under the title 'System', click the 'Trusted Applications' link. The 'Trusted Applications' page will be displayed, showing a list of configured trusted applications (if any). The 'Request New Trusted Application Details' box is shown below the list.
   
4. In the 'Base URL' field, type the URL that you use to access the application you wish to add (e.g. 'http://confluence.mycompany.com:8080' or 'http://www.mycompany.com/confluence').
5. Click the 'Send Request' button to retrieve the application's ID and public key. The 'Add New Trusted Application' screen will be displayed:
   
6. In the 'Application Name'field, the URL which you typed on the previous page will be displayed. You can optionally change this if you wish (e.g. if you typed 'http://confluence.mycompany.com:8090' on the previous page, you might want to change it to just 'Confluence').
   • Note: the 'Application ID' is generated automatically by JIRA and cannnot be edited.
7. In the 'Timeout' field, type the maximum elapsed time (in milliseconds) that a request can take to be processed.
8. In the 'IP Address Matches' field, type the IP address (or multiple addresses, one per line) from which JIRA will accept requests on behalf of the trusted application. You can specify wildcard matches by using an asterisk , e.g. ' 192.111..'.
   • If you are using a proxy server that makes an HTTP request on the client's behalf (e.g. Squid, mod_proxy), you need to add the proxy server's IP address to this field as well as all the clients' IP addresses.
   • If you are using a proxy server that passes the client's IP address directly via an application server's API (e.g. AJP for Tomcat, such as mod_jk or IIS's Tomcat Connector, or mod_caucho for Resin) — or if you are not using a proxy server — then you only need to enter the clients' IP addresses.
   • If you are configuring a clustered instance of Confluence as a trusted application, you need to set up JIRA to receive requests from each Confluence node. If you do not set up each node appropriately, users may not be able to view any JIRA information in Confluence (e.g. a jiraissue macro request). You can set this up by either:
     • specifying each individual IP address for each node of the cluster separated by commas, e.g. 172.16.0.10, 172.16.0.11, 172.16.0.12 , or
     • specifying the IP address for your clustered Confluence instance using wildcards e.g. 172.16.0.*
9. In the 'URL Paths to Allow'field, type the JIRA URLs that the application will be allowed to access. Each URL corresponds to a particular JIRA function. By default, the following will be included:
   • ' /sr/jira.issueviews:searchrequest ' — This allows the application to search for JIRA issues.
   • ' /secure/RunPortlet ' — This allows the application to access JIRA dashboard portlets.
   • ' /rest ' — This allows the application to call JIRA's REST API, which is required if you wish users to be able to display JIRA gadgets on their Confluence pages.
10. Click the 'Add' button.
11. The 'Trusted Applications' page will be displayed, with your new trusted application now shown in the list.