Posts tagged with: security


Changes to authentication with Atlassian plugins

When integrating Testlab with your Atlassian products such as JIRA, there might be credentials related at your Atlassian side. Previously, for example with JIRA, the integrations required you to create an user account to JIRA and configure the credentials (including the password) to your Testlab project. Atlassian has made some changes and at least with JIRA Cloud, using passwords in this kind of scenario has been deprecated.

Documentation for setting up our integrations have been updated. In this post, we also provide instructions what to do to get your integrations up and running.


Replacing passwords with API tokens

Atleast for some operations, the integrations rely on operations provided by JIRA’s so called REST APIs. It might vary a bit depending on your JIRA version, but at least with the current JIRA Cloud, you should replace all passwords with so called API tokens. What you should do is that for the (JIRA) user you are integrating with, you should create an API token and use the token as the password at Testlab side. For technical details, you can read more about JIRA’s authentication via the links provided at the end of this article.

When using JIRA Cloud, to create an API token,

  1. With the user account you are integrating with, log in to
  2. Click Create API token
  3. Give your token an label and click Create
  4. Click Copy to clipboard and paste the token as a “password” when configuring the integration at Testlab side

That’s it. Your server installed JIRA might also require use of API tokens. If so, refer to your JIRA administrator or JIRA documentation on help how to do this.




Tags for this post: integration jira security usage 


Heartbleed: Testlab not affected


There has been a lot of discussion lately about serious security vulnerability CVE-2014-0160 commonly called Heartbleed.

The issue resides in a commonly used cryptographic software library OpenSSL which potentially might compromise sensitive data such as user credentials and cryptographic keys from the servers.  

We would like to inform that Meliora Testlab service is not affected.

The transport confidentiality is and has been guaranteed and communicated data successfully encrypted so users of Testlab are not required to change their passwords because of Heartbleed vulnerability. We would like to remind though that it is a good practice to change your password regularly and to make sure your password strength is good enough.



Tags for this post: product security 


Easier authentication for Meliora Testlab

Are your users affected by password fatigue from entering different username and password combinations? Do you want to reduce IT costs due to lower number of IT help desk calls?

Meliora Testlab has support for an external authentication source with SSO (single sign-on or, more appropriately, enterprise reduced sign-on). This means that your users log in to Meliora Testlab with their most used username and password! And at the same time reduce time spent on login prompt.



Most valuable features of Testlab’s new authentication provider are:

  • Integrate to your existing Active Directory
  • Support for various other user databases and authentication methods such as LDAP, DBMS, RADIUS, or X.509 certificates
  • Improves security through not exposing user passwords out of your company network
  • Ability to enforce existing uniform enterprise authentication policies


Example case

Your organization uses Microsoft Active Directory as authentication source and Meliora Testlab as a SaaS service. Meliora provides you with a simple Testlab Authenticator module (green module in the picture below), that is responsible for authenticating your users from Active Directory and providing identification data securely to Testlab.

A technical overview of the components and interactions between them is shown in the following picture.


When an unauthenticated user accesses Testlab, user’s browser gets automatically redirected to your Testlab Authenticator. If needed, Authenticator asks user credentials, validates them from Active Directory and creates a service ticket which is passed to Testlab via redirection. Testlab then validates the ticket from your Authenticator and if valid, grants access to Testlab.

The lifetime of the Authenticator ticket is configurable and is by default 10 hours. This means that if the same user re-logins to Testlab during this time the access is granted automatically without the need of entering the credentials again.


Supported technologies

For SSO, we support using the standard SAML 2.0 WebSSO profile or alternatively, CAS.


Security considerations

There are many security issues to consider when implementing an authentication solution. Meliora has made every effort to create an excellent solution for secure authentication.

Here are some highlights:

  • User credentials never leave company’s intranet
  • For CAS, a single simple and standard web application component is installed to company’s network (Testlab Authenticator, TA)
  • Solution is based on tried and well tested technologies (SAML 2.0 WebSSO standard or CAS)
  • No direct calls from Internet to company’s directory server (Active Directory or other authentication source)

Please, contact us for more information. We are happy to tell you more details about the solution.

Make your life easier and get super-easy authentication to your Testlab!

Meliora team


Tags for this post: announce features plugin product security 

Best-of-class cross-browser hosted SaaS quality and test management, testing and issue management tools to improve your quality. Site information.