Trusted application configurations
Starting with RVM version 15 and Runtime version v38.126.82.64, OpenFin allows certain trusted application configurations to be granted permissions for secured APIs and other protected features automatically, without showing the Review Security Permissions dialog box to end users.
This feature is intended for environments where desktop owner settings are not in place, users are not allowed to accept permissions requests, and certain trusted vendor applications need to be granted permissions.
Beyond secured APIs, this feature supports configuring licensed media codecs and servers for Chrome extensions.
This feature works by configuring trusted app definitions in the application manifest, which are then validated by the OpenFin RVM against signed configurations provided by OpenFin.
When validated, the specified permissions are granted automatically.
How it works
-
As an application developer, you request that your application configuration be added to OpenFin’s list of trusted app configurations, and provide information about the URLs and requested permissions.
-
On approval, OpenFin provides you with a
trustedAppConfigs
property definition, which contains an embedded digital certificate and includes platform-specific signatures. -
You includes this
trustedAppConfigs
property verbatim in your application manifest. -
When a user launches your app, the OpenFin RVM does the following:
-
Verifies the certificate embedded in the
trustedAppConfigs
definition -
Checks whether the app manifest URL matches the trusted sources defined for the certificate
-
If the URL matches, grants the specified permissions without showing the security permissions dialog box
-
If the system the application is running on has desktop owner settings with API security settings defined, then those settings take precedence over permissions based on the trusted app configuration.
When fetching a manifest, the RVM requires a valid network certificate and does not permit redirects between HTTP and HTTPS connections, ignoring default or explicit values for HTTPS security settings.
This strategy ensures that the manifest is fetched through a secure connection.
If the validation fails because of security checks, the RVM logs the failure and the reason, and discards the trustedAppConfigs
data.
If the HTTPS security settings are not explicitly specified in the registry, the RVM retries fetching the manifest using the default settings; otherwise, it does not retry. In any case, it does not use a trustedAppConfigs
value from a less-secure source.
Information you provide to OpenFin
If you want to declare different sets of protected features for multiple applications that you publish, you can do so.
For each application you publish, you must provide the following information to OpenFin:
-
A match pattern for the URLs that the application’s manifest is served from; this pattern must match only URLs that you control.
Therefore, a match pattern must contain at least a top-level and second-level domain; any wildcard must be at the beginning of the host component of the URL.
Match patterns that containlocalhost
are not accepted. -
A list of the protected features that the application requires; for best security, ensure that this list contains the minimal set of protected features needed by the application.
trustedAppConfigs
as provided by OpenFin
trustedAppConfigs
as provided by OpenFinThe trustedAppConfigs
is a top-level property of the application manifest.
The trustedAppConfigs
definition as provided by OpenFin has the following structure:
"trustedAppConfigs": {
"value": "BASE64-ENCODING-OF-CONFIGURATION",
"signature": {
"win": "BASE64-ENCODED-SIGNATURE-FOR-WINDOWS",
"mac": "BASE64-ENCODED-SIGNATURE-FOR-MACOS"
}
}
If you provided information for multiple applications, the configuration information for all of them is encoded in a single value
property.
Use the same trustedAppConfigs
definition in each of the application manifests.
Expiration
The signatures and the embedded certificate are created with a long lifetime. Three months prior to their expiration, OpenFin will generate
new ones and provide a new trustedAppConfigs
definition to you.
Note
You must update your application manifests with the new definition prior to expiration.
If you fail to do so, users of your applications might be shown the security permissions dialog box after the expiration date.
OpenFin also creates a new definition if you change the set of applications or the protected features that they use.
Configurations cannot be modified; they must be replaced with a new definition.
Process to request trusted application status
-
A representative of your organization fills out the Trusted Application Request Form.
-
OpenFin reviews and, if approved, provides the signed
trustedAppConfigs
definition.
Approval might involve negotiation of the match patterns and permissions granted. -
You add the provided definition to your application manifest.
Limitations
- Internet access is required to validate certificates; there is no option for fully offline mode.
Updated 2 months ago