Better Hub Access Guide

Introduction

This guide provides step-by-step instructions for logging into Artifactory using SAML authentication and generating an Access Token to access artifacts in the Registry that you have permission to access.

Logging into Artifactory via SAML

Navigate to Artifactory

Using a web browser navigate to your Artifactory URL: https://hub.better.care/

Signing In

Locate and click the »SAML SSO« button below the Login button.

artifactory 1

You will be redirected to Better’s Identity Provider (Entra ID) and prompted for login information. To login, use your domain account (ending with @better.care).

artifactory 2

Once logged in, you will be prompted for Multi-Factor Authentication via the Authenticator app.

If you’re not prompted for the Multi-Factor Step, you might have to set it up first. Please review the instructions or contact your administrator.

artifactory 3

Verifying successfult login

After confirming the multi-factor authentication step, you should be redirected to the Artifactory home page which should look similar to the picture below.

artifactory 4

Creating Access Token

Explanation of Access Tokens

Because users authenticated through an external source are not kept locally in Artifactory it’s not possible to use your username and password to log in to artifactory via CLI tools such as docker, mvn, npm. …​

For this purpose Access Tokens are used, replacing the user’s password. These tokens work similarly to how Personal Access Tokens (PAT) work in many other enterprise solutions such as GitHub, GitLab, Harbor, etc..

Therefore, you can authenticate with a combination of username and access token.

Accessing user profile

Access tokens are tied to the user profile. To create an access token, first navigate to you user profile.

  1. Click on the circle in top right corner representing your user

  2. Click on »Edit Profle«

artifactory 5

Configuring Access Token

To create the access token:

  1. Click on »Generate an Identity Token« on the top

  2. Enter the token description – for exampel what you’ll use the token for.

  3. Click »Next« to generate the token

artifactory 6

Validating the token

After completing step 3.3 you should see your token.

NOTICE: The token is displayed only once at the time of generation. Make sure to save the token in a secure place. If you have not saved the token, repeat the step 3.3.

artifactory 7

Deleting the token

To delete an existing token navigate to User profile and find the token you wish to delete.

Then

  1. Click the revoke ( X ) button on the right of the token

  2. Confirm token revocation

artifactory 8

Using Access Token

Maven Repository Access

Modify your settings.xml to include the additional repositories hosted on Artifactory.

<servers>
    <server>
        <id>ARTIIFACTORY_MVN_REPO</id>
        <username>YOUR_USERNAME</username>
        <password>YOUR_ACCESS_TOKEN</password>
    </server>
</servers>

NPM Repository Access

To log in to the NPM repository, you must first encode your token using Base64. This can be done directly through the Better hub by making an HTTPS request from your terminal using the curl command or a command-line tool of your choice.

curl -u USERNAME:ACCESS_TOKEN https://hub.better.care/artifactory/api/npm/auth

Expected Output:
_auth = <ENCODED_TOKEN>
always-auth = true

Once you obtain the encoded token, you need to set it in your npm configuration (.npmrc). To do so, execute the following commands:

npm config set '//hub.better.care/:_auth' <ENCODED_TOKEN>
npm config set '@better:registry' https://hub.better.care/npm/

Note: Replace <ENCODED_TOKEN> with the Base64-encoded token you obtained.

Container Repository Access

To use Artifactory Container Registry you need to log in via docker using:

docker login -u YOUR_USERNAME -p YOUR_ACCESS_TOKEN hub.better.care/oci

Legal Notice

The information provided herein is »AS IS«. The information contained in this document is subject to change without notice. Better, d.o.o. (hereinafter: Better) gives no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Better shall not be liable for any errors contained herein, or for incidental or consequential damages in connection with the furnishing, performance or use of this material.

Better - Reproduction, adaptation or translation without a prior written permission is prohibited, except as allowed under the copyright laws.