Installation

Installation on Windows

Click on the 'Windows' download link on the Product Downloads page of the Customer Portal.

You will be provided with an installation package for Tasktop Integration Hub as a standard Windows MSI installer.  If prompted, click 'Save File,' and then open the file once it downloads.

You will then be lead through the installation wizard.  Follow the prompts to install Tasktop.

 Note: If you change the location of the ProgramData directory to an alternate location, do not include spaces in the name of the new directory.  If the directory has spaces in its name, Tasktop's UI will not be accessible.

To start Tasktop, click the 'Start' menu, and select 'Start Tasktop'.  This will start both Tasktop and User Management services.  To stop both services click on the 'Stop Tasktop' shortcut.

 The Tasktop application is available via HTTPS on port 8443. A default SSL certificate is provided for testing purposes, however this SSL certificate is insecure. Before use in a production environment, the provided SSL certificate must be replaced.   Please see details in the SSL Certificate Installation section below.

 Please make sure you follow the steps in the Getting Started section upon starting up Tasktop Integration Hub for the first time.

Installation on Linux

For Direct Customers

Click on the 'Linux' download link on the Product Downloads page of the Customer Portal.

You will be provided with an installation package for Tasktop Integration Hub as a .tar.gz archive.

To extract this archive to your desired location, copy the archive to the correct location on your Linux system ( You must choose a location with no spaces in its path) and use following command to extract:

$ tar -xzvf tasktop-linux-x64-<version>.tar.gz

To start Tasktop Integration Hub, run the start-tasktop.sh script from the installation directory (see note on permissions below). This will start both Tasktop and User Management services.  To stop both services, use the stop-tasktop.sh script in the same folder.

 Please make sure you follow the steps in the Getting Started  section upon starting up Tasktop Integration Hub for the first time.

For OEM Customers

You will be provided with an installation package for Tasktop Integration Hub with no file extension in the name. 

To execute the file, run these commands:

chmod +x tasktop-linux-x64-<version>

./tasktop-linux-x64-<version>

Once you approve the End User License Agreement that pops up, the file will automatically unzip, allowing you to run Tasktop Integration Hub.

To start Tasktop Integration Hub, run the start-tasktop.sh script from the installation directory (see note on permissions below). This will start both Tasktop and Keycloak User Management services.  To stop both services, use the stop-tasktop.sh script in the same folder.

 The Tasktop application is available via HTTPS on port 8443. A default SSL certificate is provided for testing purposes, however this SSL certificate is insecure. Before use in a production environment, the provided SSL certificate must be replaced.   Please see details in the SSL Certificate Installation section below.

 Please make sure you follow the steps in the Getting Started  section upon starting up Tasktop Integration Hub for the first time.

Note on Permissions

We recommend creating a dedicated user for running Tasktop Integration Hub. We do not recommend running Tasktop Integration Hub as root, because doing so may create files that cannot be accessed when running as any other user, and because running any application on a Linux system as root is generally a bad security practice.

For this reason, start-tasktop.sh will not start if it detects the current user is root.

If you wish to run Tasktop Integration Hub as root despite these risks, you can do so by deleting or commenting lines 3-7 of start-tasktop.sh, as shown below

#!/bin/sh
#if [ "`id -u`" -eq "0" ]
#then
#    echo "Tasktop should not be run as root"
#    exit 1
#fi
currentdir="$( cd "$(dirname "$0")" ; pwd -P )"
keycloak_running() {
  pgrep -n -f "${currentdir}"/keycloak/bin/standalone.sh
}

Tasktop Integration Hub Service on Linux

There are multiple ways to configure a Tasktop Service that starts automatically on system startup. It is recommended to use a dedicated account for running Tasktop Integration Hub. Here are examples for SysVinit and Systemd.

Tasktop Integration Hub Service with Systemd

1. Navigate to /etc/systemd/system
2. Create a new file named tasktop.service

3. Paste the following into that file 

   # Systemd unit file for tasktop
   [Unit]
   Description=Tasktop Integration Hub
   After=syslog.target network.target
    
   [Service]
   Type=forking
    
   ExecStart=/path/to/tasktop/start-tasktop.sh
   ExecStop=/path/to/tasktop/stop-tasktop.sh
    
   User=user
   Group=group
    
   [Install]
   WantedBy=multi-user.target

   
   

   a. Be sure to change both instances of '/path/to/tasktop' to the full path to your Tasktop Integration Hub installation directory
   b. Be sure to change the User and Group variables to the username and group of the account you want to run the Tasktop Integration Hub service
   
   

4. Reload Systemd 

   $ systemctl daemon-reload

5. Enable the new Tasktop Integration Hub service to start on system startup 

   $ systemctl enable tasktop

To manually start and stop the Tasktop Integration Hub Service, use the following commands: 

$ systemctl start tasktop
$ systemctl stop tasktop

Tasktop Integration Hub Service with SysVinit

1. Navigate to /etc/init.d
2. Create a new file named tasktop

3. Paste the following into that file: 

   #!/bin/bash
   # description: Tasktop Start Stop Restart
   # processname: tasktop
   # chkconfig: 2345 20 80
   TASKTOP_HOME=/path/to/tasktop
   case $1 in
   start)
   sh $TASKTOP_HOME/start-tasktop.sh
   ;;
   stop)
   sh $TASKTOP_HOME/stop-tasktop.sh
   ;;
   restart)
   sh $TASKTOP_HOME/stop-tasktop.sh
   sh $TASKTOP_HOME/start-tasktop.sh
   ;;
   esac
   exit 0

   
   

   a. Be sure to change the TASKTOP_HOME variable to the full path to your Tasktop Integration Hub installation directory
   b. You may also wish to change the chkconfig run levels and start and stop priorities

4. Set the permissions of Tasktop to make it executable 

   $ chmod 755 tasktop

5. Use the chkconfig utility to make Tasktop Integration Hub start at system startup (you may wish to change the run levels in this command) 

   $ chkconfig --add tasktop
   $ chkconfig --level 2345 tasktop on

To manually start and stop the Tasktop Integration Hub Service, use the following commands: 

$ service tasktop start
$ service tasktop stop
$ service tasktop restart

SSL Certificate Installation 

 The Tasktop application is available via HTTPS on port 8443. A default SSL certificate is provided for testing purposes and should be replaced after installation.

Replacing the default SSL certificate used by Tasktop Integration Hub involves the following:

• Prepare a Java keystore file with all the keys and certificates

 The Tasktop and Keycloak SSL configuration require a JKS format keystore. If your corporate CA provides a JKS keystore file for you, skip ahead to the “Configure Tasktop to use the keystore” section and follow those steps using the JKS keystore file from your CA. If your CA instead requires you to provide a CSR and returns a certificate response to you, use the following steps to generate your own keystore file and CSR:

• Create a Java keystore file and generate a new key pair.

• Generate a certificate request file.

• Submit the file to a Certificate Authority (CA) and obtain the certificate and CA certificate trust chain.

• Import the certificates to the keystore file.

• Configure Tasktop to use the keystore (i.e., new key and certificate).

The SSL certificate should contain DNS names that the Tasktop server is accessible at.  The user's browser will verify that the name in the address bar matches one of the names in the certificate. Certificate Authority may be your internal corporate service, or you may use a public CA, such as Comodo or Let’s Encrypt. If you are planning to use a certificate from a public CA, your Tasktop instance must have a publicly recognizable DNS name that is owned by your organization.

Your Certificate Authority will have more detailed instructions on creating and importing certificates. SSL-related instructions on this page are provided as a reference only. These instructions are based on the use of a GUI tool Portecle, which can be downloaded from: http://portecle.sourceforge.net/. Tasktop does not provide support for this third party tool beyond the instructions below. You can create the Java keystore file on any machine and move the file to the server running Tasktop software; there is no need to install Portecle on the server running Tasktop.

If you cannot use Portecle and need to utilize standard Java command line utility keytool, please refer to Tomcat documentation here: https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html. When following the documentation, use JRE installed together with Tasktop software in the Tasktop installation directory (default C:\Program Files\Tasktop). Tasktop’s server.xml file is located in Tasktop data directory (default: C:\ProgramData\Tasktop, or the location where Tasktop is installed on Linux) under container/conf/server.xml

Prepare a Java keystore file with all the keys and certificates 

To replace Tasktop’s default SSL certificate using Portecle, follow the instructions below.  Details on accessing Portecle can be found in the section above.

1. Create a new key pair and a keystore:

1. Start Portecle and click New Keystore button in the toolbar. Select JKS as the keystore type:
   

2. Click Generate Key Pair in the toolbar. Leave the default settings for 2048 bit RSA key, or pick different settings if required by your company’s security policy:
   

3. In the Generate Certificate Dialog, enter the Fully Qualified Domain Name (FQDN) of your Tasktop server in the Common Name (CN) field and fill in the other fields as appropriate. In the Subject Alternative DNS Name field, fill in the alternative domain name of the server if one exists. Your certificate should include all DNS names that your users might use to connect to Tasktop. For internal corporate CA you can also use “short” names (i.e., tasktop, in addition to tasktop.acme.corp). In CA lingo, these additional DNS names are called Subject Alternative Names, or SAN. You can specify one SAN at this point, and can usually add more names later when submitting your request to the CA:
   

4. Enter “tomcat” as alias:
   

5. Create a new password for the key pair (you will need it later when configuring Tomcat):
   

6. You should see your newly created key pair in the list:
   

7. Click Save Keystore in the toolbar to save the newly created keystore file, use the same password that you entered for the key pair earlier:
   

2. To generate certificate request file, also known as Certificate Signing Request or CSR, right click on the “tasktop” key, select Generate Certification Request and save it to a file:
   

3. Submit your CSR to a CA to obtain a Certificate. For some CAs you will need to provide the list of all DNS names for your Tasktop server separately as they will ignore the SAN values in the certificate request. See your CA's documentation for detailed instructions.

4. Import the certificates to the keystore file.

1. If your CA provided a separate file with the CA certificate or trust chain, import it by selecting 'Import Trusted Certificate' in the toolbar. If your CA provided only one file in response to your CSR, skip to 4b.

2. Import the server certificate - right click on the “tasktop” key, select Import CA Reply and select the server certificate file received from the CA:
   

3. You can verify the certificate chain by selecting menu Tools -> Keystore Report.

Configure Tasktop to use the keystore 

1. Place your keystore file in a protected location that will not be wiped on Tasktop upgrade. We suggest using Tasktop data directory (default C:\ProgramData\Tasktop, or the home directory of the user that Tasktop service is running as on Linux).
2. In the Tasktop data directory (default: C:\ProgramData\Tasktop, or the location where Tasktop is installed on Linux), open container/conf/server.xml
   1. Find the SSL HTTP connector configuration(the <Connector> element with protocol="org.apache.coyote.http11.Http11NioProtocol")
   2. Change the  keystoreFile attribute to have the full filesystem path of the new keystore file
   3. Change the keystorePass attribute to the password you entered when generating the new keystore file
3. Restart Tasktop Integration Hub Service

By default the SSL configuration has been configured to disable known weak ciphers. As new security information becomes available, the list of enabled ciphers should be updated accordingly.

Configure Keycloak User Management to use and trust Tasktop's keystore

There is a section in Keycloak's standalone.xml file (e.g., /keycloak/standalone/configuration/standalone.xml in the Tasktop workspace) that configures its outgoing HTTPS connections to trust the same keystore that Tomcat is using, so that Keycloak can communicate with Tomcat and therefore notify it when users log out of Tasktop. It must be updated to match any changes in the keystore's name, location, or password:

<spi name="truststore"> 
        <provider name="file" enabled="true"> 
          <properties> 
            <property name="file" value="${jboss.home.dir}/../../insecureKeystore"/>
            <property name="password" value="changeit"/> 
            <property name="hostname-verification-policy" value="ANY"/> 
            <property name="disabled" value="false"/> 
          </properties> 
        </provider> 
      </spi> 

Port Configuration

By default, Tasktop utilizes the ports listed in the table below.

If any of those ports are already being utilized for other purposes, you will need to change them. To view a list of all ports being used on your system, you can use the netstat-a command.  This will help you determine which available ports you would like to use for Tasktop.

Here is a summary of each port Tasktop utilizes and the location where you can change it if it is already being used:

Tasktop Integration Hub 

The default port Tasktop uses is 8443 for HTTPS and 8080 for HTTP which redirects to HTTPS. You may wish to change these ports to ease access for your users, or to accommodate a proxy. To change these ports, follow these instructions:

1. In the Tasktop workspace (default: C:\ProgramData\Tasktop), open container/conf/server.xml  
   1. Note: You may need to right click and select 'Edit with Notepad,' or some other similar option in order to edit the file.
      

2. To change the HTTP port:

   1. Find the HTTP connector configuration (the <Connector> element with protocol="HTTP/1.1").

   2. Change the port attribute to the port you wish to use (e.g. to use port 8888: <Connector port="8888" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />).
      
   3. Save the file.
   4. After changing the port, you will need go into the User Administration Console and adjust the client to the new port (e.g., https://localhost:8443).
3. To change the HTTPS port
   1. Find the HTTP connector configuration (the <Connector> element with protocol="HTTP/1.1").
   2. Change the redirectPort attribute to the port you wish to use (e.g. to use port 9443: <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="9443" />).
   3. Find the SSL HTTP connector configuration(the <Connector> element with protocol=protocol="org.apache.coyote.http11.Http11NioProtocol").
   4. Change the port attribute to the port you wish to use (e.g. to use port 9443: <Connector port="9443" protocol="org.apache.coyote.http11.Http11NioProtocol" ... />).
   5. After changing the port, you will need go into the User Administration Console and adjust the client to the new port (e.g., https://localhost:8443). 

If you change the port, the address used to access Tasktop (i.e., http://localhost:8080) will need to be updated with the new port number in place of '8080.'

Please refer to the official documentation for additional configuration options: http://tomcat.apache.org/tomcat-8.5-doc/config/http.html

User Management 

The default port for User Management is 8081.  However, users can change the port that User Management (Keycloak) utilizes by following the instructions here.  If your User Management (Keycloak) utilizes a port other than 8081, you can instruct Tasktop to access User Management (Keycloak) via the correct port by following the instructions below.

Note: If you change the default jboss management-http port setting in the /keycloak/standalone/configuration/standalone.xml to something other than 9990, you must also update the port referenced in /keycloak/bin/jboss-cli.xml.

Windows

1. Go to Manage Tasktop>Java>Java Options
2. You will see the Keycloak port listed here.  If desired, edit the port number to change the default port.

Linux

1. Open Tasktop/container/bin/setenv.sh.
2. You will see the Keycloak port listed here.  If desired, edit the port number to change the default port.
   

Getting Started 

Once installation is complete, you can begin using Tasktop Integration Hub by opening https://localhost:8443 in any of our supported browsers.  

Before logging on to Tasktop, you must log into the User Administration Console in order to create your admin user(s).  The Tasktop User Administration Console can be accessed via the 'User Administration Console' link, at the bottom of the Tasktop Integration Hub sign-in page.  Please review the User Management section for detailed instructions on how to create a user, log in, and manage your user accounts.

Once logged in, you will be prompted to set a Master Password, which will be used to encrypt your repository credentials.

You will also need to apply your license before configuring your integrations.  You can learn how to apply your license here.