Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 14

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 15

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Authentication subsections added

...

  • The JOC Cockpit accepts the user name and password from the login screen and:
    • either tries to verify the credentials from its local configuration file,
    • tries to login to the Active Directory service with the given credentials,
    • or checks the credentials in a Shiro compliant database.
  • The credentials are subsequently used for HTTP Authentication with each HTTP request that is created by the JOC Cockpit to the JobScheduler Web Services.
    • Browsers may cache credentials during a session, i.e. they are re-used for single sign-on when opening the JOC Cockpit in a new browser tab. The credentials cache is cleared on termination of the browser.
    • This behavior might vary depending on the browser and version.
  • Authentication is configured in an shiro.ini file described in detail in the Authentication and Authorization Configuration article.
  • Intended for development and use where security is of relatively low importance.
    • User passwords are saved in plain text in an unencrypted .ini file.
  • Intended for use in production environments where LDAP is already in use.
    • The JOC Cockpit configuration file contains information specifying the LDAP service.
  • Intended for use in production environments... article
    • The JOC Cockpit configuration file contains information specifying the database authentication service.
    • Authentication information is entered manually in the database.

Authorization

  • After successful authentication the JOC Cockpit will check the assignment of roles to the given user:
    • either by using a configurable LDAP query that checks membership of the user with a number of Active Directory groups. An LDAP query is configured for each role and in case of a positive match for group membership the user is assigned the relevant role.
    • or by using its local configuration file that includes a assignment of users and roles.
  • The assignment of permissions to roles is configured with the local shiro.ini configuration file.
    • By default the JOC Cockpit ships with a number of predefined roles and assigned permission, see the Matrix of Roles and Permissions below.
    • Users can:
      • add additional roles of their own,
      • change the permissions assigned to roles.
  • Authorization is configured in an .ini file described in detail in the .... article.

...