Page History
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
js7 {
auth {
# User accounts for HTTPS connections
users {
# Controller accountID for connections by primary/secondary controller instance
Controller {
distinguished-names=[
"DNQ=SOS CA, CN=controller-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE"
]
}
# History account (used to release events)
History {
distinguished-names=[
"DNQ=SOS CA, CN=joc-2-0-primary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE",
"DNQ=SOS CA, CN=joc-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE"
]
password="sha512:B793649879D61613FD3F711B68F7FF3DB19F2FE2D2C136E8523ABC87612219D5AECB4A09035AD88D544E227400A0A56F02BC990CF0D4CB348F8413DE00BCBF08"
}
# JOC account (requires UpdateRepo permission for deployment)
JOC {
distinguished-names=[
"DNQ=SOS CA, CN=joc-2-0-primary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE",
"DNQ=SOS CA, CN=joc-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE"
]
password="sha512:3662FD6BF84C6B8385FC15F66A137AB75C755147A81CC7AE64092BFE8A18723A7C049D459AB35C059B78FD6028BB61DCFC55801AE3894D2B52401643F17A07FE"
permissions=[
UpdateItem
]
}
}
}
configuration {
# directory for trusted public keys and certificates used with signatures
trusted-signature-keys {
PGP=${js7.config-directory}"/private/trusted-pgp-keys"
X509=${js7.config-directory}"/private/trusted-x509-keys"
}
}
journal {
# allow History account to release unused journals
users-allowed-to-release-events=[
History
]
}
web {
# keystore and truststore location for https connections
https {
keystore {
# Default: ${js7.config-directory}"/private/https-keystore.p12"
file=${js7.config-directory}"/private/https-keystore.p12"
key-password=jobscheduler
store-password=jobscheduler
}
truststores=[
{
# Default: ${js7.config-directory}"/private/https-truststore.p12"
file=${js7.config-directory}"/private/https-truststore.p12"
store-password=jobscheduler
}
]
}
}
} |
...
- The configuration file is located with the
sos-berlin.com/js7/controller/config/privatefolder. - Consider that the above configuration has to be deployed to both Controller instances should a Controller Cluster be used.
- Find below explanations about configuration items from the above example relevant to Server Authentication with passwordsmutual authentication.
Authentication with pairing Controller instances and JOC Cockpit instances
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
js7 {
auth {
# User accounts for HTTPS connections
users {
# Controller accountID for connections by primary/secondary controller instance
Controller {
distinguished-names=[
"DNQ=SOS CA, CN=controller-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE"
]
}
}
}
} |
...
- This setting applies if a Controller Cluster is used. In this situation a Primary Controller requires the above setting to allow access from a Secondary Controller and vice versa.
- Consider that the element name
Controlleris an example that has to be replaced by the Controller ID that is specified with the same value during installation of both Controller instances in a cluster. - This setting specifies the
distinguished-namesindicated with the partner Controllers' Client Authentication certificate. The distinguished name is given with the subject attribute of a Client Authentication certificate. The distinguished name is considered a replacement for a password.- A Primary Controller configuration specifies the distinguished name of the Secondary Controller's Client Authentication certificate.
- A Secondary Controller configuration specifies the distinguished name of the Primary Controller's Client Authentication certificate.
- Consider that the common name (CN) attribute of the distinguished name has to match the fully qualified domain name (FQDN) of the partner Controller's host.
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
js7 {
auth {
# User accounts for https connections
users {
# Controller accountID for connections by primary/secondary Controller instance
Controller {
distinguished-names=[
"DNQ=SOS CA, CN=controller-2-0-primary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE",
"DNQ=SOS CA, CN=controller-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE"
]
}
}
}
configuration {
# Locations of certificates and public keys used for signature verification
trusted-signature-keys {
PGP=${js7.config-directory}"/private/trusted-pgp-keys"
X509=${js7.config-directory}"/private/trusted-x509-keys"
}
}
job {
# Enable script execution from signed workflows
execution {
signed-script-injection-allowed = yes
}
}
web {
# API Server URL
api-server { url = "https://joc-2-0-secondary:4443" }
# Locations of keystore and truststore files for HTTPS connections
https {
keystore {
# Default: ${js7.config-directory}"/private/https-keystore.p12"
file=${js7.config-directory}"/private/https-keystore.p12"
key-password=jobscheduler
store-password=jobscheduler
}
truststores=[
{
# Default: ${js7.config-directory}"/private/https-truststore.p12"
file=${js7.config-directory}"/private/https-truststore.p12"
store-password=jobscheduler
}
]
}
}
} |
...
- The configuration file is located with the
sos-berlin.com/js7/agent/config_<port>/privatefolder. - Consider that the element name
Controlleris an example that has to be replaced by the Controller ID that is specified with the same value during installation of both Controller instances in a cluster. - Consider that the above configuration has to be deployed to any Agent instances.
- Find below explanations about above configuration items relevant to Server Authentication with passwordsmutual authentication.
Client Authentication
Controller Connections
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
js7 {
auth {
# User accounts for https connections
users {
# Controller accountID for connections by primary/secondary Controller instance
Controller {
distinguished-names=[
"DNQ=SOS CA, CN=controller-2-0-primary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE",
"DNQ=SOS CA, CN=controller-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE"
]
}
}
}
} |
...
Overview
Content Tools