Page History
...
- By default mutual authentication is in place.
- JOC Cockpit is challenged by the Controller to present its Client Authentication certificate that is verified by the Controller.
- In addition the distinguished name of the JOC Cockpit Client Authentication certificate is checked and a password is used to identify the JOC Cockpit instance.
- Consider that any number of clustered JOC Cockpit instances can connect to a Controller.
- If a Controller cluster is used then connections from the partnering Controller instance are authenticated by the distinguished name of the instance's Client Authentication certificate.
- JOC Cockpit is challenged by the Controller to present its Client Authentication certificate that is verified by the Controller.
The
JS7_CONTROLLER_CONFIG_DIR
/private/private.conf
configuration file should include authentication details like this:Code Block title Example for private.conf file specifying JOC Cockpit authentication js7 { auth { users { # History account (used for release events) History { distinguished-names=[ "DNQ=SOS CA, CN=apmacwin_joc_client, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE" ] password="sha512:B793649879D61613FD3F711B68F7FF3DB19F2FE2D2C136E8523ABC87612219D5AECB4A09035AD88D544E227400A0A56F02BC990CF0D4CB348F8413DE00BCBF08" } # JOC account (needs UpdateItem permission for deployment) JOC { distinguished-names=[ "DNQ=SOS CA, CN=apmacwin_joc_client, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE" ] password="sha512:3662FD6BF84C6B8385FC15F66A137AB75C755147A81CC7AE64092BFE8A18723A7C049D459AB35C059B78FD6028BB61DCFC55801AE3894D2B52401643F17A07FE" permissions=[ UpdateItem ] } # Controller ID for connections by primary/secondary controller instance jobscheduler { distinguished-names=[ "DNQ=SOS CA, CN=apmacwin_secondary_client, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE" ] } } } }
Explanation:- The
History
andJOC
user accounts are used by the JS7 - History Service and by the JS7 - REST Web Service API.- The
distinguished-names
property offers to add a number of distinguished names as available from the subject of Client Authentication certificates that are used by JOC Cockpit instances when connecting to the Controller.- Except for whitespace between attributes the precise sequence and values as available from the certificate's subject has to match this property value.
- The
password
is used for authentication of theHistory
andJOC
service accounts with the Controller. Both accounts typically are running in the same JOC Cockpit instance.- If HTTP connections are used then the password is the only means for authentication. If HTTPS connections with mutual authentication are used then the password is not relevant as certificate based authentication is in place.
- The symmetric password is specified with the section joc of the Settings page of JOC Cockpit and in the
private.conf
file.- User Input to the Settings page of JOC Cockpit can look like this:
Input to the GUI simply accepts the password and does not require to use the prefixessha512:
orplain:.
- User Input to the Settings page of JOC Cockpit can look like this:
- In the
private.conf
file a A hashed value or a plain text value can be used specified like this:password="sha512:B793649879D6..."
password="plain:JS7-History"
- If the password is modified in the
private.conf
file then it has to be modified in the JOC Cockpit settings too to make the passwords match. - The password setting cannot be omitted, however, an empty password can be specified, for example with mutual authentication HTTPS connections, like this:
password="plain:"
- By From the
private.conf
file that ships by default the clear plain text for value and the hashed value isvalues are:- History:
- Plain Text:
JS7-History
- Hash:
sha512:B793649879D61613FD3F711B68F7FF3DB19F2FE2D2C136E8523ABC87612219D5AECB4A09035AD88D544E227400A0A56F02BC990CF0D4CB348F8413DE00BCBF08
- Plain Text:
- JOC:
- Plain Text:
JS7-JOC
- Hash:
sha512:3662FD6BF84C6B8385FC15F66A137AB75C755147A81CC7AE64092BFE8A18723A7C049D459AB35C059B78FD6028BB61DCFC55801AE3894D2B52401643F17A07FE
- Plain Text:
- History:
- The
- The
jobscheduler
user account is an example for a Controller ID as that is used by a partnering Controller instance.- This setting is not required if a standalone Controller is used.
- For a Controller cluster the Controller ID is specified during installation.
- The
...
Overview
Content Tools