Page History
...
To add an Identity Service use the button Add Identity Service from the above list of Identity Services:
Explanation:
- The
Identity Service Name
is a unique identifier that can be freely chosen. - The
Identity Service Type
can be selected as available from the above matrix. - The
Ordering
specifies the sequence in which a login is performed with available Identity Services. - The
Required
attribute specifies if login with the respective Identity Service is required to be successful, for example if a number of Identity Services are triggered on login of a user account. - The
Identity Service Authentication Scheme
allows to selectsingle-factor
authentication: user account and password are specified for login with the Identity Service.two-factor
authentication: in addition to user account and password a Client Authentication Certificate is required, see JS7 - Certificate based Authentication
Vault Identity Service Settings
...
Vault URL
: the base URL for which the Vault REST API is available.Vault Authentication Method Path
: the path specifies the Vault Authentication Method to be used, see chapter Authentication Methods.Vault Truststore Path
: Should the Vault Server be configured for HTTPS connections then the indicated truststore has to include an X.509 certificate specified for the extended key usage of Server Authentication.- The truststore can include a self-signed certificate or a CA-signed certificate. Typically the Root CA certificate is used as otherwise the complete certificate chain involved in signing the Server Authentication certificate has to be available with the truststore.
- If the Vault Server is operated for HTTPS connections and this setting is not specified then JOC Cockpit will use the truststore that is configured with the
JETTY_BASE/resources/joc/joc.properties
configuration file.
Vault Truststore Password
: Should the Vault Server be configured for HTTPS connections and the indicated truststore be protected by a password then the password has to be specified.Vault Truststore Type
: Should the Vault Server be configured for HTTPS connections then the type of the indicated truststore has to be specified being eitherPKCS12
orJKS
.Vault Application Token
: The application token setting is available only if theVAULT-JOC-ACTIVE
service type Identity Service Type is used.- JOC Cockpit requires this token in order to manage users with Vault, the token has to be created with Vault, see above chapter Application Role. This token allows JOC Cockpit to access the Vault REST API to manage user accounts.
- This token is not used for login of users.
...
Overview
Content Tools