Page History
...
Vault URL
: the base URL for which the Vault REST API is available.Vault Authentication Method Path
: the path specifies the Vault Authentication Method to be used, see chapter Authentication Methods.Vault Truststore Path
: Should the Vault Server be configured for HTTPS connections then the indicated truststore has to include an X.509 certificate specified for the extended key usage of Server Authentication.- The truststore can include a self-signed certificate or a CA-signed certificate. Typically the Root CA certificate is used as otherwise the complete certificate chain involved in signing the Server Authentication certificate has to be available with the truststore.
- If the Vault Server is operated for HTTPS connections and this setting is not specified then JOC Cockpit will use the truststore that is configured with the
JETTY_BASE/resources/joc/joc.properties
configuration file. This includes use of settings for the truststore password and truststore type. This includes use of settings for the truststore password and truststore type. - The path to the truststore is specified relative to the
JETTY_BASE/resources/joc
directory. If the truststore is located in this directory then specify the file name only, typically with a .p12 extension. Other relative locations can be specified using e.g.../../joc-truststore.p12
if the truststore is located in theJETTY_BASE
directory. No absolute path can be specified and no path can be specified that lies before theJETTY_BASE
directory in the file system hierarchy.
Vault Truststore Password
: Should the Vault Server be configured for HTTPS connections and the indicated truststore be protected by a password then the password has to be specified.Vault Truststore Type
: Should the Vault Server be configured for HTTPS connections then the type of the indicated truststore has to be specified being eitherPKCS12
orJKS
(deprecated).Vault Application Token
: The application token setting is available only if theVAULT-JOC-ACTIVE
Identity Service Type is used.- JOC Cockpit requires this token in order to manage users with Vault, the token has to be created with Vault, see above chapter Application Role. This token allows JOC Cockpit to access the Vault REST API to manage user accounts.
- This token is not used for login of users.
Logging
- Log Files
- Standard Log Files
- Identity Services log output to the
JETTY_BASE/logs/joc.log
file. This includes to report success or failure of authentication. - Successful and failed authentication attempts including user accounts involved are logged to the
JETTY_BASE/logs/audit.log
file.
- Identity Services log output to the
- Debug Log Files
- For problem analysis during setup of an Identity Service increase the log level as explained with JS7 - Log Levels and Debug Options.
- The
JETTY_BASE/logs/joc-debug.log
file includes general debug output of JOC Cockpit. - The
JETTY_BASE/logs/authentication-debug.log
file includes debug output related to authentication and authorization. - The
JETTY_BASE/logs/jetty.log
file includes debug output of attempts to establish SSL connections.
Overview
Content Tools