...

The JS7 - Security Architecture includes use of of JS7 - Identity Services for authentication and authorization for JS7 - Authentication and JS7 - Authorization.

• Identity Services implement authentication methods and access to Identity Providers, for example credentials such as user account/password are used as an authentication method to access an LDAP Directory Service as the Identity Provider.
• The JS7 supports a number of Identity Services:
  • Build-in Identity Services

    • Display feature availability
      StartingFromRelease 2.3.0

       
      • JS7 - JOC Identity Service
      Local User Management with JOC Cockpit
      • , see 

        Jira
        server SOS JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 6dc67751-9d67-34cd-985b-194a8cdc9602 key JOC-1148

      • JS7 - LDAP
      Directory
      • Identity Service
      Access
      • , see 

        Jira
        server SOS JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 6dc67751-9d67-34cd-985b-194a8cdc9602 key JOC-1147

  • External Identity Services

    • Display feature availability
      StartingFromRelease 2.3.0

      • JS7 - HashiCorp® Vault Identity Service, see 

        Jira
        server SOS JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 6dc67751-9d67-34cd-985b-194a8cdc9602 key JOC-1146

    • Display feature availability
      StartingFromRelease 2.4.0

      • Keycloak®, see 

        Jira
        server SOS JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 6dc67751-9d67-34cd-985b-194a8cdc9602 key JOC-1193

Identity and Access Management

...

• Built-in Identity Services ship with JOC Cockpit and can be used out-of-the-box.
• The The JS7 - JOC Identity Service for Local User Management local user management does not include elaborated features such as password recovery, password complexity constraints, password rotation etc. and is not intended for such purposes. Instead, this Identity Service is a starting point for users who operate JS7 for testing purposes. Such features typically are available from an the JS7 - LDAP Directory Identity Service and optionally from external Identity Services.

...

Permissions and roles are managed with JOC Cockpit. User accounts and role assignments can be managed with JOC Cockpit or with external Identity Services:, see JS7 - Management of User Accounts, Roles and Permissions.

Use of Identity Services

A number of Identity Services can be used at the same time:

• Required Identity Services: user login is performed with all required Identity Services. No optional Identity Services are considered.
• Optional Identity Services: with the first successful login to an Identity Service the user is considered being logged in and no further Identity Service is consulted.

...

Certificates can be used for mutual authentication:, see JS7 - Certificate based Authentication.

• The client (Browser Client, REST API Client) challenges the JOC Cockpit server to present its server authentication certificate that will be Server Authentication Certificate that is verified by the client.
• The JOC Cockpit server challenges the client to present its client authentication certificate Client Authentication Certificate that is verified by JOC Cockpit.

...

• to enforce two-factor authentication with clients having to provide a certificate and a certificate and a password,
• to allow single-factor authentication using a certificate instead of a certificate instead of  user account/password.
  
  

Further Resources

...