JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 4

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

JOC Cockpit offers the Manage Identity Services view page from the user menu of an administrative account for configuration of Identity Services:

...

To add an Identity Service use the button Add Identity Service from the above list of page that lists available Identity Services:


The remaining input fields for the popup window look like this:

...

  • Two-factor authentication forces a user to provide both the user account/password and a certificate. As certificates are stored in the user's local certificate store they represent a factor that limits access to specific client devices equipped with a certificate store holding the given certificate. The user account/password is considered a factor that is in a user's mind.
  • Single-factor authentication gives a choice to use one of user account/password or certificate authentication methods.

Certificate based Authentication

  • Certificate based Authentication makes use of the Common Name that is available from the certificate's subject and that maps to the user account that is managed with JOC Cockpit. Certificates cannot be used for authentication if the user account indicated by the Common Name has not been added to the Identity Service.
    • When used with two-factor authentication then the certificate's Common Name has to exactly match the user account specified during login that and has to be available with JOC Cockpit.
    • When used with single-factor authentication then the certificate's Common Name has to exactly match a user account available with JOC Cockpit.
  • Certificates act as a replacement for user accounts and passwords. This can be useful for external scripts and for JS7 jobs that access the JS7 - REST Web Service API and that should not store passwords with their configuration. For example the JS7 - Monitoring interface is offered for external scripts, e.g. for System Monitors, to check availability of JS7 components on a regular basis. Such scripts can use a certificate that maps to a JOC Cockpit user account with limited permissions to request the health status of JS7 components only.

Identity Service Settings

...