Page History
...
- The JS7 - Identity Services offer provide local management of user accounts for authentication and authorization.
- The JOC Identity Service is a built-in service available from the JOC Cockpit
...
The JOC Cockpit provides the Manage Identity Services page for the configuration of Identity Services. This page is accessed from the user menu of an administrative account for the configuration of Identity Services:
Addition of an Identity Service
...
- The
Identity Service Name
is a unique identifier that can be freely chosen. - The
Identity Service Type
can be selected as available from the matrix shown above. - The
Ordering
specifies the sequence in which a login is performed with the available Identity Services. - The
Required
attribute specifies if login with an Identity Service is required to be successful, for example if a number of Identity Services are triggered on login with a user account. - The
Identity Service Authentication Scheme
allows to selectselection of:single-factor
authentication: a user account and password are specified for login with the Identity Service.two-factor
authentication: in addition to a user account and password, a Client Authentication Certificate is required, see JS7 - Certificate based Authentication
Password as single factor
: if the single-factorAuthentication Scheme
is selected then this switch specifies whether the user account and password can be used to login.Certificate as single factor
: if the single-factorAuthentication Scheme
is selected then this switch specifies whether use of a certificate certificate allows a login - without specifying specification of a user account and password - allows a login.
Authentication Scheme
The Authentication Scheme allows a number of options for authentication with the JOC Cockpit:
...
- Certificate based Authentication makes use of the Common Name that is available from the certificate's subject and maps to the user account which is managed with the JOC Cockpit. Certificates cannot be used for authentication if the user account indicated by the Common Name has not been added to the Identity Service.
- When used with two-factor authentication then the certificate's Common Name has to exactly match the user account specified during login and has to be available for the JOC Cockpit.
- When used with single-factor authentication then the certificate's Common Name has to exactly match a user account available with the JOC Cockpit.
- Certificates act as a replacement for user accounts and passwords. This can be useful for external scripts and for JS7 jobs that access the JS7 - REST Web Service API and which should not store passwords with their configuration. For example the JS7 - Monitoring interface is offered provided for external scripts, e.g. for System Monitors, to check availability of JS7 components on a regular basis. Such scripts can use a certificate that maps to a JOC Cockpit user account with limited permissions to request the health status of JS7 components.
...
Overview
Content Tools