Page History
...
Code Block | ||||
---|---|---|---|---|
| ||||
js7 { auth { ... } configuration { ... } job { ... } web { ... } api-server { # API Server URL url = [ "https://joc-2-0-primary:4443" ] # Option 1: use of a Credential Store cs-file=${js7.config-directory}"/private/secret.kdbx" cs-key=${js7.config-directory}"/private/secret.key" cs-password="secret" # Option 1: use of references to credentials account="cs://myAccounts/joc@username" password="cs://myAccounts/joc@password" # Option 2: Use of account and password # account="root" # password="root" } } |
...
Certificate Based Authentication
For JS7 - Certificate based Authentication configured is configured with the ./config/private/private.conf
file:
- the The
url
configuration item is required that specifies the URL of the JS7 REST Web Service API. Typically this corresponds to the JOC Cockpit URL.- Users can set up a number of JOC Cockpit instances that are clustered for automated fail-over.
- Users can set up a load balancer that routes requests to a number of available JOC Cockpit instances.
- For use with the CheckHistoryJob template both active and standby JOC Cockpit instances can be used.
- the The Client Authentication Certificate has to be available from the keystore file indicated with the
js7.web.https.keystore
orjs7.web.https.client_keystore
settings.- This includes that JOC Cockpit is configured to use a truststore that holds the Root CA Certificate and Intermediate CA Certificate that was used to sign the Agent's Client Authentication Certificate.
- For details see JS7 - JOC Cockpit HTTPS Connections.
User Account / Password Authentication
For user User account/password authentication configured authentication is configured with the ./config/private/private.conf
file:
- the The
url
configuration item is required as explained above. - the The user
account
andpassword
can be specified from the following options:- Option 1: Use of a JS7 - Credential Store
- with the following settings:
cs-file:
Specifies the path to a KeePass database file (required).cs-key
: Specifies the path to a KeePass key file (optional).cs-password
: Specifies the password for the KeePass database file (optional).account
: Specifies the path to the entry in the KeePass database that holds the account name (required).password
: Specifies the path to the entry in the KeePass database that holds the password (required).
- that suggest to preferably use a KeePass key file (
cs-key
) to protect the KeePass database. Basically it is pointless to protect a Credential Store by use of a password (cs-password
) that is similarly visible as putting the key under the mat. Use of a key file allows to apply OS ownership and file permissions to protect to the key file from visibility by 3rd parties.
- with the following settings:
- Option 2: Use of user account and password
- with the following settings:
account
: Specifies the account name (required).password
: Specifies the plain text password (required).
- that include both settings to be visible from the configuration file.
- with the following settings:
- Option 1: Use of a JS7 - Credential Store
...
Overview
Content Tools