Page History
...
A number of JITL job templates make use of the JS7 - REST Web Service API to retrieve information from the JOC Cockpit:
The following prerequisites apply to operation of such these JITL jobs:
- Network access from the Agent that executes the job to the JOC Cockpit instance,
- Availability of the Controller and of the JOC Cockpit,
- Authentication and authorization with the JOC Cockpit.
The job templates use a common mechanism for authentication with the JS7 - REST Web Service API:
- by use of a user account/password and/or
- by use of a certificate, for details see JS7 - Authentication.
...
- The
api-server
configuration section specifies authentication details for JITL job templates and can occur in any position be positioned anywhere directly within thejs7
configuration block. - Configuration items available from this configuration section are explained with in the following chapters.sections:
Certificate Based Authentication
...
- The
url
configuration item is required that specifies the URL of the JS7 REST Web Service API. Typically this corresponds to the JOC Cockpit URL.- Users can set up a number of JOC Cockpit instances that are clustered for automated fail-over.
- Users can set up a load balancer that routes requests to a number of available JOC Cockpit instances.
- For use with JITL job templates both active and standby JOC Cockpit instances can be used.
- No further configuration items are used.
- The Client Authentication Certificate has to be available from the keystore file indicated with by the
js7.web.https.keystore
orjs7.web.https.client-keystore
settings.- This includes requires that JOC Cockpit is configured to use a truststore that holds the Root CA Certificate and Intermediate CA Certificate that was used to sign the Agent's Client Authentication Certificate.
- For details see JS7 - JOC Cockpit HTTPS Connections.
...
- The
url
configuration item is required as explained above. - The
username
andpassword
can be specified from the following options:- Option 1: Use of a JS7 - Credential Store
- with the following settings:
cs-file:
Specifies the path to a KeePass database file (required).cs-key
: Specifies the path to a KeePass key file (optional).cs-password
: Specifies the password for the KeePass database file (optional).username
: Specifies the path to the entry in the KeePass database that holds the account name (required).password
: Specifies the path to the entry in the KeePass database that holds the password (required).
- that suggest to preferably the use of a KeePass key file (
cs-key
) to protect the KeePass database is preferrable. Basically Basically it is pointless to protect a Credential Store by use of a password (cs-password
) that is similarly visible as which has a visibility similar to putting the key under the mat. Use of a key file allows to apply OS ownership and file permissions to be applied to protect to the key file from visibility by being visible to 3rd parties.
- with the following settings:
- Option 2: Use of user account and password
- with the following settings:
username
: Specifies the account name (required).password
: Specifies the plain text password (required).
- this means that include both settings to will be visible from in the configuration file.
- with the following settings:
- Option 1: Use of a JS7 - Credential Store
Overview
Content Tools