Page History
Table of Contents |
---|
...
Introduction
- Authentication is required when accessing the JS7 - REST Web Service API and therefore when accessing the JOC Cockpit graphical user interface.when accessing the JS7 - Browser User Interface, i.e. the JOC Cockpit GUI.
- Authentication is performed by a set of JS7 - Identity Services that support the Authentication supports use of account/password and use of certificates.
- Single-factor authentication and two-factor authentication methods are supported.
Authentication Methods
The following authentication methods are supported:
- User Account/Password Authentication
- for use with the built-in account management of the JOC Cockpit, see the JS7 - JOC Identity Service article and further Identity Services.
- for use with any an LDAP based Directory Service such as e.g. , for example, Microsoft Active Directory®, see the JS7 - LDAP Identity Service article.
- Mutual Authentication with Certificates
- X.509 compliant certificates can be used by any client (Browser Client, REST API Client).
Certificate based Authentication
...
- The client (Browser Client, REST API Client) challenges the JOC Cockpit server to present its server authentication certificate that will be Server Authentication Certificate that is verified by the client.
- The JOC Cockpit server challenges the client to present its client authentication certificate that is Client Authentication Certificate which is then verified by the JOC Cockpit.
With the JOC Cockpit being set up for mutual authentication the , certificates can be used to:
- to enforce two-factor authentication with clients having to provide a certificate and a user account/password,
- to allow single-factor authentication using a certificate instead of a password.
Authentication Strategies
Two-factor Authentication
...
- of user account/password
...
- .
Details of how to configure clients and JOC Cockpit for use with certificates can be found in the JS7 - Certificate based Authentication article.
Further Resources
Display children header |
---|
Find details from the JOC Cockpit - Two-factor Authentication article.
Single-factor Authentication
This boils down to use either account/password authentication or to allow certificate based authentication alternatively.
Find details from the JOC Cockpit - Single-factor Authentication with Certificates article.
Certificates for Authentication
Clients
Certificates are available with the Client's certificate store.
- Browser Clients
- FireFox (any platform): supports use of an individual certificate store that is available with the browser, see Options -> Privacy & Security -> Certificates.
- Chrome, Vivaldi, Edge (Windows): supports use of the Windows Certificate Store
- Chrome, Vivaldi (Linux): supports use of an individual certificate store that is available with the browser, see Options -> Privacy
- Chrome, Safari (Mac OS): supports use of the Mac OS Certificate Store
- REST Clients
- JS7 PowerShell Module (Connect-JS7): Windows, Linux, Mac OS: supports use of a Key Store (.p12); Windows: supports use of the Windows Certificate Store
- JobScheduler PowerShell Module (Connect-JobScheduler): Windows, Linux, Mac OS: supports use of a Key Store (.p12); Windows: supports use of the Windows Certificate Store
- Other REST Clients: depends on implementation
Certificate Encryption Algorithms
X.509 Certificates with RSA or ECDSA encryption algorithms can be used.
Certificate Management
Self-signed certificates and certificates signed by trusted root certification authorities can be used.
For use with self-signed certificates the root certificate has to be added to the Client's certificate store. Certificates from trusted root certification authorities frequently are available from a Client's key store.