Page History
Table of Contents |
---|
Info | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||
The HashiCorp Vault Identity Services is removed from JS7.
|
Introduction
- The JS7 - Identity Services offer integration with HashiCorp® Vault authentication server.
- The Vault Identity Service integration is available from JOC Cockpit:
- This requires HashiCorp® Vault to be downloaded, installed and operated by the user. Vault is not a built-in Identity Service Provider and does not ship with JS7.
- JS7 implements a REST client for use with HashiCorp® Vault 1.7.0 and newer.
...
Vault URL
: the base URL for which the Vault REST API is available.Vault Authentication Method Path
: the path specifies the Vault Authentication Method to be used, see the Authentication Methods section above.Vault Truststore Path
: Should the Vault Server be configured for HTTPS connections then the indicated truststore has to include an X.509 certificate specified for the Extended Key Usage of Server Authentication.- The truststore can include a selfPrivate CA-signed certificate Certificate or a Public CA-signed certificateCertificate. Typically the Root CA certificate Certificate is used as otherwise the complete certificate chain involved in signing the Server Authentication Certificate has to be available with the truststore.
- If the Vault Server is operated for HTTPS connections and this setting is not specified then the JOC Cockpit will use the truststore that is configured with the
JETTY_BASE/resources/joc/joc.properties
configuration file. This includes use of settings for the truststore password and truststore type. - The path to the truststore is specified relative to the
JETTY_BASE/resources/joc
directory. If the truststore is located in this directory then only the file name is specified, typically with a .p12 extension. Other relative locations can be specified using, for example,../../joc-truststore.p12
if the truststore is located in theJETTY_BASE
directory. An absolute path cannot be specified and a path cannot be specified that lies before theJETTY_BASE
directory in the file system hierarchy.
Vault Truststore Password
: If the Vault Server is configured for HTTPS connections and the indicated truststore is protected by a password then the password has to be specified.Vault Truststore Type
: If the Vault Server is configured for HTTPS connections then the type of the truststore has to be specified being eitherPKCS12
orJKS
(deprecated).Vault Application Token
: The application token setting is available only if theVAULT-JOC-ACTIVE
Identity Service Type is used.- The JOC Cockpit requires this token in order to manage users with Vault. This token has to be created with Vault, see the Application Role section above. This token allows JOC Cockpit to access the Vault REST API to manage user accounts.
- This token is not used for login of users.
...
Overview
Content Tools