JS7 JobScheduler

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Introduction

  • The JS7 - Identity Services offer management of user accounts for authentication and authorization.
  • The connection from a client (user browser or REST client) to the JOC Cockpit can be secured by HTTPS. This includes validation of the JOC Cockpit's TLS/SSL Server Authentication Certificate by the client. In addition, the JOC Cockpit can be configured for mutual authentication, requesting in return that the client presents a Client Authentication Certificate that is then validated by the JOC Cockpit.
  • Certificates can be used as a single-factor and for multi-factor authentication (MFA) with other Identity Services.
  • Authentication Schemes
    • Single-factor authentication means that use of a Client Authentication Certificate is sufficient to login to JOC Cockpit, no specification of user account and password is required.
    • Two-factor authentication means that:
      • the client (user browser, REST client) presents a Client Authentication Certificate and
      • the client specifies for example the user account and password for login required by some other Identity Service.

Prerequisites

Identity Service Type

The following integration level is available from the OIDC Identity Service Type:

Identity ServiceIdentity Service Configuration Items
Service TypeBuilt-inUser Accounts/Passwords
stored with		User Accounts/Passwords
managed by		Roles/Permissions
stored with		Roles->User Accounts Mapping
managed with
CERTIFICATEyesCertificateCA / CertificateJS7 Database JOC Cockpit


Explanation:

  • Service Type: CERTIFICATE
    • Management of user accounts is performed by the Certificate Authority (CA). Instead of a password the user holds the private key.
    • The assignment of roles to user accounts is performed by the JOC Cockpit.
    • The JOC Cockpit stores user accounts and role assignments: in the JS7 - Database.
    • The JOC Cockpit does not know the private key of user accounts. JOC Cockpit knows the user account's public key that is used to verify authentication requests.

Identity Service Configuration

The  icon in the JOC Cockpit main menu is used to select the Manage Identity Services page:


Add Identity Service

To add an Identity Service use the button Add Identity Service from the page shown above, listing the available Identity Services:


The remaining input fields for the popup window look like this:


Explanation:

  • The Identity Service Name is a unique identifier that can be freely chosen.
  • The Identity Service Type can be selected as available from the above matrix.
  • The Ordering specifies the sequence in which a login is performed with available Identity Services.
  • The Used as Second Factor checkbox specifies if the the Identity Service is used for single-factor authentication or two-factor authentication:
    • single-factor authentication: the certificate is sufficient for login with the Identity Service.
    • two-factor authentication: in addition to user account and password specified for some other Identity Service a Client Authentication Certificate is required - see the JS7 - Certificate based Authentication article for more information.

Identity Service Settings

No settings are required for the Certificate Identity Service.





  • No labels