Skip to end of metadata
Go to start of metadata

This article only applies to the Classic JOC user interface

Icon

The Classic JOC user interface is entering retirement:

FEATURE AVAILABILITY ENDING WITH RELEASE 1.11

The JOC Cockpit user interface is a replacement for the Classic JOC user interface:

FEATURE AVAILABILITY STARTING FROM RELEASE 1.11

See the Authentication and Authorization - Configuration Article for Information about configuring the JOC Cockpit for operation with an LDAP authentication server.

 

  • Job Scheduler provides built-in basic user/password authentication:
    • The easiest way to generate the encrypted passwords is to use JOE.
    • This mechanism does not support more elaborated management of user credentials, e.g. password expiration policies.
  • If you want to authenticate users against an LDAP directory, you can set up a web server as a proxy for JOC. 
    • This grant access to JobScheduler exclusively from the localhost and from the web server (see the element <allowed_hosts> in scheduler.xml).
    • If a user wants to access JOC then the address of the proxy server has to be used. Proxy access can be the secured using plugins of the web server (e.g. Apaches LDAP Plugin).

Configuring a Proxy for the Apache Web Server

Load the proxy modules in httpd.conf of the Apache installation:

Configure a proxy address:

Proxy configuration with JobScheduler port 4444

After restarting Apache, JOC should be accessible by using the address

http://proxy_host:80/jobscheduler/

If you want to use the jetty port (default=40444) instead of the JobScheduler port then note that the JobScheduler

  • has an internal redirect from http://scheduler_host:40444 -> http://scheduler_host:40444/jobscheduler/operation_gui, where Jetty find the sources.
  • uses two rest URLs http://scheduler_host:40444/jobscheduler/engine/command/ and http://scheduler_host:40444/jobscheduler/engine-cpp/

So the proxy has a different configuration

Proxy configuration with Jetty port 40444

After restarting Apache, JOC should be accessible by using the address

http://proxy_host:80/jobscheduler/operations_gui/

Or you use only one ProxyPass. Then a redirect in Apache is recommended where LoadModule rewrite_module modules/mod_rewrite.so has to be active.

Proxy configuration with Jetty port 40444 and redirect

After restarting Apache, JOC should be accessible by using the address

http://proxy_host:80/jobscheduler

 

Configuring Basic Authentication

Create a file jobscheduler_password.file using the htpasswd utility. Store it in the Apache root directory:

Configuring LDAP Authentication

First, make sure the proxy for JobScheduler is working. Then the proxy can be secured using Apaches LDAP Plugin.

Load LDAP modules:

Secure the proxy:

See also