Skip to end of metadata
Go to start of metadata

Introduction

  • Authentication is required when accessing the JS7 - REST Web Service API and when accessing the JS7 - Browser User Interface, i.e. the JOC Cockpit GUI.
  • Authentication supports use of account/password and use of certificates.
  • Single factor authentication and two-factor authentication are supported.

Authentication Methods

The following authentication methods are supported:

  • Account/Password Authentication
    • for use with the built-in account management of JOC Cockpit.
    • for use with any LDAP based Directory Service such as e.g. Microsoft Active Directory®.
  • Mutual Authentication with Certificates
    • X.509 compliant certificates can be used by any client (Browser Client, REST API Client).

Certificate based Authentication

Certificates can be used for mutual authentication:

  • The client (Browser Client, REST API Client) challenges the JOC Cockpit server to present its server authentication certificate that will be verified by the client.
  • The JOC Cockpit server challenges the client to present its client authentication certificate that is verified by JOC Cockpit.

With JOC Cockpit being set up for mutual authentication certificates can be used

  • to enforce two-factor authentication with clients having to provide a certificate and a password,
  • to allow single-factor authentication using a certificate instead of a password.

Authentication Strategies

Two-factor Authentication

This includes to require both account/password authentication and certificate based authentication.

Find details from the JOC Cockpit - Two-factor Authentication article.

Single-factor Authentication

This boils down to use either account/password authentication or to allow certificate based authentication alternatively.

Find details from the JOC Cockpit - Single-factor Authentication with Certificates article.



  • No labels
Write a comment…