YADE User Manual - Authentication

Authentication methods

The YADE Client provides a number of authentication methods:

• BasicAuthentication
  • an Account (i.e. user name) is required
  • AND an optional Password
  • BasicAuthentication can be used with the following protocol fragments:
    • FTPFragment and FTPSFragment 
    • HTTPFragment and HTTPSFragment
    • WebDAVFragment
  • Note that BasicAuthentication requires that the Password is stored in the configuration files.
  • The Simple File Transfer with Basic Authentication article describes the considerations behind an example with BasicAuthentication. The configuration file for this example is available as a working download.
• SSHAuthentication
  • an Account (i.e. user name) is required
  • AND either:
    • AuthenticationMethodPassword with a (required) Password
    • OR AuthenticationMethodPublickey
      • with a (required) AuthenticationFile location
      • AND an optional Passphrase that protects the file
  • SSHAuthentication can be used with with the following protocol fragments:
    • SFTPFragment 
    • JumpFragment
  • The File Transfer with SSH authentication article describes the considerations behind an example with SSHAuthentication. The configuration file for this example is available as a working download.
• SMBAuthentication (in conjunction with SMBFragment elements / the SMB protocol and a Hostname)
  • an Account (i.e. user name) is required
    
    • AND an optional Domain
    • AND an optional Password
  • SMBAuthentication can only be used with with the SMB protocol fragment.

Specifying Authentication Methods

Authentication methods are specified in the Fragments elements of the XSD Schema at the end of various ProtocolFragments branches in the schema. This is because the authentication method(s) that can be used as for a connection depend on the protocol used. This hierarchy is shown schematically below:

• Fragments
  • ProtocolFragments
    • FTPFragment
      • BasicConnection
      • BasicAuthentication
        • Account
        • Password (optional)
    • FTPSFragment
      • BasicConnection
      • BasicAuthentication
        • Account
        • Password (optional)
    • HTTPFragment
      • etc ...
    • etc ...

The protocol-dependency of the various authentication methods is integrated into the schema and explains why authentication methods lie below ProtocolFragments in the XML hierarchy. This integration in the schema ensures that the only authentication methods that are supported by a protocol can be specified.

Note that any number of ProtocolFragments can be specified within a configuration, allowing a number of authentication methods to be predefined for a particular file transfer operation. The AlternativeFragments element can be used to specify a number of alternative connections and authentication methods for a file transfer profile.

Optional Authentication-Related Elements

Note that the following authentication elements can be optionally specified:

Proxies

Proxies can be specified for each connection in the relevant connection fragment. For example, the ProxyForFTP element is specified as a child of the FTPFragment.

Alternative Connections

Alternative protocols and thereby alternative authentication methods can be specified using the AlternativeFragments element.

This element is used to define a series of connections that are tried one after the other in the event of a primary connection not being available.

Strict Host Key Checking

• StrictHostkeyChecking can be specified for SFTPFragments and JumpFragments to provide maximum security against Trojan horse attacks.

Untrusted Certificates

• AcceptUntrustedCertificate can be used to allow self-signed certificates to be accepted with FTPSFragments, HTTPSFregments and WebDAVFragments.

Authentication using the SOS Credential Store

YADE can use the Credential Store to securely access authentication credentials.