JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 47

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 48

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Identity Services implement Authentication Methods and access to Identity Providers. For example, credentials such as user account/password are used as an Authentication Method to access an LDAP Directory Service acting as the Identity Provider. See JS7 - Identity and Access Management.
  • JOC Cockpit implements a flexible architecture that allows external Identity Service products to be added with future JS7 releases.
  • By default JS7 ships with the following built-in Identity Services:
    • Display feature availability
      StartingFromRelease2.2.0
       
    • Display feature availability
      StartingFromRelease2.25.0
      • The JS7 - OIDC Identity Service
        Jira
        serverSOS JIRA
        columnIdsissuekey,summary,issuetype,created,updated,duedate,assignee,reporter,priority,status,resolution
        columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
        serverId6dc67751-9d67-34cd-985b-194a8cdc9602
        keyJOC-1370
    • Display feature availability
      StartingFromRelease2.6.0
      • The JS7 - Certificate Identity Service
        Jira
        serverSOS JIRA
        columnIdsissuekey,summary,issuetype,created,updated,duedate,assignee,reporter,priority,status,resolution
        columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
        serverId6dc67751-9d67-34cd-985b-194a8cdc9602
        keyJOC-1547
      • The JS7 - FIDO2 Identity Service
        Jira
        serverSOS JIRA
        columnIdsissuekey,summary,issuetype,created,updated,duedate,assignee,reporter,priority,status,resolution
        columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
        serverId6dc67751-9d67-34cd-985b-194a8cdc9602
        keyJOC-1546
  • For compatibility reasons, early releases of JS7 include the JS7 - Shiro Identity Service
    Jira
    serverSOS JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId6dc67751-9d67-34cd-985b-194a8cdc9602
    keyJOC-1145

    Display feature availability
    EndingWithRelease2.4.0

...

  • Session Idle Timeout (Default: 15 minutes)
    • If users are inactive for the given number of seconds then the user session expires and is terminated. Users can specify credentials and login to create a new user session.
    • Should the lifetime of an access token provided by an external Identity Service be different from the maximum idle-timeout, then the JOC Cockpit will try to renew the access token with the Identity Service. Renewal of an access token does not require the user to re-specify their login credentials.
    • Identity Services can restrict the lifetime of access tokens (time to live) and they can limit renewal of access tokens (maximum time to live). If an access token cannot be renewed then the user session is terminated and the user is required to perform a login.
  • Initial Password (Default: initial)
    • If an administrator adds user accounts with the JOC Cockpit and does not specify a password then the Initial Password will be used. As a general rule the JOC Cockpit does not allow the use of empty passwords but populates them with the Initial Password if a password is not specified by the user adding or modifying the account.
    • In addition, the operation to reset a user account's password is available. This replaces an existing password with the Initial Password.
    • If the Initial Password is assigned, then a flag is set for the user account to indicate that the password has to be changed with the next login. This behavior ensures that users cannot use the Initial Password except for an initial login.
  • Minimum Password Length (Default 0)
    • For any passwords specified - including the Initial Password - a minimum length is indicated.
    • Note that the number of characters and arbitrariness of character selection are key factors for secure passwords. Password complexity requiring e.g. digits and special characters to be used do not substantially add to password security except in case of short passwords.

...

  • Required Identity Services: user login is performed with all required Identity Services.
    • No Optional optional Identity Services are considered.
    • If more than one Required required Identity Service is configured then a user cannot log in if the login fails with any of the Required required Identity Services.
    • Permissions are applied from roles assigned by all Identity Services in the sequence of enabled Identity Services which are required to authenticate a user account.
  • Optional Identity Services: with the first successful login to an Identity Service the user is considered to have logged in.
    • No further optional Identity Services are consulted if a user login is successful with one of the Optional optional Identity Services.
    • For example, if two Optional optional Identity Services JOC and LDAP are configured in this sequence then the login to the JOC Identity Service can fail and still the user might successfully login with the LDAP Identity Service.
    • Permissions from the successful login to an Optional optional Identity Service are used.
  • Disabled Identity Services are not considered for user login.

...