Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Jetty will verify the Client Authentication Certificate and check if this was signed by a CA using the Root CA Certificate that is available with the Jetty truststore.
  • During login the user does not have to specify the account to be used. Instead, the Common Name (CN) entry of the Client Authentication Certificate's subject specifies the account used for login with JOC Cockpit. Consider that an exact match of the CN is required: 
    • Assume a user account: apmacwin
    • The certificate subject could look like this:


  • Log Files
  • Standard Log Files
    • Identity Services log output to the JETTY_BASE/logs/joc.log file. This includes reporting success or failure of authentication.
    • Successful and failed authentication attempts including the user accounts involved are logged to the JETTY_BASE/logs/audit.log file.
  • Debug Log Files
    • For problem analysis during the setup of an Identity Service, increase the log level as explained in the JS7 - Log Levels and Debug Options article.
    • The JETTY_BASE/logs/joc-debug.log file includes general debug output of JOC Cockpit.
    • The JETTY_BASE/logs/authentication-debug.log file includes debug output related to authentication and authorization.
    • The JETTY_BASE/logs/jetty.log file includes debug output of attempts to establish SSL connections.