JS7 JobScheduler

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Introduction

  • HTTP Basic Authentication with passwords is a basic means to identify client and server in HTTP connections. However, as HTTP connections are not secure and forward passwords without transport encryption the passwords are visible in the network. It is therefore recommended to switch to HTTPS Server Authentication that implements transport encryption.
  • Consider the communication scheme between JS7 components as explained from the JS7 - System Architecture:
    • User browsers acting as http clients establish connections to JOC Cockpit as an http server.
    • JOC Cockpit acting as an http client establishes connections to Controllers acting as http servers.
    • Controllers acting as http clients establish connections to Agents acting as http servers.

Controller Configuration

Download: private.conf

Complete private.conf:

Controller configuration file: private.conf 
js7 {
    auth {
        users {
            # History account (used for release events)
            History {
                password="sha512:B793649879D61613FD3F711B68F7FF3DB19F2FE2D2C136E8523ABC87612219D5AECB4A09035AD88D544E227400A0A56F02BC990CF0D4CB348F8413DE00BCBF08"
            }
            # JOC account (needs UpdateItem permission for deployment)
            JOC {
                password="sha512:3662FD6BF84C6B8385FC15F66A137AB75C755147A81CC7AE64092BFE8A18723A7C049D459AB35C059B78FD6028BB61DCFC55801AE3894D2B52401643F17A07FE"
                permissions=[
                    UpdateItem
                ]
            }
        }
    }

    configuration {
        # truststore location for signatures
        trusted-signature-keys {
            PGP=${js7.config-directory}"/private/trusted-pgp-keys"
            X509=${js7.config-directory}"/private/trusted-x509-keys"
        }
    }

    journal {
        # allow History account to release unused journals
        users-allowed-to-release-events=[
            History
        ]
    }
}

Explanation:

  • Consider that the above configuration has to be deployed to both Controller instances should a Controller Cluster be used.
  • Find below explanations about configuration items from the above example relevant to Server Authentication with passwords.
  • No labels