diff options
author | Zlatko Murgoski <zlatko.murgoski@nokia.com> | 2019-07-09 12:29:48 +0200 |
---|---|---|
committer | Zlatko Murgoski <zlatko.murgoski@nokia.com> | 2019-07-10 10:55:31 +0200 |
commit | d9911eeb5c2b30101882b60d64139cf5a3950e80 (patch) | |
tree | 4ac0690ba3649d26c961ca350ab63ab6fdab8ea9 /docs/sections/services/ves-http/tls-authentication.rst | |
parent | 09ab35fb5eaafb6ccdb7388ed073c124c2981566 (diff) |
VES Collecotr - update documentation
https://jira.onap.org/browse/DCAEGEN2-1656
Issue-ID: DCAEGEN2-1618
Change-Id: I9f221163430f0913fbf96e8af005b0a10a772b73
Signed-off-by: Zlatko Murgoski <zlatko.murgoski@nokia.com>
Diffstat (limited to 'docs/sections/services/ves-http/tls-authentication.rst')
-rw-r--r-- | docs/sections/services/ves-http/tls-authentication.rst | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/docs/sections/services/ves-http/tls-authentication.rst b/docs/sections/services/ves-http/tls-authentication.rst index ad8d8d22..1ace3937 100644 --- a/docs/sections/services/ves-http/tls-authentication.rst +++ b/docs/sections/services/ves-http/tls-authentication.rst @@ -1,5 +1,11 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 +.. raw:: html + + <style> .red {color:red} </style> + <style> .green {color:green} </style> +.. role:: red +.. role:: green Authentication Types ==================== @@ -19,6 +25,30 @@ Of course, mutual TLS authentication requires also server certificates, so follo Property *auth.method* is used to manage security mode, possible configuration: noAuth, basicAuth, certOnly, certBasicAuth * *auth.method=noAuth* default option - no security (http) + * *auth.method=certOnly* is used to enable mutual TLS authentication (https) + + * client without cert and without basic auth = :red:`Authentication failure` + * client without cert and wrong basic auth = :red:`Authentication failure` + * client without cert and correct basic auth = :red:`Authentication failure` + * client with cert and without/wrong basic auth = :green:`Authentication successful` + * client with cert and correct basic auth = :green:`Authentication successful` + * *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication - * *auth.method=basicAuth* is used to enable basic HTTPs authentication
\ No newline at end of file + + * client without cert and without basic auth = :red:`Authentication failure` + * client without cert and wrong basic auth = :red:`Authentication failure` + * client without cert and correct basic auth = :green:`Authentication successful` + * client with cert and without/wrong basic auth = :green:`Authentication successful` + * client with cert and correct basic auth = :green:`Authentication successful` + + * *auth.method=basicAuth* is used to enable basic HTTPs authentication + + * client without cert and without basic auth = :red:`Authentication failure` + * client without cert and wrong basic auth = :red:`Authentication failure` + * client without cert and correct basic auth = :green:`Authentication successful` + * client with cert and without/wrong basic auth = :red:`Authentication failure` + * client with cert and correct basic auth = :green:`Authentication successful` + +When application is in certOnly or certBasicAuth mode then certificates are also validated by regexp in /etc/certSubjectMatcher.properties, +only SubjectDn field in certificate description are checked. Default regexp value is .* means that we approve all SubjectDN values. |