diff options
author | pawel <pawel.kasperkiewicz@nokia.com> | 2019-11-07 11:15:00 +0100 |
---|---|---|
committer | pawel <pawel.kasperkiewicz@nokia.com> | 2019-11-07 11:15:00 +0100 |
commit | 014bacae0fbb76c6e6baf83f267258211e28d3cc (patch) | |
tree | 726e721fbc0d00e3e9e851be8303fdce0078f67f /docs/sections/services/ves-http/tls-authentication.rst | |
parent | 5e1694cfaa768d2c1bea4fccd1cb5fce7504f803 (diff) |
Update authentication types description
Issue-ID: DCAEGEN2-1913
Signed-off-by: pawel <pawel.kasperkiewicz@nokia.com>
Change-Id: Ic8b611a65c1c7eb781265b2481f60952b7abfb24
Diffstat (limited to 'docs/sections/services/ves-http/tls-authentication.rst')
-rw-r--r-- | docs/sections/services/ves-http/tls-authentication.rst | 20 |
1 files changed, 2 insertions, 18 deletions
diff --git a/docs/sections/services/ves-http/tls-authentication.rst b/docs/sections/services/ves-http/tls-authentication.rst index 1ace3937..12301383 100644 --- a/docs/sections/services/ves-http/tls-authentication.rst +++ b/docs/sections/services/ves-http/tls-authentication.rst @@ -22,18 +22,10 @@ Of course, mutual TLS authentication requires also server certificates, so follo * *collector.keystore.file.location* - a path to jks key store containing certificates which can be used for TLS handshake * *collector.keystore.passwordfile* - a path to file containing a password for the key store -Property *auth.method* is used to manage security mode, possible configuration: noAuth, basicAuth, certOnly, certBasicAuth +Property *auth.method* is used to manage security mode, possible configuration: noAuth, certBasicAuth * *auth.method=noAuth* default option - no security (http) - * *auth.method=certOnly* is used to enable mutual TLS authentication (https) - - * client without cert and without basic auth = :red:`Authentication failure` - * client without cert and wrong basic auth = :red:`Authentication failure` - * client without cert and correct basic auth = :red:`Authentication failure` - * client with cert and without/wrong basic auth = :green:`Authentication successful` - * client with cert and correct basic auth = :green:`Authentication successful` - * *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication * client without cert and without basic auth = :red:`Authentication failure` @@ -42,13 +34,5 @@ Property *auth.method* is used to manage security mode, possible configuration: * client with cert and without/wrong basic auth = :green:`Authentication successful` * client with cert and correct basic auth = :green:`Authentication successful` - * *auth.method=basicAuth* is used to enable basic HTTPs authentication - - * client without cert and without basic auth = :red:`Authentication failure` - * client without cert and wrong basic auth = :red:`Authentication failure` - * client without cert and correct basic auth = :green:`Authentication successful` - * client with cert and without/wrong basic auth = :red:`Authentication failure` - * client with cert and correct basic auth = :green:`Authentication successful` - -When application is in certOnly or certBasicAuth mode then certificates are also validated by regexp in /etc/certSubjectMatcher.properties, +When application is in certBasicAuth mode then certificates are also validated by regexp in /etc/certSubjectMatcher.properties, only SubjectDn field in certificate description are checked. Default regexp value is .* means that we approve all SubjectDN values. |