From 580eae246a3ac7bf9533df96d20c0fc9b5425d3c Mon Sep 17 00:00:00 2001 From: Zlatko Murgoski Date: Fri, 15 Mar 2019 15:05:15 +0100 Subject: Collector authentication enhancement doc Collector authentication enhancement doc update Change-Id: I03a05cb83dd8c498fb218e82e9b3958348fbb4ac Issue-ID: DCAEGEN2-1101 Signed-off-by: Zlatko Murgoski --- docs/sections/services/ves-http/configuration.rst | 5 ++--- docs/sections/services/ves-http/tls-authentication.rst | 8 ++++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/sections/services/ves-http/configuration.rst b/docs/sections/services/ves-http/configuration.rst index c7f2fe6e..a6862f58 100644 --- a/docs/sections/services/ves-http/configuration.rst +++ b/docs/sections/services/ves-http/configuration.rst @@ -56,11 +56,10 @@ VES expects to be able to fetch configuration directly from consul service in fo } }, "collector.service.secure.port": "8443", - "header.authflag": "0", + "auth.method": "noAuth", "collector.keystore.file.location": "/opt/app/VESCollector/etc/keystore", - "collector.keystore.alias": "dynamically generated", "services_calls": [], - "header.authlist": "sample1,c2FtcGxlMQ==" + "header.authlist": "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6" } diff --git a/docs/sections/services/ves-http/tls-authentication.rst b/docs/sections/services/ves-http/tls-authentication.rst index b3cbafdf..b5226dc5 100644 --- a/docs/sections/services/ves-http/tls-authentication.rst +++ b/docs/sections/services/ves-http/tls-authentication.rst @@ -15,6 +15,10 @@ Of course, mutual TLS authentication requires also server certificates, so follo * *collector.keystore.file.location* - a path to jks key store containing certificates which can be used for TLS handshake * *collector.keystore.passwordfile* - a path to file containing a password for the key store - * *collector.keystore.alias* - a name of a certificate from a key store which VES will use during TLS handshake -Property *header.authflag=1* may by used along *collector.service.secure.clientauth=1* in order to enable mutual TLS authentication and basic HTTP authentication. +Property *auth.method* is used to manage security mode, possible configuration: noAuth, basicAuth, certOnly, certBasicAuth + + * *auth.method=noAuth* default option - no security (http) + * *auth.method=certOnly* is used to enable mutual TLS authentication (https) + * *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication + * *auth.method=basicAuth* is used to enable basic HTTPs authentication \ No newline at end of file -- cgit 1.2.3-korg