From 014bacae0fbb76c6e6baf83f267258211e28d3cc Mon Sep 17 00:00:00 2001 From: pawel Date: Thu, 7 Nov 2019 11:15:00 +0100 Subject: Update authentication types description Issue-ID: DCAEGEN2-1913 Signed-off-by: pawel Change-Id: Ic8b611a65c1c7eb781265b2481f60952b7abfb24 --- .../services/ves-http/tls-authentication.rst | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) (limited to 'docs/sections/services/ves-http/tls-authentication.rst') diff --git a/docs/sections/services/ves-http/tls-authentication.rst b/docs/sections/services/ves-http/tls-authentication.rst index 1ace3937..12301383 100644 --- a/docs/sections/services/ves-http/tls-authentication.rst +++ b/docs/sections/services/ves-http/tls-authentication.rst @@ -22,18 +22,10 @@ Of course, mutual TLS authentication requires also server certificates, so follo * *collector.keystore.file.location* - a path to jks key store containing certificates which can be used for TLS handshake * *collector.keystore.passwordfile* - a path to file containing a password for the key store -Property *auth.method* is used to manage security mode, possible configuration: noAuth, basicAuth, certOnly, certBasicAuth +Property *auth.method* is used to manage security mode, possible configuration: noAuth, certBasicAuth * *auth.method=noAuth* default option - no security (http) - * *auth.method=certOnly* is used to enable mutual TLS authentication (https) - - * client without cert and without basic auth = :red:`Authentication failure` - * client without cert and wrong basic auth = :red:`Authentication failure` - * client without cert and correct basic auth = :red:`Authentication failure` - * client with cert and without/wrong basic auth = :green:`Authentication successful` - * client with cert and correct basic auth = :green:`Authentication successful` - * *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication * client without cert and without basic auth = :red:`Authentication failure` @@ -42,13 +34,5 @@ Property *auth.method* is used to manage security mode, possible configuration: * client with cert and without/wrong basic auth = :green:`Authentication successful` * client with cert and correct basic auth = :green:`Authentication successful` - * *auth.method=basicAuth* is used to enable basic HTTPs authentication - - * client without cert and without basic auth = :red:`Authentication failure` - * client without cert and wrong basic auth = :red:`Authentication failure` - * client without cert and correct basic auth = :green:`Authentication successful` - * client with cert and without/wrong basic auth = :red:`Authentication failure` - * client with cert and correct basic auth = :green:`Authentication successful` - -When application is in certOnly or certBasicAuth mode then certificates are also validated by regexp in /etc/certSubjectMatcher.properties, +When application is in certBasicAuth mode then certificates are also validated by regexp in /etc/certSubjectMatcher.properties, only SubjectDn field in certificate description are checked. Default regexp value is .* means that we approve all SubjectDN values. -- cgit 1.2.3-korg