...

...

AuthN/AuthZ with SSL

...

Secure access can be enabled in the Staging Repository StageR to restrict access to the REST APIs through https HTTPS connections using client certificates to authenticate and authorize the access.

To enable secure access the application requires a valid server certificate/private key for the server hosting the Staging Repository StageR (registered to the name of the server) and a the certificate authority (CA) certificate.

Configuration

In Specify the certificate configuration specify the location of the certificate files and the passphrase for the properties: keyLocation certLocation caLocation passphrase

The clients accessing the application REST APIs throught https will need to have a valid client certificate provided by the configured CA. To restrict access to specific client certificates from the CA, add the Common Name (CN) of the client certificates to the list property authList in the configuration.

client certificate name of the default administration user under the secure configuration property.

authList :[{
  ...,
  secure: {
    adminUser: 'AspireTestUser',
    'testuser'
]keyLocation: 'config/sslcerts/server/server.key',
    certLocation: 'config/sslcerts/server/server.crt',
    caLocation: 'config/sslcerts/ca/ca.crt',
    passphrase: '123456',
    requestCert: true,
    rejectUnauthorized: false
  },
  ...
}

The adminUser has all permission rights over the administration and security APIs; it can add new administration users and assign user permissions (read/write) to different Storage Units through the security API.  CRDP-65: Option to allow all valid client certificates to access by adding '*' to the authList.

Encryption and Key Managers

...