The tia Core tia® Status UI allows to two modes of authentication:
...
Info |
---|
Note: Basic Authentication is suitable for test system and easy to configure. When considering for production usage, following additional security configurations must be taken:
|
...
The configuration for authentication of tia Core tia® Status UI has to be made as application-wide setting, see tia Core Configuration Basics Application wide settings.
Configuring tia Status UI for Basic Authentication
Following parameters needs to be specified for basic authentication:
webapp.security.auth.type=basic
webapp.security.auth.basic.username=<username>
webapp-.security.auth.basic.password=<password hash>
...
When the basic authentication (default) is used, but the a password is not configured here, the tia Core tia® Status UI application will generate a random password at startup which can be looked up from the container logs.
...
The password hash in the configuration has to be the bcrypt-hash value of the password. Read more about creating bcrypt-hashs here: Creating a bcrypt-hash value
Example value:
Code Block |
---|
$2y$10$BVN92BjOQag3b5onDKHH9OQuoRtLTlIKi7cTUPjFGVV54t/XvfShy |
Info |
---|
Hint: This value will always contain contains $-characters. When using this from command prompt in Linux or Windows environment, this character may need to be escaped or the complete string quoted (try both: single- or double-quotes). |
Creating a bcrypt-hash value
...
. |
...
Example command and output to generate the hash for string “plainpassword”:
Code Block |
---|
$ htpasswd -nbBC 10 USER plainpassword
USER:$2y$10$1J2BG6LJYImEcZVRxXn1TOs9iRKLvJvWWSf5/AE5ZOaWUlmZxQJsa |
Info | ||
---|---|---|
Hint: On Linux systems apache2-utils can be installed using the installed package manager. Probably administrative privileges are required, so the Example command when using
|
...
Configuring tia® Status UI for OAuth2 Authentication
The tia Core tia® Status UI implements the OAuth2 PKCE Authorization Code Flow.
...
registration of the application at the OAuth2 Authorization Server
configuration of these parameters in the application-Application wide - settings :
webapp.security.auth.type=oauth2
webapp.security.auth.oauth2.authenticationEndpointUrl=<OAuth2 endpoint URL>
webapp-.security.auth.oauth2.clientId=<OAuth2 client id>
webapp-.security.auth.oauth2.redirectUrl=<local URL to /info/login-callback>