Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The tia Core tia® Status UI allows to two modes of authentication:

...

Info

Note: Basic Authentication is suitable for test system and easy to configure. When considering for production usage, following additional security configurations must be taken:

  • Basic Authentication is not transported security securely from client to server in HTTP message. So for For security reasons, the transport must be configured for TSL-encryption (HTTPS)

  • Modern browsers remember user credentials when using Basic Authentication. So when When multiple users sharing a client machine, login may not be properly secured.

...

The configuration for authentication of tia Core tia® Status UI has to be made as Application wide settings.

Configuring tia Status UI for Basic Authentication

Following parameters needs to be specified for basic authentication:

  • webapp.security.auth.type=basic

  • webapp.security.auth.basic.username=<username>

  • webapp-.security.auth.basic.password=<password hash>

...

When the basic authentication (default) is used, but the a password is not configured here, the tia Core tia® Status UI application will generate a random password at startup which can be looked up from the container logs.

...

The password hash in the configuration has to be the bcrypt-hash value of the password. Read more about creating bcrypt-hashs here: Creating a bcrypt-hash value

...

Info

Hint: This value always contains $-characters. When using this from command prompt in Linux or Windows environment, this character may need to be escaped or the complete string quoted (try both: single- or double-quotes).

Configuring

...

tia® Status UI for OAuth2 Authentication

The tia Core tia® Status UI implements the OAuth2 PKCE Authorization Code Flow.

...

  1. registration of the application at the OAuth2 Authorization Server

  2. configuration of these parameters in the Application wide settings :

...

  • webapp.security.auth.type=oauth2

...

  • webapp.security.auth.oauth2.authenticationEndpointUrl=<OAuth2

...

  • endpoint

...

  • URL>

...

  • webapp

...

  • .security.auth.oauth2.clientId=<OAuth2

...

  • client

...

  • id>

...

  • webapp

...

  • .security.auth.oauth2.redirectUrl=<local

...

  • URL

...

  • to

...

  • /info/login-callback>