Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The tie Core Status UI allows to two modes of authentication:

  • Basic Authentication (default)

  • OpenAuth 2.0

Note: Basic Authentication is suitable for test system and easy to configure. When considering for production usage, following additional security configurations must be taken:

  • Basic Authentication is not transported security from client to server in HTTP message. So for security reasons, the transport must be configured for TSL-encryption (HTTPS)

  • Modern browsers remember user credentials when using Basic Authentication. So when multiple users sharing a client machine, login may not be properly secured.

The configuration for authentication of tia Core Status UI has to be made in the application.yml file.

<Documentation link to application.yml explanation, how to specify, what’s inside>

Hint: Yaml-Files have a hierarchical format and the intend of each line is important. Copy and paste the examples of this document to ensure correct intend and then edit the parameter values as required.

Configuring tia Status UI for Basic Authentication

The location in the YML-hierarchy of the setting for user name and password can be seen below. 

webapp:
  security:
    auth:
      type: basic
      basic:
        username: admin
        password: $2a$10$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e # bcrypt hash of "admin"

When the basic authentication (default) is used, but the password is not configured here, the tia Core Status UI application will generate random password at startup which can be looked up from the container logs.

Example: 

2023-09-01 13:49:21.651 [                /                ] [W] [                main]      .k.a.s.c.SecurityConfiguration.logGeneratedPassword ( 322) : |======================================================================|
2023-09-01 13:49:21.651 [                /                ] [W] [                main]      .k.a.s.c.SecurityConfiguration.logGeneratedPassword ( 323) : | Temporary generated password for the status webapp: 5KdJZ7EKQ.p0%etp |
2023-09-01 13:49:21.651 [                /                ] [W] [                main]      .k.a.s.c.SecurityConfiguration.logGeneratedPassword ( 324) : |======================================================================|

The password is expected as bcrypt hash value in the application.yml file.

Configuring tia Status UI for OAuth2 Authentication

The tia Core Status UI implements the OAuth2 PKCE Authorization Code Flow.

The configuration requires:

  1. registration of the application at the OAuth2 Authorization Server

  2. configuration of these parameters in the application.yml file (see example below):

  • Authentication type

  • authenticationEndpointUrl

  • clientId

  • redirectUrl

 

webapp:
  security:
    auth:
      type: oauth2
      oauth2:
        authenticationEndpointUrl: <OAuth2 endpoint URL> 
        clientId: <OAuth2 client Id>
        redirectUrl: http://localhost:8082/info/login-callback

  • No labels