Authentication
This core system provides, manages and validates system identities within an Eclipse Arrowhead Local Cloud (LC).
Learn more:
Abstract System Description (SysD)
Services
identity
The purpose of this service is to give, verify and invalidate a proof of identity token. Furthermore, it also allows a system to change its own credentials. The service is offered for both application and Core/Support Systems.
Learn more:
Abstract Service Description (SD)
generic-http (IDD) | generic-https (IDD)
generic-mqtt (IDD) | generic-mqtts (IDD)
since: v5.0.0
login
This service operation acquires a proof of identity token.
Example: generic-http | generic-https
Example: generic-mqtt | generic-mqtts
logout
This service operation invalidates a proof of identity token.
Example: generic-http | generic-https
Example: generic-mqtt | generic-mqtts
change
This service operation changes the requester system's own credentials.
Example: generic-http | generic-https
Example: generic-mqtt | generic-mqtts
verify
This service operation checks the validity of a provided token and acquires information about the verified system.
Example: generic-http | generic-https
Example: generic-mqtt | generic-mqtts
general-management
Its purpose is to get some information about the hosting system's behavior, such as log entries and configuration settings. The service is offered for administrative support systems.
Learn more:
Abstract Service Description (SD)
generic-http (IDD) | generic-https (IDD)
generic-mqtt (IDD) | generic-mqtts (IDD)
since: v5.0.0
get-log
This service operation lists the log entries of the system that matches the filtering requirements.
Example: generic-http | generic-https
Example: generic-mqtt | generic-mqtts
get-config
This service operation lists the current values of the specified configuration settings.
Example: generic-http | generic-https
Example: generic-mqtt | generic-mqtts
identity-management
Its purpose is to manage identities and active sessions in bulk. The different operations provide querying, creating, updating and removing functionalities. The service is offered for administrative support systems.
Learn more:
Abstract Service Description (SD)
generic-http (IDD) | generic-https (IDD)
generic-mqtt (IDD) | generic-mqtts (IDD)
since: v5.0.0
identity-mgmt-query
This service operation lists the identities that match the filtering requirements.
Example: generic-http | generic-https
Example: generic-mqtt | generic-mqtts
identity-mgmt-create
This service operation creates the specified identities.
Example: generic-http | generic-https
Example: generic-mqtt | generic-mqtts
identity-mgmt-update
This service operation updates the specified existing identities.
Example: generic-http | generic-https
Example: generic-mqtt | generic-mqtts
identity-mgmt-remove
This service operation removes the specified identities.
Example: generic-http | generic-https
Example: generic-mqtt | generic-mqtts
identity-mgmt-session-query
This service operation lists the active sessions that match the filtering requirements.
Example: generic-http | generic-https
Example: generic-mqtt | generic-mqtts
identity-mgmt-session-close
This service operation closes and the specified active sessions and invalidates the related tokens.
Example: generic-http | generic-https
Example: generic-mqtt | generic-mqtts
Configuration
The system configuration properties can be found in the application.properties file located at /src/main/resources folder.
Note: During the build process this file is going to be built into the executable JAR, but also going to be copied next to the JAR file. Any modification in the configuration file located next to the executable JAR file will override the built in configuration property value.
General parameters
See the general configuration properties.
Note: In case of the Authentication system the property authentication.policy has a special value internal, which means the system should use its own database during authentication. The property should not be changed.
Database parameters
spring.datasource.url
Full connection URL to the database.
spring.datasource.username
Username to the database.
spring.datasource.password
Password to the database.
spring.datasource.driver-class-name
The driver provides the connection to the database and implements the protocol for transferring the query and result between client and database.
spring.jpa.show-sql
Set to true in order to log out the SQL queries.
spring.jpa.properties.hibernate.format sql
Set to true to log out SQL queries in pretty format. (Effective only when 'spring.jpa.show-sql' is 'true')
spring.jpa.hibernate.ddl-auto
Auto initialization of database tables. Value must be always 'none'.
Custom parameters
authentication.secret.key
The secret key which is used to prove to the Local Cloud's Service Registry that this authentication is trusted. This secret key must be present in the Service Registry authenticator.secret.keys structure.
enable.management.filter
Set to true to enable automatic authorization for management services.
management.policy
Defines the access policy for management services. Can be sysop-only (only systems with system operator permission can use them), whitelist (system operators and those dedicated systems that appear on the management.whitelist can use them) or authorization (system operators, whitelist members and those systems that have permission according to the Authorization system can use them).
management.whitelist
A list of system names (separated by comma) that can use management services if the management.policy is set to whitelist or authorization.
identity.token.duration
Validity period of the identity token in seconds (0 or negative value means hundred years).
cleaner.job.interval
Interval between execution times of the expired session cleaner job in milliseconds.
Logging configuration
The logging configuration properties can be found in the log4j2.xml file located at src/main/resources
folder.
Note: During the build process this file is going to be built into the executable JAR, but it is also possible to override it by an external file. For that use the following command when starting the system:
java -jar arrowhead-authentication-5.x.x
-Dlog4j.configurationFile=path-to-external-file
JDBC_LEVEL
Set this to change the level of log messages in the database. Levels: ALL, TRACE, DEBUG, INFO, WARN,
ERROR, FATAL, OFF.
CONSOLE_FILE_LEVEL
Set this to change the level of log messages in console and the log file. Levels: ALL, TRACE, DEBUG, INFO, WARN,
ERROR, FATAL, OFF.
LOG_DIR
Set this to change the directory of log files.
Changelog
v5.0.0
Related in CL-5.0.0