SSL/TLS Authentication & Authorization¶
PRH does not perform any authorization in AAF, as the only endpoint which is provided by the service is the healthcheck, which is unsecured.
For authentication settings there is a possibility to change from default behavior to certificate-based solution independently for DMaaP and AAI communication.
By default basic authentication is being used with following credentials:
DMaaP BC authentication¶
By default basic authentication is being used with following credentials (for both DMaaP consumer and DMaaP publisher endpoints):
PRH identity and certificate data¶
PRH is using
dcaeidentity when certificate-based authentication is turned on.
It’s the DCAEGEN2 responsibility to generate certificate for dcae identity and provide it to the collector.
PRH by default expects that the volume
tls-infois being mounted under path
It’s the component/collector responsibility to provide necessary inputs in Cloudify blueprint to get the volume mounted.
See TLS Support for detailed information.
PRH is using four files from
tls-infoDCAE volume (
cert.jks, jks.pass, trust.jks, trust.pass).
Refer configuration for proper security attributes settings.
IMPORTANT Even when certificate-based authentication security features are disabled,
still all security settings needs to be provided in configuration to make PRH service start smoothly.
Security attributes values are not validated in this case, and can point to non-existent data.