Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1547

Add Identity Service for Certificate based Authentication

    XMLWordPrintable

Details

    Description

       Current Situation

      For any identity service it is possible to define the Authentication-Scheme as single-factor or two-factor.

      When single-factor is defined there are two options

      For the identity service types JOC and VAULT-JOC-ACTIVE it is possible to define the single-factor with

      • Password single-factor
      • Certificate single-factor

      When second-factor is defined then the second factor always is "certificate".

      Desired Behavior

      For any identity service it is possible to define the Authentication-Scheme as single-factor or two-factor.

      When single-factor is defined for JOC and VAULT-JOC-ACTIVE it is always

      • Password single-factor

      A new identity service "certificate" will be introduced.
      The identity service will have the attribute "isSecondFactor=true|false".

      When isSecondFactor=true then this identity service can be used as a second factor in other identity services.

      When isSecondFactor=false then this identity service can be used as a first factor. This means it is sufficient to login with the certificate.
      (Was single-factor + Certificate single-factor=true)

      When second-factor is defined in any identity service the second factor can be selected from a list of all identity services with the type "certificate" that have the attribute isSecondFactor=true.
      (Was implicite choosen by the identity services).

      Attachments

        Issue Links

          Activity

            People

              ur Uwe Risse
              ur Uwe Risse
              Ajay Kumbhkar Ajay Kumbhkar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: