Uploaded image for project: 'JS - JobScheduler'
  1. JS - JobScheduler
  2. JS-1563

Agent Proxy verifies Master identity by SSL Client Certificate




      Current Situation

      • The JobScheduler Master can be configured to use Secure HTTPS Communication with a Proxy.
        • This includes the Master to check the validity of the Proxy Server Certificate.
      • The JobScheduler Agent can be configured to listen exclusively to connections from the localhost that are established by a Proxy that is installed side-by-side with the Agent.
        • Agent configuration: ./jobscheduler_agent.sh start -ip-address=localhost

      Desired Behavior

      • The Proxy can be configured to check a Masters' SSL Client Certificate.
        • Any Proxy product can be used.
        • The JobScheduler Master responds to a Proxy SSL Client Certificate request by providing its SSL Client Certificate
        • The JobScheduler Master implements a separate operating system process (Certificate Server) that runs in a different account to acess and to serve the Master SSL Client Certificate.
          • The JobScheduler Master stores its SSL Client Certificate in a directory that is accessible by the Certificate Server only and not by the Master.
          • This solution does not make use of the Java Certificate Store or directories that are accessible to the Master as such locations would be accessible by jobs running on the Master and that could read the Master SSL Client Certificate.
          • The Masters' SSL Client Certificate location is configured with ./config/scheduler.xml by the attribute <config client_certificate="..."/>


      • Use of HTTP Communication between Master and Agent does not allow to verify the identity of the Agent host or Master host.
      • Improved security is provided for HTTPS Communication only.

      Maintainer Notes

      • We tend to prefer JS-1592 and to dismiss JS-1563.
        • This feature JS-1563 implements a secure solution for access to SSL Client Certificates, however, it increases complexity by an additional Certificate Server process that has to be started, stopped and maintained.
        • A straightforward solution is proposed with JS-1589 and JS-1592 that enforces access tokens to be provided by a Master and that leaves an acceptable risk - mainly due to possible misconfiguration - that an Agent can trust a Master instance. In addition, no separate Proxy product is required.
      • Feel free to add your comments and votes to this issue


        Issue Links



              sos_engine_team TeamEngine
              ap Andreas PĆ¼schel
              0 Vote for this issue
              2 Start watching this issue