Uploaded image for project: 'JS - JobScheduler'
  1. JS - JobScheduler
  2. JS-1592

Agent responds to HTTPS requests with SSL Client Certificate

    XMLWordPrintable

Details

    Description

      Current Situation

      • The Agent can be used with a Proxy product that is preferably operated on the same computer as the Agent and that stores a Proxy Server Certificate. A JobScheduler Master will request and verify the Proxy Server Certificate to secure the HTTPS communication with an Agent.
      • In order to secure both Agent and Master a proposal is available with JS-1563 to have the Master respond to an Agent Proxy SSL Client Certificate request.

      Desired Behavior

      • Considering the fact that with JS-1589 an Agent can be configured to require an access token from any clients accessing the Agent, a simplified handling of Agent SSL Client Certificates is proposed:
        • The Agent will exclusively trust clients that provide an access token.
        • The Agent stores an SSL Client Certificate with its local configuration.
        • The Agents responds to SSL Client Certificate requests as performed e.g. by the Master when using an HTTPS communication.

      Maintainer Notes

      • We tend to prefer JS-1592 and to dismiss JS-1563.
      • The Agent considers a Master sending a valid access token being trustworthy.
      • Feel free to add your comments and votes to this issue.

      Attachments

        Issue Links

          is duplicated by

          Feature - A feature of the product, which has yet to be developed. JS-1628 HTTPS for Universal Agent, command line option -ip-address= replaced

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Released
          relates to

          Feature - A feature of the product, which has yet to be developed. JS-1563 Agent Proxy verifies Master identity by SSL Client Certificate

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Dismissed
          requires

          Feature - A feature of the product, which has yet to be developed. JS-1589 Agent applies token based authentication for REST web service interface

          • Major - Major loss of function.
          • Dismissed
          Wiki Page

          Wiki Page Loading...

          Activity

            People

              jz Joacim Zschimmer
              ap Andreas PĆ¼schel
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: