1 / 8

Control System Studio Training - Authentication, Authorization

Control System Studio Training - Authentication, Authorization. Kay Kasemir ORNL/SNS kasemirk@ornl.gov 2011, October 17-21 at CEA Saclay, France. Example: Alarm System. !. Only authorized users can change the configuration. . . Auth & Auth. Authentication : Confirm a user's identity

kyle
Download Presentation

Control System Studio Training - Authentication, Authorization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Control System Studio Training-Authentication,Authorization Kay Kasemir ORNL/SNS kasemirk@ornl.gov 2011, October 17-21 at CEA Saclay, France

  2. Example: Alarm System ! Only authorized users can change the configuration  

  3. Auth & Auth • Authentication: Confirm a user's identity • Check password • Authorization: Is user permitted to do something? • Requires authenticated user • Some database: User “Fred” may configure alarm

  4. Auth & Auth in CSS API: org.csstudio.auth Implementations: • Authentication • org.csstudio.platform.jaasAuthentication • Authorization • org.csstudio.platform.ldapAuthorization • org.csstudio.sns.dummyAuthorization • org.csstudio.sns.ldapAuthorization

  5. Oh, my! Q:Can’t we just ignore this for now? A: No.If you don’t configure auth & auth, nobody can do anything What follows is the simple “anybody can do anything” setup.

  6. Dummy Authentication • Include plugins in CSS product: org.csstudio.platform.jaasAuthenticationorg.csstudio.platform.jaasAuthentication.ui • Configure like this in plugin_customization.ini of CSS product: # Select 'Dummy' JAAS Authenticationorg.csstudio.platform.jaasAuthentication/jaas_config_source=Fileorg.csstudio.platform.jaasAuthentication/jaas_config_file_entry=Dummy Now any user and password will work • Except user name “fail”, which can be used for tests

  7. Dummy Authorization • Include plugin in CSS product: org.csstudio.sns.dummyAuthorization Now any user and password will work • Still needs to log on, though, but any user name and password will be accepted

  8. For Operational Setups • Authentication org.csstudio.platform.jaasAuthentication • Kerberous, LDAP • Authorization org.csstudio.platform.ldapAuthorization org.csstudio.sns.ldapAuthorization • Similar, different LDAP schemata

More Related