auth

Authentication

The provisioning system uses mTLS to authenticate endpoints and to encrypt all data exchanged between clients and servers.

In addition, a token based authentication layer is implemented to authenticate client requests at the call level. The provisioning system manages credentials mapping allowed service calls to SKU/client credentials. Such credentials will be provided by ATE clients.

References

gRPC Authentication Guide. The system is currently configured to use SSL/TLS with client side authentication. This is sometimes referred to as mTLS. CompositeChannelCredentials are used to integrate Call Credentials with Channel Credentials.

Developer Notes

Endpoint Certificates

The following command generates keys and certificates for all endpoints. The SubjectAltName is set to localhost. All clients should connect using this address. See the script implementation for more details.

config/certs/gen_certs.sh

Note: At the moment, all client and services share the same root certificate. Calling the gen_certs.sh script requires restarting all the servers and clients.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

auth

Authentication

References

Developer Notes

Endpoint Certificates

Read More

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

📚 Documentation

⚙️ Infrastructure

🚀 Resources

Clone this wiki locally