Mindbreeze GmbH, A-4020 Linz, 2017.
All rights reserved. All hardware and software names used are registered trade names and/or registered trademarks of the respective manufacturers.
These documents are highly confidential. No rights to our software or our professional services, or results of our professional services, or other protected rights can be based on the handing over and presentation of these documents. Distribution, publication or duplication is not permitted.
For using trusted peer authentication on the Mindbreeze Search Appliance two certificates are needed: a trusted CA certificate for validating the client certificates and a trusted X509 client certificate. The latter is used for forwarding the search request internally from the Mindbreeze Client Services to the Query Services. This second certificate must be signed with the trusted CA certificate.
The certificates can be installed using the Mindbreeze Configuration Interface. After the installation trusted peer authentication has to be enabled on the involved Mindbreeze Services.
The Certificates have already been generated when the Appliance was first configured.
In addition to the CA-Certificate an trusted client certificate has also been generated. It is available in the file trusted.p12 in the folder /opt/mindbreeze/setup/certificates/TrustedPeer and can be downloaded using the file manager of the managementcenter
The certificates are already configured and can viewed in the sections “Available CAs“ and “Available SSL Certificates“
All Query Services automatically accept lient certificate based authentication. For the Client Services this must be manually enabled by following steps:
Header, Request: The identity is extracted from the header and as a fallback from the request if it is not set in the header.
Request, Header: The identity is extracted from the request and as a fallback from the header if it is not set in the request.
Header: The identity is extracted from the request.
Request: The identity is extracted from the header.
Trusted peer authentication can be used to delegate user credentials to the client service.
This requires a matching trusted client certificate (see above). The identity has to be passed inside the HTTP header using the field “X-Auth-User”.
For trusted peer based authentication a custom CA certificate and a client certificate can be used as well. The client certificate must be signed with the CA certificate.
Requirements for the certificates: