Authentication and Authorization

Authentication in FTL is enabled by specifying one or more authentication providers through the auth.providers field of the FTL server yaml configuration. For the configuration reference, see the FTL Server Configuration Parameters and For more details, see Authentication

When auth.providers is set, authentication is required for the following interfaces:

Realm connections made through the FTL client API.
The FTL server user interface.
The FTL server REST API.

FTL offers optional features in addition to the above. To enable authentication for these features, do the following:

Peer-to-peer FTL transports: Ensure that all transports used for direct communication between FTL clients are secure. Use transport protocol Secure Dynamic TCP or Secure Static TCP. For more information, see Transports Grid

Note: TLS with FTL-generated certificates is required for secure peer-to-peer transports. For more information, see Enabling TLS for FTL Server

Transport bridges: Follow the steps for securing peer-to-peer FTL transports.
Persistence services: All transports used by the persistence cluster must use transport protocol Secure Dynamic TCP Secure Static TCP, or Secure Auto. TLS is optional.
Group service: All group service transports must use protocol Secure Auto or Secure Dynamic TCP.
Eftl channels: Ensure that all transports used by the eftl cluster use protocol "Secure Auto" or "Secure Dynamic TCP". Ensure that authentication is enabled for the eftl cluster. See "eFTL Clusters Grid", in eftl administration].

In addition to successfully authenticating, users must belong to specific authorization groups (or roles) to access these interfaces. For more details, see FTL Server Authorization Groups.

Administrators may optionally configure fine-grained permissions for the following features:

Persistence services: See Authorization
Eftl channels: See client Authentication and Authorization in eftl administration

Did you find this helpful?

Yes No