We implemented an application which is onboarded in the C8Y server : DM (Device Management) application. The end user connects to the tenant-related C8Y server and selects the DM application. The DM application consists of two parts :
- Front end (html, javascript)
- Back end (Java-spring boot which exposes a rest api). The back end communicates with our custom IoT product.
the backend of our DM application is today located in MZ but can be hosted in DMZ.
Issue description :
The front end (javascript) of the DM application cannot communicate with the backend part of the DM application as the client security requirements :
- Does not allow us to set up a http proxy in the DMZ.
- Does not allow us to hard code the rest api user (and pwd) in the javascript
Solution (My suggestion) :
When the end user logs in into the C8Y server, We think C8Y server validates the user which is stored in a C8Y database. We suggests to use the same user credentials(authentication) - which has been used to login in the C8Y portal - to access this rest api. Then, the back end of the DM application needs to validate this rest api user, by this way the DM application can also validate the user by a single login for the whole C8Y application.
To implement this solution:
- We need :
- to get the username/password in the frontend.
- Or we need the authenticated token in the frontend if any.
- We need to know the API that C8Y uses to validate the user from the backend.
- Need support to register this as an micro-service where authentication is taken care by C8Y.
Questions:
- What do you think about the suggestion to solve the issue?
- And also there is one micro-service already registered to the account, so how can we add another micro-service.
- In case if there is no support for multiple micro-services, kindly suggest us an work around to let this DM application run as a second micro-service as this is very critical and an blocker issue for our customer.
