About Security and Authentication
For security purposes, Historian uses the User Account and Authentication (UAA) service as a trusted source of tokens issued for authentication. The UAA is a multi-tenant identity management service, used in Cloud Foundry, but also available as a standalone OAuth2 server. Its primary role is as an OAuth2 provider, issuing tokens for client applications to use when they act on behalf of Cloud Foundry users. It can also authenticate users with Cloud Foundry credentials, and can act as an SSO service using those credentials, or others. It contains endpoints for managing user accounts, registering OAuth2 clients, and other management functions.
The following diagram shows how the UAA Server functions with a Python REST client:
Authorization
For exchanging data between the client-server system, user authentication is required. Once you have provided your client credentials, an access or bearer token is generated. This token is used for the REST APIs.
cURL command format for generating an oauth token for clients: curl -u
<client ID>:<client secret>
https://<node name>:8443/uaa/oauth/token -d
'grant_type=client_credentials'
curl -u server1.admin:adminsecret https://server1:8443/uaa/oauth/token -d
'grant_type=client_credentials'cURL command format for generating an oauth token for UAA users: curl
-d
"client_id=<value>&client_secret=<value>&grant_type=password&username=<value>&password=<value>&token_format=opaque&response_type=token"
https://<node name>:8080/uaa/oauth/token
curl -d
"client_id=server1.admin&client_secret=adminsecret&grant_type=password&username=user1&password=pwd123&token_format=opaque&response_type=token"
https://server1:8080/uaa/oauth/tokenIn the following image, the actual token text is blurred for security concerns.
Client applications can access data using service REST API endpoints. Your application makes an HTTP request and parses the response. You can use any web-development language to access the APIs.