Page tree
Skip to end of metadata
Go to start of metadata

Some cloud based services require requests to be signed using service specific signature algorithms. The CLIENT process supports automatic request signing for a number of services. To enable request signing, the application developer configures an authentication configuration file which defines the configuration parameters. Configuration parameters may also be supplied in the request itself and may be configured in the API Editor.

The Authentication Configuration File

The authentication config file, or auth config, uses the same format described in the section Configuration File Format. The section name is auth. The auth section always contains the method param indicating the auth method, followed by method specific auth params. The location of the configuration file is then supplied to the CLIENT process using the --auth startup option. Changes to the auth config file may be monitored using the --monitor option.

An example auth config file for Amazon Web Services Signature Version 4 is shown below:

[auth]
Method=aws-signature-v4
AccessKeyId=AKID8D8WDF88E8F8E8FA
SecretAccessKey=yavFGsdfjoielskdfjieaiehihjoiij5Dfq9i5qD

An example of the startup options required to use the auth config file is shown below:

tacl>run CLIENT --api $vol.subvol.awsapi &
--base-url https://s3.us-east-1.amazonaws.com &
--log $vol.subvol.awslog &
--auth $vol.subvol.awsauth &
--monitor auth:30

Service Specific Auth File Options

The following signing methods are currently supported with new methods to be added in future releases. If your application requires a signing method not listed here, please visit the Support Center and open a ticket.

Note that parameter names in the auth config are not case sensitive.

Amazon Web Services Signature V4

This method can be used with any AWS service that requires signature version 4.

Param NameParam Value
method

aws-signature-v4

AccessKeyIdAn AWS access key ID
SecretAccessKey

The secret access key associated with the Access Key ID

SessionTokenThe session token associated with the AWS access key ID. This param is optional, but required if the AccessKeyId and SecretAccessKey were obtained from the AWS Security Token Service (STS). If omitted, no SessionToken value is used.
RegionThe AWS region for the request. This param is optional and if omitted, is derived from the base URL.
ServiceThe AWS service for the request. This param is optional and if omitted, is derived from the base URL.
ClockCorrectionIn the event that the system time is incorrect, this param may be used to adjust the current time used by the signature algorithm. The value is specified in number of seconds, + or -, to adjust the time used by the signature algorithm to the correct time. This param is optional and if omitted, the current system time is used. This option should only be used in exceptional cases in which the system clock cannot be synchronized to real world time.

Azure Event Hub

This method can be used with the Azure Event Hub

Param NameParam Value
method

azure-event-hub

SharedAccessKeyNameThe shared access key name of an appropriate access policy
SecretAccessKeyThe secret access key of the access policy.
TokenTTLThe length of time the token should be valid, in seconds. This param is optional and if omitted, defauts to 60 seconds.
ResourceURIThe resource URI to use when creating the Azure signature. This parameter is optional and if omitted, is derived from the request URL.
TokenExpiryAn explicit token expiry time expressed in seconds since Unix Epoch (Jan 1, 1970). If specified, the tokenTTL param is ignored. If omitted, TokenTTL is used to calculate the token expiration time. This param should be used for testing purposes only.
ClockCorrectionIn the event that the system time is incorrect, this param may be used to adjust the current time used by the signature algorithm. The value is specified in number of seconds, + or -, to adjust the time used by the signature algorithm to the correct time. This param is optional and if omitted, the current system time is used. This option should only be used in exceptional cases in which the system clock cannot be synchronized to real world time.


Azure IoT Hub

This method can be used with the Azure IoT Hub

Param NameParam Value
method

azure-iot-hub

SharedAccessKeyNameThe shared access key name of an appropriate access policy
SecretAccessKeyThe secret access key of the access policy.
TokenTTLThe length of time the token should be valid, in seconds. This param is optional and if omitted, defauts to 60 seconds.
ResourceURIThe resource URI to use when creating the Azure signature. This parameter is optional and if omitted, is derived from the request URL.
TokenExpiryAn explicit token expiry time expressed in seconds since Unix Epoch (Jan 1, 1970). If specified, the tokenTTL param is ignored. If omitted, TokenTTL is used to calculate the token expiration time. This param should be used for testing purposes only.
ClockCorrectionIn the event that the system time is incorrect, this param may be used to adjust the current time used by the signature algorithm. The value is specified in number of seconds, + or -, to adjust the time used by the signature algorithm to the correct time. This param is optional and if omitted, the current system time is used. This option should only be used in exceptional cases in which the system clock cannot be synchronized to real world time.

CyberSource HTTP Signature Authentication

This method can be used with the CyberSource REST API.

Param NameParam Value
method

cybersource-http

MerchantIdThe CyberSource Merchant ID.
MerchantKeyID

A CyberSource API key ID.

MerchantSecretKeyThe shared secret key associated with the MerchantKeyID.

Generic Authorization Header with Token

This method allows an arbitray HTTP header name, value pair to be supplied as an authentication method. This method can be used for custom authentication methods or for standard authentication methods such as OAuth 2 Bearer tokens.

Param NameParam Value
method

auth-token

HeaderThe name of the HTTP header.
TokenThe value of the HTTP header.
  • No labels


LightWave Client 1.1.2