blob: 140132adc473661128705d47208cc22034d334cc [file] [log] [blame]
<!DOCTYPE html>
<html lang="stable" class="js csstransforms3d">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="Hugo 0.81.0" />
<meta name="description" content="A set of micro-services for connecting millions of devices.">
<meta name="author" content="The Eclipse Hono Project">
<link rel="apple-touch-icon" sizes="180x180" href="/hono/docs/favicon/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="48x48" href="/hono/docs/favicon/favicon-48x48.png">
<link rel="icon" type="image/png" sizes="32x32" href="/hono/docs/favicon/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/hono/docs/favicon/favicon-16x16.png">
<link rel="manifest" href="/hono/docs/favicon/site.webmanifest">
<link rel="mask-icon" href="/hono/docs/favicon/safari-pinned-tab.svg" color="#5bbad5">
<link rel="shortcut icon" href="/hono/docs/favicon/favicon.ico">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="msapplication-config" content="/hono/docs/favicon/browserconfig.xml">
<meta name="theme-color" content="#ffffff">
<title>Auth Server Configuration :: Eclipse Hono&trade;</title>
<link href="/hono/docs/css/nucleus.css?1618794679" rel="stylesheet">
<link href="/hono/docs/css/fontawesome-all.min.css?1618794679" rel="stylesheet">
<link href="/hono/docs/css/hybrid.css?1618794679" rel="stylesheet">
<link href="/hono/docs/css/featherlight.min.css?1618794679" rel="stylesheet">
<link href="/hono/docs/css/perfect-scrollbar.min.css?1618794679" rel="stylesheet">
<link href="/hono/docs/css/auto-complete.css?1618794679" rel="stylesheet">
<link href="/hono/docs/css/atom-one-dark-reasonable.css?1618794679" rel="stylesheet">
<link href="/hono/docs/css/theme.css?1618794679" rel="stylesheet">
<link href="/hono/docs/css/hugo-theme.css?1618794679" rel="stylesheet">
<link href="/hono/docs/css/theme-hono.css?1618794679" rel="stylesheet">
<link href="/hono/docs/css/hono.css?1618794679" rel="stylesheet">
<script src="/hono/docs/js/jquery-3.3.1.min.js?1618794679"></script>
<style>
:root #header + #content > #left > #rlblock_left{
display:none !important;
}
:not(pre) > code + span.copy-to-clipboard {
display: none;
}
</style>
<link rel="stylesheet" href="https://www.eclipse.org/eclipse.org-common/themes/solstice/public/stylesheets/vendor/cookieconsent/cookieconsent.min.css">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:site" content="@EclipseHono">
<meta name="twitter:title" content="Auth Server Configuration :: Eclipse Hono&amp;trade;">
<meta name="twitter:image" content="https://www.eclipse.org/hono/docs/images/twitter_image.png">
<meta name="twitter:description" content="A set of micro-services for connecting millions of devices.">
<meta property="og:title" content="Auth Server Configuration :: Eclipse Hono&amp;trade;" />
<meta property="og:type" content="website" />
<meta property="og:url" content="https://www.eclipse.org/hono/docs/admin-guide/auth-server-config//" />
<meta property="og:image" content="https://www.eclipse.org/hono/docs/images/twitter_image.png" />
</head>
<body class="" data-url="/hono/docs/admin-guide/auth-server-config/">
<nav id="sidebar" class="">
<div id="header-wrapper">
<div id="header">
<a href="https://www.eclipse.org/hono/">
<img src="/hono/docs/images/HONO-Logo_Bild-Wort_quer-w-310x120px.svg" alt="Hono logo" class="logo-img">
</a>
</div>
<div class="searchbox">
<label for="search-by"><i class="fas fa-search"></i></label>
<input data-search-input id="search-by" type="search" placeholder="Search...">
<span data-search-clear=""><i class="fas fa-times"></i></span>
</div>
<script type="text/javascript" src="/hono/docs/js/lunr.min.js?1618794679"></script>
<script type="text/javascript" src="/hono/docs/js/auto-complete.js?1618794679"></script>
<script type="text/javascript">
var baseurl = "https:\/\/www.eclipse.org\/hono\/docs\/";
</script>
<script type="text/javascript" src="/hono/docs/js/search.js?1618794679"></script>
</div>
<div class="highlightable">
<ul class="topics">
<li data-nav-id="/hono/docs/concepts/" title="Concepts" class="dd-item
">
<a href="/hono/docs/concepts/">
<i class="far fa-lightbulb"></i> Concepts
</a>
<ul>
<li data-nav-id="/hono/docs/concepts/device-identity/" title="Device Identity" class="dd-item ">
<a href="/hono/docs/concepts/device-identity/">
Device Identity
</a>
</li>
<li data-nav-id="/hono/docs/concepts/tenancy/" title="Multi-Tenancy" class="dd-item ">
<a href="/hono/docs/concepts/tenancy/">
Multi-Tenancy
</a>
</li>
<li data-nav-id="/hono/docs/concepts/device-provisioning/" title="Device Provisioning" class="dd-item ">
<a href="/hono/docs/concepts/device-provisioning/">
Device Provisioning
</a>
</li>
<li data-nav-id="/hono/docs/concepts/connecting-devices/" title="Connecting Devices" class="dd-item ">
<a href="/hono/docs/concepts/connecting-devices/">
Connecting Devices
</a>
</li>
<li data-nav-id="/hono/docs/concepts/device-notifications/" title="Device Notifications" class="dd-item ">
<a href="/hono/docs/concepts/device-notifications/">
Device Notifications
</a>
</li>
<li data-nav-id="/hono/docs/concepts/command-and-control/" title="Command &amp; Control" class="dd-item ">
<a href="/hono/docs/concepts/command-and-control/">
Command &amp; Control
</a>
</li>
<li data-nav-id="/hono/docs/concepts/resource-limits/" title="Resource limits" class="dd-item ">
<a href="/hono/docs/concepts/resource-limits/">
Resource limits
</a>
</li>
<li data-nav-id="/hono/docs/concepts/connection-events/" title="Connection Events" class="dd-item ">
<a href="/hono/docs/concepts/connection-events/">
Connection Events
</a>
</li>
</ul>
</li>
<li data-nav-id="/hono/docs/user-guide/" title="User Guide" class="dd-item
">
<a href="/hono/docs/user-guide/">
<i class="fas fa-book-reader"></i> User Guide
</a>
<ul>
<li data-nav-id="/hono/docs/user-guide/mongodb-based-device-registry/" title="MongoDB Based Device Registry" class="dd-item ">
<a href="/hono/docs/user-guide/mongodb-based-device-registry/">
MongoDB Based Device Registry
</a>
</li>
<li data-nav-id="/hono/docs/user-guide/jdbc-based-device-registry/" title="JDBC Based Device Registry" class="dd-item ">
<a href="/hono/docs/user-guide/jdbc-based-device-registry/">
JDBC Based Device Registry
</a>
</li>
<li data-nav-id="/hono/docs/user-guide/file-based-device-registry/" title="File Based Device Registry" class="dd-item ">
<a href="/hono/docs/user-guide/file-based-device-registry/">
File Based Device Registry
</a>
</li>
<li data-nav-id="/hono/docs/user-guide/http-adapter/" title="HTTP Adapter" class="dd-item ">
<a href="/hono/docs/user-guide/http-adapter/">
HTTP Adapter
</a>
</li>
<li data-nav-id="/hono/docs/user-guide/mqtt-adapter/" title="MQTT Adapter" class="dd-item ">
<a href="/hono/docs/user-guide/mqtt-adapter/">
MQTT Adapter
</a>
</li>
<li data-nav-id="/hono/docs/user-guide/amqp-adapter/" title="AMQP Adapter" class="dd-item ">
<a href="/hono/docs/user-guide/amqp-adapter/">
AMQP Adapter
</a>
</li>
<li data-nav-id="/hono/docs/user-guide/coap-adapter/" title="CoAP Adapter" class="dd-item ">
<a href="/hono/docs/user-guide/coap-adapter/">
CoAP Adapter
</a>
</li>
<li data-nav-id="/hono/docs/user-guide/kura-adapter/" title="Kura Adapter" class="dd-item ">
<a href="/hono/docs/user-guide/kura-adapter/">
Kura Adapter
</a>
</li>
<li data-nav-id="/hono/docs/user-guide/sigfox-adapter/" title="Sigfox Adapter" class="dd-item ">
<a href="/hono/docs/user-guide/sigfox-adapter/">
Sigfox Adapter
</a>
</li>
</ul>
</li>
<li data-nav-id="/hono/docs/admin-guide/" title="Admin Guide" class="dd-item
parent
">
<a href="/hono/docs/admin-guide/">
<i class="fas fa-sliders-h"></i> Admin Guide
</a>
<ul>
<li data-nav-id="/hono/docs/admin-guide/common-config/" title="Common Configuration" class="dd-item ">
<a href="/hono/docs/admin-guide/common-config/">
Common Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/auth-server-config/" title="Auth Server Configuration" class="dd-item active">
<a href="/hono/docs/admin-guide/auth-server-config/">
Auth Server Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/mongodb-device-registry-config/" title="MongoDB Based Device Registry Configuration" class="dd-item ">
<a href="/hono/docs/admin-guide/mongodb-device-registry-config/">
MongoDB Based Device Registry Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/jdbc-device-registry-config/" title="JDBC Based Device Registry Configuration" class="dd-item ">
<a href="/hono/docs/admin-guide/jdbc-device-registry-config/">
JDBC Based Device Registry Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/file-based-device-registry-config/" title="File Based Device Registry Configuration" class="dd-item ">
<a href="/hono/docs/admin-guide/file-based-device-registry-config/">
File Based Device Registry Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/command-router-config/" title="Configuring the Command Router Service" class="dd-item ">
<a href="/hono/docs/admin-guide/command-router-config/">
Command Router Service Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/device-connection-config/" title="Configuring the Device Connection Service" class="dd-item ">
<a href="/hono/docs/admin-guide/device-connection-config/">
Device Connection Service Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/http-adapter-config/" title="HTTP Adapter Configuration" class="dd-item ">
<a href="/hono/docs/admin-guide/http-adapter-config/">
HTTP Adapter Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/mqtt-adapter-config/" title="MQTT Adapter Configuration" class="dd-item ">
<a href="/hono/docs/admin-guide/mqtt-adapter-config/">
MQTT Adapter Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/amqp-adapter-config/" title="AMQP Adapter Configuration" class="dd-item ">
<a href="/hono/docs/admin-guide/amqp-adapter-config/">
AMQP Adapter Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/coap-adapter-config/" title="CoAP Adapter Configuration" class="dd-item ">
<a href="/hono/docs/admin-guide/coap-adapter-config/">
CoAP Adapter Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/kura-adapter-config/" title="Kura Adapter Configuration" class="dd-item ">
<a href="/hono/docs/admin-guide/kura-adapter-config/">
Kura Adapter Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/hono-client-configuration/" title="Hono Client Configuration" class="dd-item ">
<a href="/hono/docs/admin-guide/hono-client-configuration/">
Hono Client Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/hono-kafka-client-configuration/" title="Hono Kafka Client Configuration" class="dd-item ">
<a href="/hono/docs/admin-guide/hono-kafka-client-configuration/">
Hono Kafka Client Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/amqp-network-config/" title="AMQP 1.0 Messaging Network Configuration" class="dd-item ">
<a href="/hono/docs/admin-guide/amqp-network-config/">
AMQP 1.0 Messaging Network Configuration
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/secure_communication/" title="Secure Communication" class="dd-item ">
<a href="/hono/docs/admin-guide/secure_communication/">
Secure Communication
</a>
</li>
<li data-nav-id="/hono/docs/admin-guide/monitoring-tracing-config/" title="Monitoring &amp; Tracing" class="dd-item ">
<a href="/hono/docs/admin-guide/monitoring-tracing-config/">
Monitoring &amp; Tracing
</a>
</li>
</ul>
</li>
<li data-nav-id="/hono/docs/dev-guide/" title="Developer Guide" class="dd-item
">
<a href="/hono/docs/dev-guide/">
<i class="fas fa-tools"></i> Developer Guide
</a>
<ul>
<li data-nav-id="/hono/docs/dev-guide/building_hono/" title="Building from Source" class="dd-item ">
<a href="/hono/docs/dev-guide/building_hono/">
Building from Source
</a>
</li>
<li data-nav-id="/hono/docs/dev-guide/amqp_adapter_client/" title="AMQP Adapter Client for Java" class="dd-item ">
<a href="/hono/docs/dev-guide/amqp_adapter_client/">
AMQP Adapter Client for Java
</a>
</li>
<li data-nav-id="/hono/docs/dev-guide/java_client_consumer/" title="Consuming Messages from Java" class="dd-item ">
<a href="/hono/docs/dev-guide/java_client_consumer/">
Consuming Messages from Java
</a>
</li>
<li data-nav-id="/hono/docs/dev-guide/custom_http_adapter/" title="Implement a Custom Hono HTTP Protocol Adapter" class="dd-item ">
<a href="/hono/docs/dev-guide/custom_http_adapter/">
Implement a Custom Hono HTTP Protocol Adapter
</a>
</li>
</ul>
</li>
<li data-nav-id="/hono/docs/api/" title="API" class="dd-item
">
<a href="/hono/docs/api/">
&nbsp;<i class='fas fa-plug'></i>&nbsp;API
</a>
<ul>
<li data-nav-id="/hono/docs/api/telemetry/" title="Telemetry API Specification" class="dd-item ">
<a href="/hono/docs/api/telemetry/">
Telemetry API
</a>
</li>
<li data-nav-id="/hono/docs/api/event/" title="Event API Specification" class="dd-item ">
<a href="/hono/docs/api/event/">
Event API
</a>
</li>
<li data-nav-id="/hono/docs/api/command-and-control/" title="Command &amp; Control API Specification" class="dd-item ">
<a href="/hono/docs/api/command-and-control/">
Command &amp; Control API
</a>
</li>
<li data-nav-id="/hono/docs/api/kafka-api/" title="Kafka-based APIs" class="dd-item ">
<a href="/hono/docs/api/kafka-api/">
Kafka-based APIs
</a>
</li>
<li data-nav-id="/hono/docs/api/telemetry-kafka/" title="Telemetry API for Kafka Specification" class="dd-item ">
<a href="/hono/docs/api/telemetry-kafka/">
Telemetry API for Kafka
</a>
</li>
<li data-nav-id="/hono/docs/api/event-kafka/" title="Event API for Kafka Specification" class="dd-item ">
<a href="/hono/docs/api/event-kafka/">
Event API for Kafka
</a>
</li>
<li data-nav-id="/hono/docs/api/command-and-control-kafka/" title="Command &amp; Control API for Kafka Specification" class="dd-item ">
<a href="/hono/docs/api/command-and-control-kafka/">
Command &amp; Control API for Kafka
</a>
</li>
<li data-nav-id="/hono/docs/api/tenant/" title="Tenant API Specification" class="dd-item ">
<a href="/hono/docs/api/tenant/">
Tenant API
</a>
</li>
<li data-nav-id="/hono/docs/api/command-router/" title="Command Router API Specification" class="dd-item ">
<a href="/hono/docs/api/command-router/">
Command Router API
</a>
</li>
<li data-nav-id="/hono/docs/api/device-connection/" title="Device Connection API Specification" class="dd-item ">
<a href="/hono/docs/api/device-connection/">
Device Connection API
</a>
</li>
<li data-nav-id="/hono/docs/api/device-registration/" title="Device Registration API Specification" class="dd-item ">
<a href="/hono/docs/api/device-registration/">
Device Registration API
</a>
</li>
<li data-nav-id="/hono/docs/api/credentials/" title="Credentials API Specification" class="dd-item ">
<a href="/hono/docs/api/credentials/">
Credentials API
</a>
</li>
<li data-nav-id="/hono/docs/api/authentication/" title="Authentication API Specification" class="dd-item ">
<a href="/hono/docs/api/authentication/">
Authentication API
</a>
</li>
<li data-nav-id="/hono/docs/api/management/" title="Device Registry Management API Specification" class="dd-item ">
<a href="/hono/docs/api/management/">
Device Registry Management API
</a>
</li>
<li data-nav-id="/hono/docs/api/metrics/" title="Metrics" class="dd-item ">
<a href="/hono/docs/api/metrics/">
Metrics
</a>
</li>
</ul>
</li>
<li data-nav-id="/hono/docs/deployment/" title="Deployment" class="dd-item
">
<a href="/hono/docs/deployment/">
<i class="fas fa-shipping-fast"></i> Deployment
</a>
<ul>
<li data-nav-id="/hono/docs/deployment/helm-based-deployment/" title="Helm based Deployment" class="dd-item ">
<a href="/hono/docs/deployment/helm-based-deployment/">
Helm based Deployment
</a>
</li>
<li data-nav-id="/hono/docs/deployment/openshift/" title="OpenShift / OKD" class="dd-item ">
<a href="/hono/docs/deployment/openshift/">
OpenShift / OKD
</a>
</li>
<li data-nav-id="/hono/docs/deployment/create-kubernetes-cluster/" title="Setting up a Kubernetes Cluster" class="dd-item ">
<a href="/hono/docs/deployment/create-kubernetes-cluster/">
Setting up a Kubernetes Cluster
</a>
</li>
<li data-nav-id="/hono/docs/deployment/resource-limitation/" title="Limiting Resource Usage" class="dd-item ">
<a href="/hono/docs/deployment/resource-limitation/">
Limiting Resource Usage
</a>
</li>
</ul>
</li>
<li data-nav-id="/hono/docs/architecture/" title="Architecture" class="dd-item
">
<a href="/hono/docs/architecture/">
<i class="fas fa-landmark"></i> Architecture
</a>
<ul>
<li data-nav-id="/hono/docs/architecture/component-view/" title="Component View" class="dd-item ">
<a href="/hono/docs/architecture/component-view/">
Component View
</a>
</li>
<li data-nav-id="/hono/docs/architecture/auth/" title="Authentication/Authorization" class="dd-item ">
<a href="/hono/docs/architecture/auth/">
Authentication/Authorization
</a>
</li>
</ul>
</li>
</ul>
<section id="shortcuts">
<h3></h3>
<ul>
<li>
<a class="padding" href="https://www.eclipse.org/hono/" title="Hono&#39;s Homepage"><i class='fas fa-home'></i> Hono Home</a>
</li>
<li>
<a class="padding" href="https://www.eclipse.org/hono/getting-started/" title="Getting started with Eclipse Hono"><i class='fas fa-plane-departure'></i> Getting Started</a>
</li>
</ul>
</section>
<section id="prefooter">
<hr/>
<ul>
<li>
<div id="select-box-wrapper">
<div id="select-box">
<a class="padding">
Version:&nbsp;
<div class="select-style">
<select id="select-language" onchange="location = this.value;">
<option id="stable" value="https://www.eclipse.org/hono/docs/admin-guide/auth-server-config/" selected>stable (1.7)</option>
<option id="1.7" value="https://www.eclipse.org/hono/docs/1.7/admin-guide/auth-server-config/">1.7</option>
<option id="1.6" value="https://www.eclipse.org/hono/docs/1.6/admin-guide/auth-server-config/">1.6</option>
<option id="1.5" value="https://www.eclipse.org/hono/docs/1.5/admin-guide/auth-server-config/">1.5</option>
<option id="1.4" value="https://www.eclipse.org/hono/docs/1.4/admin-guide/auth-server-config/">1.4</option>
<option id="1.3" value="https://www.eclipse.org/hono/docs/1.3/admin-guide/auth-server-config/">1.3</option>
<option id="1.2" value="https://www.eclipse.org/hono/docs/1.2/admin-guide/auth-server-config/">1.2</option>
<option id="1.1" value="https://www.eclipse.org/hono/docs/1.1/admin-guide/auth-server-config/">1.1</option>
<option id="1.0" value="https://www.eclipse.org/hono/docs/1.0/admin-guide/auth-server-config/">1.0</option>
<option id="dev" value="https://www.eclipse.org/hono/docs/dev/admin-guide/auth-server-config/">dev</option>
</select>
<svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="255px" height="255px" viewBox="0 0 255 255" style="enable-background:new 0 0 255 255;" xml:space="preserve">
<g>
<g id="arrow-drop-down">
<polygon points="0,63.75 127.5,191.25 255,63.75 " />
</g>
</g>
</svg>
</div>
</a>
</div>
</div>
</li>
</ul>
</section>
<section id="footer">
<p>&copy; 2021 <a href="https://www.eclipse.org/hono/">The Eclipse Hono Project</a></p>
<p>
Documentation built with
<a href="https://gohugo.io/" target="_blank">Hugo</a>
using the
<a href="https://github.com/matcornic/hugo-theme-learn" target="_blank">Learn</a> theme.
</p>
<div class="eclipse-logo">
<a href="https://www.eclipse.org" target="_blank">
<img src="https://www.eclipse.org/hono/docs/images/eclipse_foundation_logo.svg"/>
</a>
</div>
</section>
</div>
</nav>
<section id="body">
<div id="overlay"></div>
<div class="padding highlightable">
<div>
<div id="top-bar">
<div id="top-github-link">
<a class="github-link" title='Edit this page' href="https://github.com/eclipse/hono/edit/master/site/documentation/content/admin-guide/auth-server-config.md" target="blank">
<i class="fas fa-code-branch"></i>
<span id="top-github-link-text">Edit this page</span>
</a>
</div>
<div id="breadcrumbs" itemscope="" itemtype="http://data-vocabulary.org/Breadcrumb">
<span id="sidebar-toggle-span">
<a href="#" id="sidebar-toggle" data-sidebar-toggle="">
<i class="fas fa-bars"></i>
</a>
</span>
<span id="toc-menu"><i class="fas fa-list-alt"></i></span>
<span class="links">
<a href='/hono/docs/'>Documentation</a> > <a href='/hono/docs/admin-guide/'>Admin Guide</a> > Auth Server Configuration
</span>
</div>
<div class="progress">
<div class="wrapper">
<nav id="TableOfContents">
<ul>
<li><a href="#service-configuration">Service Configuration</a></li>
<li><a href="#port-configuration">Port Configuration</a>
<ul>
<li><a href="#secure-port-only">Secure Port Only</a></li>
<li><a href="#insecure-port-only">Insecure Port Only</a></li>
<li><a href="#dual-port">Dual Port</a></li>
<li><a href="#ephemeral-ports">Ephemeral Ports</a></li>
</ul>
</li>
<li><a href="#metrics-configuration">Metrics Configuration</a></li>
</ul>
</nav>
</div>
</div>
</div>
</div>
<div id="head-tags">
</div>
<div id="body-inner">
<h1>
Auth Server Configuration
</h1>
<p>The Auth Server component exposes a service endpoint implementing Eclipse Honoâ„¢&rsquo;s <a href="/hono/docs/api/authentication/">Authentication</a> API. Other services use this component for authenticating clients and retrieving a token asserting the client&rsquo;s identity and corresponding authorities.</p>
<p>This component serves as a default implementation of the <em>Authentication</em> API only. On startup, it reads in all identities and their authorities from a JSON file from the file system. All data is then kept in memory and there are no remote service APIs for managing the identities and their authorities.</p>
<p>The Auth Server is implemented as a Spring Boot application. It can be run either directly from the command line or by means of starting the corresponding <a href="https://hub.docker.com/r/eclipse/hono-service-auth/">Docker image</a> created from it.</p>
<h2 id="service-configuration">Service Configuration</h2>
<p>In addition to the following options, this component supports the options described in <a href="/hono/docs/admin-guide/common-config/">Common Configuration</a>.</p>
<p>The server can be configured by means of environment variables or corresponding command line options.
The following table provides an overview of the configuration variables and corresponding command line options that the server supports:</p>
<table>
<thead>
<tr>
<th style="text-align:left">Environment Variable<br>Command Line Option</th>
<th style="text-align:center">Mandatory</th>
<th style="text-align:left">Default</th>
<th style="text-align:left">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align:left"><code>HONO_APP_MAX_INSTANCES</code><br><code>--hono.app.maxInstances</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left"><em>#CPU cores</em></td>
<td style="text-align:left">The number of verticle instances to deploy. If not set, one verticle per processor core is deployed.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_BIND_ADDRESS</code><br><code>--hono.auth.amqp.bindAddress</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left"><code>127.0.0.1</code></td>
<td style="text-align:left">The IP address of the network interface that the secure port should be bound to.<br>See <a href="#port-configuration">Port Configuration</a> below for details.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_CERT_PATH</code><br><code>--hono.auth.amqp.certPath</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left">-</td>
<td style="text-align:left">The absolute path to the PEM file containing the certificate that the server should use for authenticating to clients. This option must be used in conjunction with <code>HONO_AUTH_AMQP_KEY_PATH</code>.<br>Alternatively, the <code>HONO_AUTH_AMQP_KEY_STORE_PATH</code> option can be used to configure a key store containing both the key as well as the certificate.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_INSECURE_PORT</code><br><code>--hono.auth.amqp.insecurePort</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left">-</td>
<td style="text-align:left">The insecure port the server should listen on.<br>See <a href="#port-configuration">Port Configuration</a> below for details.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_INSECURE_PORT_BIND_ADDRESS</code><br><code>--hono.auth.amqp.insecurePortBindAddress</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left"><code>127.0.0.1</code></td>
<td style="text-align:left">The IP address of the network interface that the insecure port should be bound to.<br>See <a href="#port-configuration">Port Configuration</a> below for details.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_INSECURE_PORT_ENABLED</code><br><code>--hono.auth.amqp.insecurePortEnabled</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left"><code>false</code></td>
<td style="text-align:left">If set to <code>true</code> the server will open an insecure port (not secured by TLS) using either the port number set via <code>HONO_AUTH_AMQP_INSECURE_PORT</code> or the default AMQP port number (<code>5672</code>) if not set explicitly.<br>See <a href="#port-configuration">Port Configuration</a> below for details.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_KEY_PATH</code><br><code>--hono.auth.amqp.keyPath</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left">-</td>
<td style="text-align:left">The absolute path to the (PKCS8) PEM file containing the private key that the server should use for authenticating to clients. Note that the private key is not protected by a password. You should therefore make sure that the key file can only be read by the user that the server process is running under. This option must be used in conjunction with <code>HONO_AUTH_CERT_PATH</code>.<br>Alternatively, the <code>HONO_AUTH_KEY_STORE_PATH</code> option can be used to configure a key store containing both the key as well as the certificate.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_KEY_STORE_PASSWORD</code><br><code>--hono.auth.amqp.keyStorePassword</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left">-</td>
<td style="text-align:left">The password required to read the contents of the key store.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_KEY_STORE_PATH</code><br><code>--hono.auth.amqp.keyStorePath</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left">-</td>
<td style="text-align:left">The absolute path to the Java key store containing the private key and certificate that the server should use for authenticating to clients. Either this option or the <code>HONO_AUTH_AMQP_KEY_PATH</code> and <code>HONO_AUTH_AMQP_CERT_PATH</code> options need to be set in order to enable TLS secured connections with clients. The key store format can be either <code>JKS</code> or <code>PKCS12</code> indicated by a <code>.jks</code> or <code>.p12</code> file suffix respectively.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_NATIVE_TLS_REQUIRED</code><br><code>--hono.auth.amqp.nativeTlsRequired</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left"><code>false</code></td>
<td style="text-align:left">The server will probe for OpenSLL on startup if a secure port is configured. By default, the server will fall back to the JVM&rsquo;s default SSL engine if not available. However, if set to <code>true</code>, the server will fail to start at all in this case.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_PORT</code><br><code>--hono.auth.amqp.port</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left"><code>5671</code></td>
<td style="text-align:left">The secure port that the server should listen on.<br>See <a href="#port-configuration">Port Configuration</a> below for details.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_SECURE_PROTOCOLS</code><br><code>--hono.auth.amqp.secureProtocols</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left"><code>TLSv1.2</code></td>
<td style="text-align:left">A (comma separated) list of secure protocols that are supported when negotiating TLS sessions. Please refer to the <a href="https://vertx.io/docs/vertx-core/java/#ssl">vert.x documentation</a> for a list of supported protocol names.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_TRUST_STORE_PASSWORD</code><br><code>--hono.auth.amqp.trustStorePassword</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left">-</td>
<td style="text-align:left">The password required to read the contents of the trust store.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_AMQP_TRUST_STORE_PATH</code><br><code>--hono.auth.amqp.trustStorePath</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left">-</td>
<td style="text-align:left">The absolute path to the Java key store containing the CA certificates the service uses for authenticating clients. The key store format can be either <code>JKS</code>, <code>PKCS12</code> or <code>PEM</code> indicated by a <code>.jks</code>, <code>.p12</code> or <code>.pem</code> file suffix respectively.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_SVC_PERMISSIONS_PATH</code><br><code>--hono.auth.svc.permissionsPath</code></td>
<td style="text-align:center">yes</td>
<td style="text-align:left">-</td>
<td style="text-align:left">The path to the JSON file defining the identities and corresponding authorities on Hono&rsquo;s endpoint resources. For backwards compatibility with previous releases, the path may contain a <code>file://</code> prefix.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_SVC_SIGNING_KEY_PATH</code><br><code>--hono.auth.svc.signing.keyPath</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left">-</td>
<td style="text-align:left">The absolute path to the (PKCS8) PEM file containing the private key that the server should use for signing tokens asserting an authenticated client&rsquo;s identity and authorities. When using this variable, other services that need to validate the tokens issued by this service need to be configured with the corresponding certificate/public key. Alternatively, a symmetric key can be used for signing (and validating) by setting the <code>HONO_AUTH_SVC_SIGNING_SHARED_SECRET</code> variable. If none of these variables is set, the server falls back to the key indicated by the <code>HONO_AUTH_AMQP_KEY_PATH</code> variable. If that variable is also not set, startup of the server fails.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_SVC_SIGNING_SHARED_SECRET</code><br><code>--hono.auth.svc.signing.sharedSecret</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left">-</td>
<td style="text-align:left">A string to derive a symmetric key from that is used for signing tokens asserting an authenticated client&rsquo;s identity and authorities. The key is derived from the string by using the bytes of the String&rsquo;s UTF8 encoding. When setting the signing key using this variable, other services that need to validate the tokens issued by this service need to be configured with the same key. Alternatively, an asymmetric key pair can be used for signing (and validating) by setting the <code>HONO_AUTH_SVC_SIGNING_KEY_PATH</code> variable. If none of these variables is set, startup of the server fails.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_SVC_SIGNING_TOKEN_EXPIRATION</code><br><code>--hono.auth.svc.signing.tokenExpiration</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left">600</td>
<td style="text-align:left">The number of seconds after which the tokens created by this service for asserting an authenticated client&rsquo;s identity should be considered invalid. Other Hono components will close AMQP connections with clients after this period in order to force the client to authenticate again and create a new token. In closed environments it should be save to set this value to a much higher value, e.g. several hours.</td>
</tr>
<tr>
<td style="text-align:left"><code>HONO_AUTH_SVC_SUPPORTED_SASL_MECHANISMS</code><br><code>--hono.auth.svc.supportedSaslMechanisms</code></td>
<td style="text-align:center">no</td>
<td style="text-align:left"><code>EXTERNAL, PLAIN</code></td>
<td style="text-align:left">A (comma separated) list of the supported SASL mechanisms to be advertised to clients. This option may be set to specify only one of <code>EXTERNAL</code> or <code>PLAIN</code>, or to use a different order.</td>
</tr>
</tbody>
</table>
<p>The variables only need to be set if the default value does not match your environment.</p>
<h2 id="port-configuration">Port Configuration</h2>
<p>The Auth Server can be configured to listen for connections on</p>
<ul>
<li>a secure port only (default) or</li>
<li>an insecure port only or</li>
<li>both a secure and an insecure port (dual port configuration)</li>
</ul>
<p>The server will fail to start if none of the ports is configured properly.</p>
<h3 id="secure-port-only">Secure Port Only</h3>
<p>The server needs to be configured with a private key, a certificate holding the public key and a trust store in order to open a TLS secured port.</p>
<p>There are two alternative ways for setting the private key and certificate:</p>
<ol>
<li>Setting the <code>HONO_AUTH_AMQP_KEY_STORE_PATH</code> and the <code>HONO_AUTH_AMQP_KEY_STORE_PASSWORD</code> variables in order to load the key &amp; certificate from a password protected key store, or</li>
<li>setting the <code>HONO_AUTH_AMQP_KEY_PATH</code> and <code>HONO_AUTH_AMQP_CERT_PATH</code> variables in order to load the key and certificate from two separate PEM files in PKCS8 format.</li>
</ol>
<p>In order to set the trust store, the <code>HONO_AUTH_AMQP_TRUST_STORE_PATH</code> variable needs to be set to a key store containing the trusted root CA certificates. The <code>HONO_AUTH_AMQP_TRUST_STORE_PASSWORD</code> variable needs to be set if the key store requires a pass phrase for reading its contents.</p>
<p>When starting up, the server will bind a TLS secured socket to the default secure AMQP port 5671. The port number can also be set explicitly using the <code>HONO_AUTH_AMQP_PORT</code> variable.</p>
<p>The <code>HONO_AUTH_AMQP_BIND_ADDRESS</code> variable can be used to specify the network interface that the port should be exposed on. By default the port is bound to the <em>loopback device</em> only, i.e. the port will only be accessible from the local host. Setting this variable to <code>0.0.0.0</code> will let the port being bound to <strong>all</strong> network interfaces (be careful not to expose the port unintentionally to the outside world).</p>
<h3 id="insecure-port-only">Insecure Port Only</h3>
<p>The secure port will mostly be required for production scenarios. However, it might be desirable to expose a non-TLS secured port instead, e.g. for testing purposes. In any case, the non-secure port needs to be explicitly enabled either by</p>
<ul>
<li>explicitly setting <code>HONO_AUTH_AMQP_INSECURE_PORT</code> to a valid port number, or by</li>
<li>implicitly configuring the default AMQP port (5672) by simply setting <code>HONO_AUTH_AMQP_INSECURE_PORT_ENABLED</code> to <code>true</code>.</li>
</ul>
<p>The server issues a warning on the console if <code>HONO_AUTH_AMQP_INSECURE_PORT</code> is set to the default secure AMQP port (5671).</p>
<p>The <code>HONO_AUTH_AMQP_INSECURE_PORT_BIND_ADDRESS</code> variable can be used to specify the network interface that the port should be exposed on. By default the port is bound to the <em>loopback device</em> only, i.e. the port will only be accessible from the local host. This variable might be used to e.g. expose the non-TLS secured port on a local interface only, thus providing easy access from within the local network, while still requiring encrypted communication when accessed from the outside over public network infrastructure.</p>
<p>Setting this variable to <code>0.0.0.0</code> will let the port being bound to <strong>all</strong> network interfaces (be careful not to expose the port unintentionally to the outside world).</p>
<h3 id="dual-port">Dual Port</h3>
<p>In test setups and some production scenarios Hono server may be configured to open one secure <strong>and</strong> one insecure port at the same time.</p>
<p>This is achieved by configuring both ports correctly (see above). The server will fail to start if both ports are configured to use the same port number.</p>
<p>Since the secure port may need different visibility in the network setup compared to the secure port, it has its own binding address <code>HONO_AUTH_AMQP_INSECURE_PORT_BIND_ADDRESS</code>.
This can be used to narrow the visibility of the insecure port to a local network e.g., while the secure port may be visible worldwide.</p>
<h3 id="ephemeral-ports">Ephemeral Ports</h3>
<p>Both the secure as well as the insecure port numbers may be explicitly set to <code>0</code>. The Auth Server will then use arbitrary (unused) port numbers determined by the operating system during startup.</p>
<h2 id="metrics-configuration">Metrics Configuration</h2>
<p>See <a href="/hono/docs/admin-guide/monitoring-tracing-config/">Monitoring &amp; Tracing Admin Guide</a> for details on how to configure the reporting of metrics.</p>
<footer class="footline">
</footer>
</div>
</div>
<div id="navigation">
</div>
</section>
<div style="left: -1000px; overflow: scroll; position: absolute; top: -1000px; border: none; box-sizing: content-box; height: 200px; margin: 0px; padding: 0px; width: 200px;">
<div style="border: none; box-sizing: content-box; height: 200px; margin: 0px; padding: 0px; width: 200px;"></div>
</div>
<script src="/hono/docs/js/clipboard.min.js?1618794679"></script>
<script src="/hono/docs/js/perfect-scrollbar.min.js?1618794679"></script>
<script src="/hono/docs/js/perfect-scrollbar.jquery.min.js?1618794679"></script>
<script src="/hono/docs/js/jquery.sticky.js?1618794679"></script>
<script src="/hono/docs/js/featherlight.min.js?1618794679"></script>
<script src="/hono/docs/js/highlight.pack.js?1618794679"></script>
<script>hljs.initHighlightingOnLoad();</script>
<script src="/hono/docs/js/modernizr.custom-3.6.0.js?1618794679"></script>
<script src="/hono/docs/js/learn.js?1618794679"></script>
<script src="/hono/docs/js/hugo-learn.js?1618794679"></script>
<link href="/hono/docs/mermaid/mermaid.css?1618794679" rel="stylesheet" />
<script src="/hono/docs/mermaid/mermaid.js?1618794679"></script>
<script>
mermaid.initialize({ startOnLoad: true });
</script>
<script>
(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-5WLCZXC');
</script>
<script src="https://www.eclipse.org/eclipse.org-common/themes/solstice/public/javascript/vendor/cookieconsent/default.min.js"></script>
</body>
</html>