Active IQ Unified Manager Discussions

Certificate Based Authentication against Unified Manager 6.4

acjackson
2,945 Views

Hello,

 

I'm trying to setup Certificate Based Authentication against Unified Manager 6.4 to use with NMSDK.

I did manage to setup CBA against DFM 5.2, but I didnt found any option on the Unified Manager: the "dfm" command on console has no 'dfm ssl service' option anymore

Because I couldn't find any topic on CBA in the Unified Manager 6.4 manual either, I am not sure, if it's still supported.

 

Do I have to use LDAP for certificate based authentication?

 

 

 

 

 

1 ACCEPTED SOLUTION

madden
2,909 Views

Hi @acjackson

 

 

I do not believe SSL cert based auth is possible with Unified Manager 6+ releases.  I checked the SDK 5.5 docs and found this that agrees:

 

NaServer::set_style

 

 

$style

The authentication style

Following are the supported values:

  • HOSTS—to use the hosts.equiv file on the storage system to determine access rights.

  • LOGIN—to provide user name and password information. You can set the user name by using the API set_admin_user.

  • CERTIFICATE—to use certificates to authenticate clients who attempt to connect to a server, without using login credentials. This style automatically sets HTTPS as the transport mechanism. You can use this authentication mechanism for clustered Data ONTAP 8.2 and OnCommand Unified Manager 5.0.2, 5.1, and 5.2.

To authenticate the server, server certificate verification and hostname verification is required.

For more information, see the APIsNaServer::set_client_cert_and_key(),NaServer::set_ca_certs(),NaServer::set_server_cert_verification(),andNaServer::set_hostname_verification().

 

 

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

 

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!

View solution in original post

1 REPLY 1

madden
2,910 Views

Hi @acjackson

 

 

I do not believe SSL cert based auth is possible with Unified Manager 6+ releases.  I checked the SDK 5.5 docs and found this that agrees:

 

NaServer::set_style

 

 

$style

The authentication style

Following are the supported values:

  • HOSTS—to use the hosts.equiv file on the storage system to determine access rights.

  • LOGIN—to provide user name and password information. You can set the user name by using the API set_admin_user.

  • CERTIFICATE—to use certificates to authenticate clients who attempt to connect to a server, without using login credentials. This style automatically sets HTTPS as the transport mechanism. You can use this authentication mechanism for clustered Data ONTAP 8.2 and OnCommand Unified Manager 5.0.2, 5.1, and 5.2.

To authenticate the server, server certificate verification and hostname verification is required.

For more information, see the APIsNaServer::set_client_cert_and_key(),NaServer::set_ca_certs(),NaServer::set_server_cert_verification(),andNaServer::set_hostname_verification().

 

 

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

 

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!

Public