Actions
User story #10352
open
Client Certificate authentication + session for data source plugin
Pull Request:
UX impact:
Suggestion strength:
Require - I need this to use Rudder as I intend
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Medium
Name check:
Fix check:
Regression:
Description
For now, data sources plugin only allows authentication thanks to a header (token...)
An other common authentication scheme in API based solution is to use an SSL client certificate.
Most solutions also manage authentication based on a session flow, where a first request is done to a dedicated endpoint, tauthentication is done, some session token is returned to the client, and then that token must be reissued for each following requests of the session.
Both case can be implemented separatly (and the configuration screen must take care of that), but the protocol resulting in their merge is quite common and read like that:
- given a server whose certificate is trusted,
- the data sources client need to read its client certificate (and key/pass)
- to issue an authenticated https request toward a dedicated endpoint on the server.
- the server check ssl authentication and issue a session identifier (SID)
- that session identifier must be issued in the following client request thanks to a dedicated header
- (optionnal - the server must destroy session after some timeout in all cases) the client contact a dedicated endpoint on the server to notify the end of the session. SID is not valide anymore after that.
Updated by Jonathan CLARKE 
Updated by 
Updated by 
Updated by
Actions