Support 4 options for authentication of xNF into DCAE VES Collectors (preferred option will be to build as separate library under dcaegen2/services/sdk so it can extended to other collector)

 

1.Certificate authentication only supported for HTPS/TLS connection to DCAE VES Collector

• Mutual authentication of xNF and DCAE via x.509v3 certificates
• Identity is checked against a list of known identities
• This is the preferred option going forward because it is most secure and most manageable

2.Basic Auth authentication only supported

• xNF provides username/password in the HTTPS connection when sending a VES event
• Supported for backward compatibility reasons

3.Both certificate and basic authentication supported

4.No authentication allowed for lab environment

• HTTP is supported without TLS

 

Introduce authMethod parameter - This is set in the Properties of the xNF as part of the deployment configuration

authMethod values

1.certOnly

2.basicAuth

3.certBasicAuth

4.noAuth

 

1.authMethod = certOnly

1.client without cert and without basic auth -> fail

2.client without cert and wrong basic auth -> fail

3.client without cert and correct basic auth -> fail

4.client with cert and without/wrong basic auth -> pass

5.client with cert and correct basic auth -> pass

2.authMethod = basicAuth

1.client without cert and without basic auth -> fail

2.client without cert and wrong basic auth -> fail

3.client without cert and correct basic auth -> pass

4.client with cert and without/wrong basic auth -> fail

5.client with cert and correct basic auth -> pass

3.authMethod = certBasicAuth

1.client without cert and without basic auth -> fail

2.client without cert and wrong basic auth -> fail

3.client without cert and correct basic auth -> pass

4.client with cert and without/wrong basic auth -> pass

5.client with cert and correct basic auth -> pass

4.authMethod = noAuth

1.client -> pass for all use cases 1 to 5