Authentication
ABBYY OCR Container allows client authentication using client certificates. Two methods are available for transmitting the client certificate for authentication:
- During the SSL handshake process
- In the HTTP header
The container verifies if the request has a client certificate signed by the root certificate. If no such client certificate is found, the request will be rejected.
To enable authentication, you need to provide the container with a signer certificate and configure some other parameters. To do this, follow the steps below:
- Mount a folder to the container where the certificate will be located, for example, "/mnt/certificate".
2. Place the certificate in PFX format in this folder.
3. Set the following environment variables for the container:
Name | Description |
---|---|
Authentication__Type |
The authentication type to be used. The value of the parameter is Certificate. |
Authentication__CertPath | The path to the root certificate. |
Authentication__CertPassword | The password for the root certificate (optional). |
Authentication__CertHeaderName | The name of the HTTP header in which the client certificate will be transmitted (optional). |
Authentication__CertHeaderEncoding | The method for encoding the client certificate in the HTTP header (optional). |
For example:
Authentication__Type=Certificate
Authentication__CertPath=/mnt/certificate/ca.pfx
Authentication__CertPassword="password for your certificate"
Authentication__CertHeaderName=X-ARR-ClientCert
Authentication__CertHeaderEncoding=Base64
The container will then start using client certificate authentication. During the startup process, you may see the following log messages:
Use certificate for client authentication CA certificate for client authentication is loaded - OK
These messages indicate that the container is now using client certificates for authentication, and that the client authentication certificate has been successfully loaded.
Note: On the demo page, you can find an example Helm chart for deploying the container to a Kubernetes cluster with client certificate authentication enabled.
19.02.2024 10:23:36