Authentication

ABBYY OCR Container allows client authentication using client certificates. Two methods are available for transmitting the client certificate for authentication:

  • During the SSL handshake process
  • In the HTTP header

The container verifies if the request has a client certificate signed by the root certificate. If no such client certificate is found, the request will be rejected.

To enable authentication, you need to provide the container with a signer certificate and configure some other parameters. To do this, follow the steps below:

  1. Mount a folder to the container where the certificate will be located, for example, "/mnt/certificate".

2. Place the certificate in PFX format in this folder.

3. Set the following environment variables for the container:

Name Description
Authentication__Type

The authentication type to be used.

The value of the parameter is Certificate.

Authentication__CertPath The path to the root certificate.
Authentication__CertPassword The password for the root certificate (optional).
Authentication__CertHeaderName The name of the HTTP header in which the client certificate will be transmitted (optional).
Authentication__CertHeaderEncoding The method for encoding the client certificate in the HTTP header (optional).

For example:

Authentication__Type=Certificate
    Authentication__CertPath=/mnt/certificate/ca.pfx
    Authentication__CertPassword="password for your certificate"
    Authentication__CertHeaderName=X-ARR-ClientCert
    Authentication__CertHeaderEncoding=Base64
  

The container will then start using client certificate authentication. During the startup process, you may see the following log messages:

Use certificate for client authentication
    CA certificate for client authentication is loaded - OK
  

These messages indicate that the container is now using client certificates for authentication, and that the client authentication certificate has been successfully loaded.

Note: On the demo page, you can find an example Helm chart for deploying the container to a Kubernetes cluster with client certificate authentication enabled.

19.02.2024 10:23:36

Usage of Cookies. In order to optimize the website functionality and improve your online experience ABBYY uses cookies. You agree to the usage of cookies when you continue using this site. Further details can be found in our Privacy Notice.