System Configuration ¶
The "Approve rollout before it can be started" option ensures that no rollout will begin without a confirmation.
To allow devices to communicate with the server at least one type of authentication should be selected.
Target Token authentication: the "Allow targets to authenticate directly with their target security token" option allows devices to authenticate providing an HTTP-Authorization header with the custom scheme
TargetToken. Any device has its own Target Token, visible in the "Security token" property in the detail section of a Target. This mode doesn't allow a device to register "plug-and-play" to the server; it should either have previously registered with a different authentication (e.g. Gateway Token) or the target should be created in advance.
Gateway Token authentication: the "Allow a gateway to authenticate and manage multiple targets through a gateway security token" options allows devices to authenticate providing an HTTP-Authorization header with the custom scheme
GatewayToken. The value of the Gateway Token is provided just below the option when selected and it is one for all the devices. This mode allows a device to register "plug-and-play" to the server.
Anonymous authentication: the "Allow targets to authenticate anonymously without security credentials" option allows devices to authenticate without providing any security credentials. This mode provides no security at all and should be used only for testing or development. This mode allows a device to register "plug-and-play" to the server.
For technical details about Authentication options visit hawkBit Security documentation.
Authentication type priority¶
Here are the rules to keep in mind when multiple Authentication options are enabled:
anonymous authentication has always priority if enabled. No other security check is performed, regardless of the other options selected;
if GatewayToken and TargetToken authentication types are enabled at the same time:
2.1 if the client provides just one token type, then that one is checked by the server;
2.2 if the client provides both token types, then TargetToken is checked by the server.
- Polling Time: The period of time that target devices will check in with the Update Factory Service
- Polling Overdue Time: The period of time that a target device must not check in for, to then have an Overdue status.