Skip to content

System Configuration

Figure 1

Authentication Configuration

Note

To allow devices to communicate with the server at least one type of authentication should be selected.

  • Target Token authentication: the "Allow targets to authenticate directly with their target security token" option allows devices to authenticate providing an HTTP-Authorization header with the custom scheme TargetToken. Any device has its own Target Token, visible in the "Security token" property in the detail section of a Target. This mode doesn't allow a device to register "plug-and-play" to the server; it should either have previously registered with a different authentication (e.g. Gateway Token) or the target should be created in advance.

  • Gateway Token authentication: the "Allow a gateway to authenticate and manage multiple targets through a gateway security token" options allows devices to authenticate providing an HTTP-Authorization header with the custom scheme GatewayToken. The value of the Gateway Token is provided just below the option when selected and it is one for all the devices. This mode allows a device to register "plug-and-play" to the server.

  • Anonymous authentication: the "Allow targets to authenticate anonymously without security credentials" option allows devices to authenticate without providing any security credentials. This mode provides no security at all and should be used only for testing or development. This mode allows a device to register "plug-and-play" to the server.

For technical details about Authentication options visit hawkBit Security documentation.

Authentication type priority

Here are the rules to keep in mind when multiple Authentication options are enabled:

  1. anonymous authentication has always priority if enabled. No other security check is performed, regardless of the other options selected;

  2. if GatewayToken and TargetToken authentication types are enabled at the same time:

    2.1 if the client provides just one token type, then that one is checked by the server;

    2.2 if the client provides both token types, then TargetToken is checked by the server.

Polling Configuration

  • Polling Time: The period of time that target devices will check in with the Update Factory Service
  • Polling Overdue Time: The period of time that a target device must not check in for, to then have an Overdue status.