Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Changing User Authentication Modes

 

You change the authentication mode to authenticate users by using credentials (username and password), certificates, or X.509 certificate parameters.

Caution

When you change the authentication mode from the user interface or the CLI, all existing user sessions, except that of the current administrator who is changing the authentication mode, are automatically terminated and the users are forced to log out. You need not restart Junos Space Platform when you switch from one authentication mode to another.

Note

An audit log entry is generated when you change the authentication mode.

The following topics describe the steps to change user authentication modes.

Changing the User Authentication Mode from Password-Based to Complete Certificate-Based from the User Interface

You change the authentication mode from password-based to complete certificate–based when the users must be authenticated on the basis of their certificates.

To change the user authentication mode from password-based to complete certificate–based:

  1. (Optional) Load the server certificate to the Junos Space server:

    1. Go to Administration > Platform Certificate.

      The Platform Certificate page appears.

    2. Upload the certificate from the Upload Certificate area.
    If you do not upload a customized server certificate, then the default Junos Space Network Management Platform certificate is used.

    For more information about loading the server certificate, refer to Installing a Custom SSL Certificate on the Junos Space Server.

  2. Load the user certificate:
    • For a new local user, load the user certificate from the Role Based Access Control > User Accounts > Create User page.

    • For existing local users, load the user certificate from the Role Based Access Control > User Accounts > Modify User page or by clicking the User Settings icon on the Junos Space banner.

    For more information about loading user certificates, refer to Uploading a User Certificate.

  3. Load the CA certificates and the certificate revocation list to the Junos Space server:

    1. Go to Administration > CA/CRL Certificates.

      The CA/CRL Certificates page appears.

    2. Upload the CA certificates and the certificate revocation list on the CA/CRL Certificates page.
    For more information about loading CAs and CRLs, refer to Uploading a CA Certificate and Certificate Revocation List.
  4. Enable certificate–based authentication mode:

    1. Navigate to Administration > Applications > Network Management Platform > Modify Application Settings page.
    2. Click the User link (on the left of the page).
    3. Select the Use X509 Certificate Complete Certificate option button.
    4. Click Modify.

      A confirmation dialog box is displayed.

    5. You can change the authentication mode to certificate–based or retain the password-based mode.

      • To change the authentication mode, click Yes.

        Jobs are triggered to change the login password and FMPM password and switch the authentication mode to complete certificate–based. You can view the details of the jobs on the Job Management page.

        An error message is displayed if you have not loaded the required certificates.

      • To retain the authentication mode, click No.

The authentication mode is changed to complete certificate–based authentication.

Changing the User Authentication Mode from Complete Certificate-Based to Certificate Parameter–Based from the User Interface

You change the authentication mode from complete certificate–based to certificate parameter–based when the users must be authenticated by using certificate parameters.

To change the user authentication mode from complete certificate–based to certificate parameter–based:

  1. Specify the parameters to be validated:

    1. Go to Administration > Applications > Network Management Platform > Modify Application Settings.

      The Modify Application Settings page appears.

    2. Click the X509CertificateParameters link.

      The X509CertificateParameters page appears.

    3. Add the parameters to be validated.
    For more information about adding X.509 certificate parameters, refer to Adding and Activating X.509 Certificate Parameters for X.509 Certificate Parameter Authentication.
  2. Specify the values for the parameters:
    • For a new local user, enter the values from the Role Based Access Control > User Accounts > Create User page.

    • For existing local users, Junos Space Platform extracts the values for the specified parameters when you change the authentication mode.

  3. Enable certificate parameter–based authentication mode:

    1. Navigate to Administration > Applications > Network Management Platform > Modify Application Settings.
    2. Click the User link (on the left of the page).
    3. Select the Use X509 Certificate Parameters option button.
    4. Click Modify.

      A confirmation dialog box is displayed.

    5. You can change the authentication mode to certificate parameter–based or retain the certificate–based mode.

      • To change the authentication mode, click Yes.

        Jobs are triggered to parse the parameters of user certificates, change the login password and FMPM password and switch the authentication mode to certificate parameter–based. You can view the details of the jobs on the Job Management page.

        An error message is displayed if you have not added and activated the parameters.

      • To retain the authentication mode, click No.

The authentication mode is changed to certificate parameter–based authentication.

Changing the User Authentication Mode from Certificate Parameter–Based to Complete Certificate-Based from the User Interface

You change the authentication mode from certificate parameter–based to complete certificate–based when the users must be authenticated on the basis of their certificates.

Note

You must upload certificates for all new users (added after previously changing the authentication mode to certificate parameter–based) before changing the authentication mode from certificate parameter–based to complete certificate–based.

To change the user authentication mode from certificate parameter–based to complete certificate–based:

  1. Enable complete certificate-based authentication mode:

    1. Navigate to Administration > Applications > Network Management Platform > Modify Application Settings.
    2. Click the User link (on the left of the page).
    3. Select the Use X509 Certificate Complete Certificate option button.
    4. Click Modify.

      A confirmation dialog box is displayed.

    5. You can change the authentication mode to certificate–based or retain the certificate parameter–based mode.

      • To change the authentication mode, click Yes.

        Jobs are triggered to change the login password and FMPM password and switch the authentication mode to complete certificate–based. You can view the details of the jobs on the Job Management page.

        An error message is displayed if you have not loaded the certificates for new users.

      • To retain the authentication mode, click No.

The authentication mode is changed to complete certificate–based authentication.

Changing the User Authentication Mode to Password-Based from the User Interface

You change the authentication mode to password-based when the users must be authenticated by using passwords.

To change the user authentication mode to password-based authentication from the user interface:

  1. Navigate to Administration > Applications > Network Management Platform > Modify Application Settings.
  2. Click the User link (on the left of the page).
  3. Select the Use User Password Auth Mode option button.
  4. Click Modify.

    A confirmation dialog box is displayed.

  5. You can change the authentication mode to password-based or retain the current authentication mode.

    • To change the authentication mode, click Yes.

      Jobs are triggered to send the passwords to users by their e-mail addresses in Junos Space Platform and switch the authentication mode to password-based. You can view the details of the jobs on the Job Management page.

    • To retain the authentication mode, click No.

The authentication mode is changed to password-based authentication.

Changing the User Authentication Mode to Password-Based from the CLI

You change the authentication mode to password-based from the CLI when users are restricted from logging in by using certificate–based authentication mode.

To change the authentication mode to password-based authentication from the CLI:

  1. Log in to the CLI of the Junos Space server running as the VIP node, as the root user.
  2. Navigate to the following directory: /var/www/cgi-bin.
  3. Type the following command from the ./setSpaceAuthMode password-based directory:

    The authentication mode is changed to password-based and users can login with their username and password.