Signiant Support

Job Command Security Enforcement Print


Question:

How does Signiant enforce job command grants?
 

Answer:

The agent process receiving the job command on the Message broker interface will perform the following when validating the access control (grant) pertaining to executing commands against running jobs.

 
  1. Obtain user, host, certificate chain, and digital signature from job command (command security XML node)
  2. Validate the host and user specified are allowed to execute commands
  3. Validate the certificate chain supplied in the command against the agents trusted CA list
    • Certificate for host name specified must be present
    • Signing CA certificate must be validated against agent process trusted CA
    • The fingerprint can be verified against the certificate chain supplied
  4. Obtain public key for agent that generated command from certificate chain supplied
  5. Decrypt the digital signature with the public key obtained from step (4)
  6. Generate a secure hash of the  XML command and compare to decrypted signature from step (5)

Any failures in the above processing will generate a command response failure with the appropriate error message.