Pre-Authentication for Broker Manager
PubSub+ Broker Manager requires a separate log in. The pre-authentication security setting in the Cloud Console specifies whether PubSub+ Cloud account users log in automatically to Broker Manager when they open it from the Cloud Console, or if are required to log in manually.
Pre-authentication is enabled by default. When launching Broker Manager from PubSub+ Cloud, all account users log in automatically . If you disable pre-authentication, account users must log in to Broker Manager for all new sessions.
Using pre-authentication passes the unencrypted username and password in the URL, which is considered insecure by industry standards. Solace recommends that you consider using more secure alternatives, such as Event Broker SSO (single sign-on).
Considerations for Setting PubSub+ Pre-Authentication Security
-
Ensure that you have an Administrator role in the account to modify this setting. For instructions, refer to Managing Users, Groups, Roles, and Permissions.
-
When pre-authentication is disabled, a separate login prompt appears that requires users to enter their username and password for all new sessions with the event broker service.
-
You can find the management usernames and passwords for the event broker serviceon the Manage tab by expanding the PubSub+ Broker Manager - Web Application tile.
-
Regardless of whether you enable or disable pre-authentication, if your event broker services are deployed in a private network [customer-controlled Virtual Private Cloud/Virtual Network (VPC/VNet)], it is possible that you can connect from a public IP address to the PubSub+ Cloud Console (outside of your private network) to create and configure event broker services, but can't connect to Broker Manager.
The ability to connect to Broker Manager depends on the networking configuration of your private network (i.e., most private networks use 10.x.y.z, 172.x.y.z, or 192.x.y.z as IP addresses which are not accessible from a public network). If your networking configuration permits it, you may connect to Broker Manager when it's deployed in a private network if you:
- use a VPN connection such as a VPN client on your computer (or AWS VPN) to connect to the VPC/VNet
- have VNet peering (Azure) or VPC peering (AWS) configured between the network from where you're connected, to the private network where the event broker services are deployed
- have a DNS mapping from the event broker service to your private network. Contact Solace to configure this DNS mapping request.
Configuring PubSub+ Pre-Authentication Security
To configure PubSub+ pre-authentication security, perform these steps:
- Log in to the PubSub+ Cloud Console if you haven't done so yet.
- On the navigation bar, click User & Account and select Account Details.
- On the Account Details page, select the Account Settings tab.
- On the Security Settings tile, enable or disable the PubSub+ Pre Authentication toggle. When disabled, launching Broker Manager from the Cloud Console requires users to authenticate themselves for all new sessions. When enabled, users log in automatically when launching Broker Manager.