Security, authentication and authorization

For co-simulation over the Internet, be sure to use SSL, i.e. use an URL that starts with wss:// such as RTI_URL=wss://myrti.myinternet.com.

Authentication

The default is no authentication. The RTI can do authentication and federation authorization, but no more authorization - that is up to the client applications.

Shared secrets using environment variables

Applications can authenticate using shared secrets. These are set with environment variables, both on the broker and clients.

For clients, use:

  • RTI_SECRET=topsecret

For the broker, use:

  • RTI_SECRET=topsecret for a single secret valid for all applications, and/or
  • RTI_SECRETS=othersecret, specific:CLI, multi:CLI|UI for multiple secrets, valid for specific client application IDs.

User authentication

If /opt/inhumate/rti/conf/passwd exists, it will be used for user authentication. The format should be user:bcrypt_hash. If the file doesn’t exist, any value for “user” in the authentication token will be accepted.

If both secret and user authentication is used, either a valid secret or a valid user/password is accepted.

Copyright © Inhumate AB 2024