Authentication is a core tenet of the Rebar Hub and how the Rebar Hub operates. To enable secure authentication, Rebar has support for PKI credentials built into the Rebar Hub. In under a minute, an administrator can configure and enable PKI credential authentication within Rebar.
Trusted PKI Configuration screen provides the administrator the ability to add or remove trusted PKI certificates for authentication (Requires root and intermediate).
While not an explict feature of managing trusted PKI certificates, using PKI enables configuration of the mobile app in (App Management) to perform authorization to apps based on OID attributes within the PIV certificates. OID targeting can be enabled or disabled at any time in the App Management portal.
PKI Headless Mode
To use PKI, the administrator must first enable
PKI Headless State which allows for PKI to be used as an authentication method. The
PKI Headless State will leverage the PKI certificates uploaded via the PKI management portal for authentication.
Headless PKI Disabled button will present the modal to toggle the state. To enabled Headless mode, tap
The administrator can enable or disable
Headless PKI which enables or disables the use of PKI credentials. If the administrator disables
PKI Headless Mode it will prevent users who have authenticated with PKI credentials from using their apps - disabling should be used with extreme caution in production environments.
Headless PKI Enabled button will present the modal to toggle the state. To enabled Headless mode, tap
Disabled Headless PKI
Steps to Add a new PKI Certificate
The Rebar Hub accept encoded PEM/DER certificates for upload, typically with the
*.pfx suffix. These certificates can be a single certificate or a chain of certificates.
— BEGIN CERTIFICATE — Encoded Certificate — END CERTIFICATE —
Additionally, multiple certificates can be uploading with a single file, they should follow the following:
— BEGIN CERTIFICATE — Encoded Certificate — END CERTIFICATE — — BEGIN CERTIFICATE — Encoded Certificate — END CERTIFICATE — — BEGIN CERTIFICATE — Encoded Certificate — END CERTIFICATE —
Adding a new trusted PKI Certificate is a simple process, follow below to create a new trusted PKI Certificate:
- On the
Trusted PKI Configurationmanagement screen, tap
Add Trusted PKI Certificate
- The screen will present a modal dialog
Upload PKI Certificate
- Tap the File Upload button on the modal dialog and select the certificate you will upload
Upload Certificate- this will upload the certificate and store it within the Rebar Hub
- The modal dialog will disappear and the list of trusted PKI certificates will refresh
Select the file to upload
Once the file has been selected tap the
Upload Certificate button
Steps to Remove a PKI Certificate
Removing a trusted PKI Certificate carries risk, removing a certificate will remove the users ability to authenticate.
On the trusted PKI Certificate management portal:
- Tap the
Removebutton for the certificate
- The certificate will be removed from database
- The list of trusted PKI certificates will refresh
It will take a short period of time (less than a minute) for the updates to propagate to the Rebar Hub API server due to caching.