Skip to main content

Advanced - Password Authentication

Aerie currently only supports password authentication for applications internal to JPL via CAM. This document describes how to enable CAM username + password authentication.

Note that Hasura authorization is enabled by default (even without CAM authentication enabled), so you need either an admin token or JWT provided by the gateway to access it.

info

To learn how to programmatically authenticate with Aerie to get a token, see the API docs on the topic.

Service Environment Variables

The default Aerie docker-compose.yml file requires certain environment variables to be set to enable authentication. This section outlines the variable definitions and the services that require them for authentication.

AUTH_GROUP_ROLE_MAPPINGS

  • Description: Optional JSON object that maps LDAP groups to allowed Aerie roles.
  • Service: aerie_gateway
  • Accepted values: Stringified JSON. Auth provider groups are keys, values are list of allowed Aerie roles
  • Example:
{
  "team_leads": [ "aerie_admin" ],
  "power_users": [ "user", "viewer" ],
  "business_users": [ "viewer" ]
}

AUTH_TYPE

  • Description: Authentication method (currently only supports CAM or none)
  • Service: aerie_gateway
  • Accepted values: cam or none
  • Default: none

AUTH_URL

  • Description: URL of CAM server
  • Service: aerie_gateway
  • Accepted values: Any valid CAM API URL
  • Default: https://atb-ocio-12b.jpl.nasa.gov:8443/

HASURA_GRAPHQL_JWT_SECRET

HASURA_GRAPHQL_ADMIN_SECRET

Aerie UI Login Page

With CAM authentication enabled you can log in to the Aerie UI with your JPL username and password.

Aerie UI - Login Page
Figure 1: Aerie UI - Login Page