Authentication
The dxflow authentication system provides secure access to the web interface using RSA key-pair authentication, ensuring enterprise-grade security for all your workflow operations.
Authentication Overview
dxflow implements a sophisticated authentication system designed for security and ease of use:
RSA Key-Pair Authentication
Cryptographically Secure - No passwords to remember or compromise
- Automatic key generation on first setup
- Challenge-response authentication mechanism
- Configurable key rotation and management
Session Management
Flexible Sessions - Customizable session lifetime and management
- JWT token-based session control
- Configurable session duration (1 minute to 1 hour)
- Automatic session renewal and cleanup
Multi-User Support
Enterprise Ready - Support for multiple users and roles
- Individual key management per user
- Role-based access control
- Audit logging for all authentication events
Getting Started
Step 1: Locate Your Private Key
Your private key is automatically generated when you first set up dxflow:
# List available keys
dxflow engine key list
Keys are stored in: ~/.dxflow/keys/
Step 2: Access the Login Page
Navigate to your dxflow engine's web interface:
- Local installation:
http://localhost(or your configured port) - Remote server:
http://<your-server-ip>:<port>
Step 3: Authenticate
The web interface will guide you through the authentication process using your private key.
Authentication Process
Challenge-Response Mechanism
The authentication system uses a secure challenge-response protocol:
Step 1: Request Challenge
- Endpoint:
GET /api/auth/challenge/ - Purpose: Generate unique authentication challenge
- Returns: Challenge data with identity, nonce, and lifetime
{
"identity": "your-key-identity",
"nonce": "random-challenge-string",
"lifetime": 300
}
Step 2: Sign and Verify
- Endpoint:
POST /api/auth/verify/ - Purpose: Verify signature against challenge
- Process: Your private key signs the challenge data
- Returns: JWT authentication token on success
{
"token": "jwt-authentication-token",
"expires": 1640995200
}
Step 3: Session Management
- Endpoint:
GET /api/auth/inspect/ - Purpose: Validate current authentication state
- Headers: Requires valid JWT token
- Returns: Current session information and permissions
{
"authenticated": true,
"identity": "your-key-identity",
"permissions": ["SHELL", "OBJECT", "WORKFLOW"],
"expires": 1640995200
}
Key Management
Automatic Key Generation
When you first install dxflow, keys are automatically generated:
Manual Key Operations
For advanced key management:
Key Management Commands
# List all keys
dxflow engine key list
# Generate new key pair
dxflow engine key generate
# Register additional keys
dxflow engine key register <public-key-file>
# Remove keys
dxflow engine key unregister <key-identity>
Key Security Best Practices
Safeguard Your Keys
- Store private keys securely with appropriate file permissions
- Never share private keys with others
- Use different keys for different environments (dev/prod)
- Regular key rotation for high-security environments
Key Backup Strategy
- Backup key files to secure location
- Document key identities and their purposes
- Test key restore procedures
- Maintain key recovery procedures
Security Monitoring
- Monitor authentication logs for suspicious activity
- Track key usage patterns
- Set up alerts for failed authentication attempts
- Regular security audits of key access
Session Management
Session Configuration
Configure session behavior to match your security requirements:
Session Duration
Flexible Timing
- Minimum: 1 minute (high-security environments)
- Maximum: 1 hour (convenience vs. security balance)
- Default: 30 minutes (recommended for most use cases)
Session Persistence
Cross-Browser Support
- Persistent across browser tabs
- Survives page refresh and navigation
- Automatic cleanup on expiration
- Manual logout capability
Session Features
- Automatic Renewal: Sessions renew automatically during active use
- Secure Logout: Complete token invalidation on logout
- Cross-Tab Sync: Authentication state shared across browser tabs
- Connection Recovery: Graceful handling of network interruptions
Troubleshooting
Cannot locate private key:
- Check if keys exist:
dxflow engine key list - Verify key file permissions are correct
- Ensure
.dxflow/keys/directory exists
Authentication fails repeatedly:
- Verify system clock is accurate (affects token timing)
- Check if key has been corrupted or modified
- Try generating a new key:
dxflow engine key generate
Browser shows "Unauthorized" errors:
- Clear browser cache and cookies
- Disable browser extensions that might interfere
- Try authentication in incognito/private browsing mode
Session expires too quickly:
- Check engine configuration for session timeout settings
- Verify system time synchronization
- Consider increasing session duration for your use case
Cannot maintain session across tabs:
- Ensure cookies are enabled in browser
- Check if browser storage is available
- Verify no browser security policies blocking session storage
Frequent logouts:
- Check network stability and connection quality
- Verify engine is running continuously
- Review authentication logs for timeout patterns
Lost or corrupted keys:
- Generate new key pair:
dxflow engine key generate - Update any automation scripts with new key identity
- Document new key information securely
Permission denied errors:
- Verify key has proper permissions for required operations
- Check user role assignments in engine configuration
- Ensure key is properly registered:
dxflow engine key list
Multiple key conflicts:
- List all keys to identify duplicates or conflicts
- Remove unused keys:
dxflow engine key unregister <identity> - Ensure unique key names and identities
Security Considerations
Network Security
- HTTPS Recommended: Use HTTPS in production environments
- Firewall Configuration: Restrict access to authorized IP addresses
- VPN Access: Consider VPN access for remote administration
- Network Monitoring: Monitor authentication traffic for anomalies
Operational Security
- Regular Audits: Review authentication logs regularly
- Access Reviews: Periodically review user access and permissions
- Incident Response: Have procedures for compromised key scenarios
- Backup Authentication: Maintain alternative access methods for emergencies
The dxflow authentication system provides enterprise-grade security while maintaining ease of use, ensuring your distributed computing environment remains secure and accessible to authorized users only.