Nutanix Objects support IAM users from its first release. Refer this for creating IAM user .
In previous article we saw how cert validation happens at Nutanix Objects and client level. But there is more to it when it comes to securing your connection or packet.
After cert validation, Nutanix Objects S3 adapter service does further check to authentication user before it processes the request.
Lets take a look at the E2E workflow,
This is how E2E call goes. In the above workflow, Admin is also client for Nutanix Objects S3 service.
- Admin generates Access/Secret keys from Nutanix Objects UI and shares it with user.
- Client connects to Nutanix Objects S3 endpoint.
- SSL handshake happens and trust is established (Refer this and this for more details)
- Client initiates the login using Access and Secret keys.
- Client forms HTTP headers and converts it into string.
- Using Keyed-HMAC algorithm and secret key, it generates signature on the string .
- Add this signature to the request header. And sends it to server along with access key in encrypted form.
- On the server : server decrypts the request. Contacts IAM for the secret keys for given access key.
- It then uses same algorithm and secret key to generate signature .
- And if signature matches then request is sent to backend for further processing else error code is returned to client.
Your Comments