Consider eliminating IP and port based tenant config
CSP Request Details
None
CSP Rejection Details
None
CSP Approved
None
Description
Environment
None
Potential Workaround
None
Checklist
hideActivity
Show:
Khalilah Gambrell February 17, 2025 at 2:28 PM
Hey and which team should consider this issue?
Details
Details
Assignee
Unassigned
UnassignedReporter
Hongwei JiPriority
TBDDevelopment Team
None
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created February 10, 2025 at 9:15 PM
Updated March 12, 2025 at 12:25 AM
TestRail: Cases
TestRail: Runs
Currently edge-sip2 relies on config file to know which tenant is from which IP (and port). There have been some hosting challenges with this approach. For examples, it is difficult to preserve accurate client IP with VPC traffic inspection; it is cumbersome to use multiple custom ports and poses potential security risk. Since sip2 client does the login when creating the connection to edge-sip2, maybe edge-sip2 can determine the tenant based on the login info provided by the client? If the login info only contains username and password, one possibility is for edge-sip2 to try the login with all tenants or some predefined tenant list to see which tenant the connection is for. If this is doable, it will greatly simplify edge-sip2 hosting and improve the security.