Secure SPARQL Endpoint Guide via SQL Accounts -- usage path digest authentication

The following Guide presents a sample scenario how SPARQL Endpoint can be protected using SQL Account digest authentication:

1. Go to http://cname/conductor.
2. Enter dba credentials:
   
   
   
   
3. Assign SPARQL_SELECT role to user for ex. with name "demo".
4. Go to Web Application Server -> Virtual Domains & Directories:
   
   
   
   
5. Locate the associated virtual folder with your Virtuoso SPARQL Endpoint and click "Edit":
   
   
   
   
   
   
   
   
   
6. At the "Authentication options" section apply the following settings:
   1. Change Method to: Digest;
   2. Add Realm value: SPARQL Endpoint;
   3. Specify for Authentication Function the following function name: DB.DBA.HP_AUTH_SQL_USER;
      
      
      
      
7. Click "Save Changes".
8. At this stage you will be challenged when you go to /sparql via HTML or cURL (in this case use --digest option).
9. Access the SPARQL Endpoint by going to http://cname/sparql.
10. Should be challenged to enter Username and password:
    
    
    
    
11. Enter user "demo" credentials and click "Log in"
    
    
    
    
12. On successful log-in, the SPARQL Endpoint query execution page should be presented:
    
    
    
    

Related

• Safeguarding your Virtuoso-hosted SPARQL Endpoint
• SPARQL Endpoint Protection Methods Collection
• Virtuoso documentation
  • SPARQL Service Endpoint
  • Service Endpoint Security
  • Managing a SPARQL Web Service Endpoint
  • SPARQL
• Virtuoso Tips and Tricks Collection
  • SPARQL Endpoint DET Configuration Guide
  • WebID Protocol & SPARQL Endpoint ACLs Tutorial
  • SPARQL OAuth Tutorial
  • Securing SPARQL endpoints
• SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint
• Virtuoso Authentication Server UI
• Manage a SPARQL-WebID based Endpoint
• Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener
• Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener
• WebID Protocol Support in OpenLink Data Spaces.
• Manage ODS Datadspaces Objects WebID Access Control Lists (ACLs):
  • ODS Briefcase WebID based ACL Guide
    • Person Entity WebID based ACL Guide
    • Group Entity WebID based ACL Guide
    • Public WebID based ACL Guide
  • ODS Feed Manager WebID based ACL Guide
    • Person Entity Specific ACL
    • Group Entity Specific ACL
    • Public Specific ACL for anyone with a WebID
  • ODS Calendar WebID based ACL Guide
    • Person Entity Specific ACL
    • Group Entity Specific ACL
    • Public Specific ACL for anyone with a WebID
  • ODS Bookmark Manager WebID based ACL Guide
    • Person Entity Specific ACL
    • Group Entity Specific ACL
    • Public Specific ACL for anyone with a WebID
  • ODS Addressbook WebID based ACL Guide
    • Person Entity Specific ACL
    • Group Entity Specific ACL
    • Public Specific ACL for anyone with a WebID
• Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates.
• Setting up PubSubHub in ODS
• PubSubHubBub Demo Client Example
• Feed subscription via PubSubHub protocol Example
• Setting Up PubSubHub to use WebID Protocol or IP based control lists
• CA Keys Import using Conductor
• Generate an X.509 Certificate hosted WebID Guide
• Generate an X.509 Certificate (with a WebID watermark) to be managed by host operating system keystore
• Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore
• Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate
• Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate
• ODS Briefcase WebID Protocol Share File Guide
• WebID Protocol Specification
• Test WebID Protocol Certificate page
• WebID Protocol Certificate Generation page