...
| Table of Contents | ||
|---|---|---|
|
Publish
When setting up Offline publication, the publication will create a database based on the settings in server.config. The publisher will create a database with the same version as the instance in the settings file.
...
| Code Block | ||
|---|---|---|
| ||
<AuthenticationProvider> <AssertNullAuthenticationProvider> <UserName>Unknown</UserName> <Groups> <string>Synchronize</string> </Groups> </AssertNullAuthenticationProvider> </AuthenticationProvider> |
Synchronization Authentication
Since the Synchronize API is in version 2, it now relies entirely on authentication tokens to authorize clients. In this case, JSON Web Tokens are used since it is a popular and well-adopted standard.
Version 2 also comes with the possibility to use X509 certificates for authentication. But, regardless whether basic authentication or certificate-based authentication is used, the underlying security layer relies on JSON Web Tokens.
1. Server setup: JSON Web Token
On the server, the JSON Web Token settings need to be configured. This is achieved in the settings.config file, and the following snippet needs to be added:
| Code Block | ||
|---|---|---|
| ||
<!-- File: settings.config -->
<OfflineSynchronizationSettings>
<JsonWebTokenSettings>
<Issuer>SigAnySync</Issuer>
<Audience>SigAnyClient</Audience>
<DurationInMinutes>15</DurationInMinutes>
<Secret>YOUR_SECRET_HERE</Secret>
</JsonWebTokenSettings>
</OfflineSynchronizationSettings> |
There are four important settings in <JsonWebTokenSettings>:
Issuer: The name for the entity which is responsible for issuing and validating tokens (unique name, ex: hostname)
Audience: Name of the entity by which the token is intended to be used. (unique name, ex: hostname)
DurationInMinutes: How long a token is considered valid. After it has expired, the client will need to authenticate again. This is done seamlessly in the background and requires no user interaction.
Secret: A Base64 randomly generated string. A length of 128 bytes is recommended. Make sure this is kept secret!
2. Server setup: Certificate-based authentication
In case certificate-based authentication is intended to be used on the synchronization server, you will have to set up the server so that it is able to validate user certificates.
To do so, the server must add the Root Certificate Authority responsible for issuing user certificates to its list of trusted authorities:
Download the certificate of the Root CA. Either check with your certificate provider or get the service URLs from the user certificate.
Install the Root CA on the server. You will likely be asked where to install the certificate, make sure to choose Local Machine and NOT Current User (Reason: IIS has its own current user and will not see the certificate if installed in the user store). For the location, pick “Trusted Root Certificate Authorities”.
Double check that you got the right certificate and that you installed it at the right location
Server configuration
For instruction on how to configure the server (Synchronization API), please refer to: Server configuration (settings.config)
Client configuration (anytime.setup.config)
For instructions on how to configure inside anytime.setup.config, please refer to: Client app configuration (anytime.setup.config)
...
Currently, Assert Anytime customizations will have to be configured by Signifikant.
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|