Versions Compared

Old Version 23

changes.mady.by.user Corentin Humbert

Saved on

compared with

New Version 24

changes.mady.by.user Corentin Humbert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Publish

When setting up Offline publication, the publication will create a database based on the settings in server.config. The publisher will create a database with the same version as the instance in the settings file.

...

Version 2 also comes with the possibility to use X509 certificates for authentication. But, regardless whether basic authentication or certificate-based authentication is used, the underlying security layer relies on JSON Web Tokens.

1. Server setup: JSON Web Token

On the server, the JSON Web Token settings need to be configured. This is achieved in the settings.config file, and the following snippet needs to be added:

...

  • Issuer: The name for the entity which is responsible for issuing and validating tokens (unique name, ex: hostname)

  • Audience: Name of the entity by which the token is intended to be used. (unique name, ex: hostname)

  • DurationInMinutes: How long a token is considered valid. After it has expired, the client will need to authenticate again. This is done seamlessly in the background and requires no user interaction.

  • Secret: A Base64 randomly generated string. A length of 128 bytes is recommended. Make sure this is kept secret!

2. Server setup: Certificate-based authentication

In case certificate-based authentication is intended to be used on the synchronization server, you will have to set up the server so that it is able to validate user certificates.

To do so, the server must add the Root Certificate Authority responsible for issuing user certificates to its list of trusted authorities:

  1. Download the certificate of the Root CA. Either check with your certificate provider or get the service URLs from the user certificate.

  2. Install the Root CA on the server. You will likely be asked where to install the certificate, make sure to choose Local Machine and NOT Current User (Reason: IIS has its own current user and will not see the certificate if installed in the user store). For the location, pick “Trusted Root Certificate Authorities”.

  3. Double check that you got the right certificate and that you installed it at the right location

3. Client setup: Certificate-based authentication

The client does not need to be configured when it comes to JSON Web Tokens, but it needs to be configured if certificate-based authentication is intended to be used.

...

  • CertificateEnabled: If true, the configured certificate will be used for authentication, otherwise, it will use the default basic authentication method (username/password)

  • CertificateStoreName: Specific value used to find the certificate on the user’s machine. If it’s a personal certificate, then the store name will be “My”.

  • CertificateStoreLocation: This is also used to find the certificate. In case of a user certificate, the location will be “CurrentUser”.

  • CertificateIssuer: The Certificate Authority (CA) responsible for issuing the certificate.

...

  • the

...

  • certificate

...

  • .

Silent Installation

For customers who do not wish to do any kind of customization when installing, it is possible to skip the installation mode popup by adding the following setting in anytime.setup.config:

...