Skip to content

User Administration for the sedex Webservice Proxy

This page describes how to administrate the users of the sedex Webservice Proxy.

As of sedex Client version 6.0, the sedex WS-Proxy supports the feature to restrict access to the Web services it offers. This means that a business application can only call the Web service if it has a valid username and password combination. The allowed usernames and their passwords are contained in a separate WS-Proxy user configuration file.

The WS-Proxy User Configuration File

Usernames and passwords are configured in the following user configuration file:

    sedex-data/conf/sedex-wsproxy-user-configuration.properties

This is an excerpt from the configuration file showing two configured users:

    # File: sedex-wsproxy-user-configuration.properties
    […]
    example-app-1=myNewAndSecurePassword,3-CH-55438
    example-app-2={bcrypt}$2a$10$f/du7KAWE0xVu.a9DrRKN.fBxg[…]1wldBVam,1-CH-2874423
    […]

The format of the entries in the configuration file is as follows:

    user_name=password,sedex-id

The elements of an entry (i.e. line of the configuration file) in detail are:

  • user_name: A freely definable username that represents your application calling the sedex Webservice Proxy.

    Allowed characters: a-z, A-Z, 0-9, -, _

  • password: The password of the user.

    Allowed characters: a-z, A-Z, 0-9, -, _

  • sedex-id: The associated sedex ID is that of the physical or logical sedex participant for whom the remote Webservice is called. The specific sedex ID to be used is provided either by your sedex domain administrator or by FSO’s sedex customer support.

Please note:

  • Changes to the users file only become active after a restart of the sedex Client.
  • New passwords can be specified in plain text.
  • For security reasons, plain text passwords are automatically encrypted during a restart of the sedex Client.
  • Encrypted passwords will look like: {bcrypt}$2a$10$f/du7KAWE0xVu.a9DrRKN.fBxgk98zwNAUWPOa1nGgot01wldBVam
  • A once encrypted and forgotten password has to be reset by deleting the old encrypted password (including the {bcrypt} part} and replacing it by a new password in plain text.

Add a new user

If a new business application (e.g. named "myApp") needs access to one or more Web services via the sedex WS-Proxy, a new user representing this application has to be added to the user configuration file:

  1. Open the user configuration file in a text editor

  2. Add a line for the new user (e.g. at the end of the file):

    myApp=aRandomPassword,sedexIdOfThisApplication

  3. Save the configuration file

  4. Check the log file of WS-Proxy for errors or warnings

The WS-Proxy reads the new configuration automatically

It is not necessary to restart the sedex Client after adding a new user, or editing an existing one. The sedex Client integrates the changes and reflects these in the WS-Proxy log files.

However this automatic configuration read only applies to the file sedex-wsproxy-user-configuration.properties. Changing a property in another configuration file still requires a restart of the sedex Client so that the changes are taken into account.

Change the password of a user

The password of a user can be changed as follows:

  1. Open the user configuration file in a text editor

  2. For the intended user, change the password element by deleting the encrypted string including the {bcrypt} part, as shown below.

    Before (with the old encrypted password):

    myApp={bcrypt}$2a$10$f/du7KAWE0xVu.a9DrRKN.fBxg[…]1wldBVam,1-CH-3322

    After (with the new plain password):

    myApp=aNewRandomPassword,1-CH-3322

  3. Save the configuration file

  4. Check the log file of WS-Proxy for errors.

    You should see a line indicating that a previously plain password has been encrypted.