Skip to content
Swiss federal authorities

User Administration for the sedex Webservice Proxy🔗

This page describes how to administrate the users of the sedex Webservice Proxy.

The sedex Web Service Proxy supports a feature to restrict access to the Web services it offers, restricting end-user applications to calling only a Web service or the Messaging REST API if it has a valid username and password. The valid usernames and passwords are configured in the sedex Web Service Proxy user configuration file.

Restricting Anonymous Access🔗

To control whether unauthenticated requests to web services of the Web Service Proxy are allowed, configure the following property in the client configuration file (<sedex_home>/conf/sedex-client-configuration.properties):

Property Key Description
wsproxy.users.allow-anonymous If set to false, all web services require authentication. If set to true, certain services (e.g., CheckSedex) may be accessed without authentication.

Enforce Authentication

To enhance security, it is strongly recommended to disable anonymous access and ensure that all requests to the Sedex client are authenticated.

The sedex Web Service Proxy user configuration file🔗

Usernames and passwords are configured in the following user configuration file:

OS-based installation:
<sedex_home>/conf/sedex-wsproxy-user-configuration.properties

Container-based:
<sedex-data>/conf/sedex-wsproxy-user-configuration.properties

This excerpt from the configuration file shows two configured users:

# File: sedex-wsproxy-user-configuration.properties
[…]
example-app-1=myNewAndSecurePassword,3-CH-55438
example-app-2={bcrypt}$2a$10$f/du7KAWE0xVu.a9DrRKN.fBxg[…]1wldBVam,1-CH-2874423
[…]

The format of the entries in the configuration file is as follows:

user_name=password,sedex-id

The elements of an entry (i.e. line of the configuration file) in detail are:

  • user_name

    A freely definable username that represents your application calling the sedex Web Service Proxy.

    Allowed characters (no spaces): a-z A-Z 0-9 - _

  • password

    The password of the user.

    Allowed characters (no spaces or hyphens): a-z A-Z 0-9

    Allowed special character: !"#$%&'()*+,-./:;<=>?@[]^_`{}|~.

  • sedex-id

    The sedex ID of the physical or logical sedex participant for whom the remote Web service is called. The specific sedex ID to be used is provided either by your sedex Domain Administrator or by FSO’s sedex Customer Support.

Please note:

  • Changes to the users file only become active immediately.
  • Check the log file of sedex Web Service Proxy for errors or warnings after restart the sedex-Client.
  • New passwords can be specified in plain text.
  • For security reasons, plain text passwords are automatically encrypted when the sedex-Client is restarted.

  • Encrypted passwords look something like this:

    {bcrypt}$2a$10$f/du7KAWE0xVu.a9DrRKN.fBxgk98zwNAUWPOa1nGgot01wldBVam

  • An encrypted and forgotten password must be reset by deleting the old encrypted password (including the {bcrypt} part) and replacing it with a new password in plain text.

Add a new user🔗

If a new end-user application (e.g. named «myApp») needs access to one or more Web services via sedex Web Service Proxy, a new user representing this application must be added to the user configuration file:

  1. Open the user configuration file in a text editor.

  2. Add a line for the new user (e.g. at the end of the file):

    myApp=aRandomPassword,sedexIdOfThisApplication

  3. Save the configuration file

  4. Check the log file of sedex Web Service Proxy for errors or warnings

The WS-Proxy reads the new configuration automatically

It is not necessary to restart the sedex-Client after adding a new user, or editing an existing one. The sedex-Client integrates the changes and reflects these in the WS-Proxy log files.

However this automatic configuration read only applies to the file sedex-wsproxy-user-configuration.properties. Changing a property in another configuration file still requires a restart of the sedex-Client so that the changes are taken into account.

Change the password of a user🔗

The password of a user can be changed as follows:

  1. Open the user configuration file in a text editor.

  2. For the intended user change the password element as shown below.

    Before (with the old encrypted password):

    myApp={bcrypt}$2a$10$f/du7KAWE0xVu.a9DrRKN.fBxg[...]1wldBVam,1-CH-3322

    After (with the new plain password):

    myApp=aNewRandomPassword,1-CH-3322

  3. Save the configuration file.

  4. Check the log file of sedex Web Service Proxy for errors or warnings.

    Note: You should see a line indicating that a previously plain password has been encrypted.

    ******* Webservice-Proxy-Users - Validation and Encoding (Begin) *******
Checking if wsproxy users configuration file C:\[...]/conf/sedex-wsproxy-user-
configuration.properties is valid and if it contains any plain passwords that
should be encoded.
Encoded a previously plain password for user myApp.
The users configuration contained 1 plain passwords that had to be saved in
encoded format.
******* Webservice-Proxy-Users - Validation and Encoding (End) *******