Versions Compared

Old Version 1

changes.mady.by.user Mohamed Chaouki BERRAH

Saved on

compared with

New Version Current

changes.mady.by.user Amar DEEP

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

How to authenticate the C1 sender and C4 final recipient using WS plugin.

When sending a message securely identifythe C1 sender in a eDelivery network.When sending amessage, C1 creates a messagein message for C2. During this process C1 sets the value originalSender(MessageProperties).When C4 is retrieving the message, is there any way to securelyidentify theidentity om C1and “originalSender”? Reading through documentationit looks like the onlyway is to implement “Extended delegation scenario”OR “Extended security scenario”using signing/encrypting the message the only way securelyknowing the C1 identity.OriginalSender and Final recipient  in the Message Properties.

To authenticate the original Sender (C1) when sending the message and final recipient C4 when retrieving the message, please follow the instructions below:

Step-by-step guide

...

Please configure the basic authentication

...

by creating a dedicated plugin

...

user for each

...

Original sender and final recipient. You can do that by assigning a unique Original sender and final recipient value .

Using this approach, each plugin user

...

will be associated with an "Original user".

  • When you are sending the message the Original User must match the "OriginalSender".
  • When you are receiving message the Original User must match the "FinalRecipient".


For example :

Create

...

puser1 and puser2 in 2 instances of Domibus with 

<ns:MessageProperties>
<ns:Property name="originalSender">urn:oasis:names:tc:ebcore:partyid-type:unregistered:puser1</ns:Property>
<ns:Property name="finalRecipient">urn:oasis:names:tc:ebcore:partyid-type:unregistered:puser2</ns:Property>
</ns:MessageProperties>


In the soap UI

...

submitMessage request.

...

You can check the receipts using the SoapUI ListPendingMessages request.

You must

...

set domibus.auth.unsecureLoginAllowed=false in domibus.properties

...

for username,password) basic authentication:

and 

#Number of console login attempt before the user is deactivated (default 5)
domibus.console.login.maximum.attempt=5

#Time in seconds for a suspended user to be reactivated. (1 hour per default if property is not set, if 0 the user will not be reactivated)
domibus.console.login.suspension.time=3600

...

to enable basic authentication:


Content by Label
showLabelsfalse
max5
spacesCEKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("authentication","domibus") and type = "page" and space = "CEKB"
labelsdomibus authentication

...