How to securely identifythe C1 sender in a eDelivery network.When sending amessage, C1 creates a messagein C2.During this process C1 sets the value originalSender(MessageProperties).When C4 is retrieving the message, is there any way to securelyidentify theidentity om C1and “originalSender”? Reading through documentationit looks like the onlyway is to implement “Extended delegation scenario”OR “Extended security scenario”using signing/encrypting the message the only way securelyknowing the C1 identity.
Step-by-step guide
This is possible using the basic authentication and creating dedicated plugin users for each C4’s and by assigning a unique Original sender and final recipient value .
Using this approach, each plugin user needs to provide their username and password and they are bound to use their own Original sender or final recipient value in the AS4 Message.
I have just tested this feature by creating a puser1 and puser2 in 2 instances of Domibus with
<ns:MessageProperties>
<ns:Property name="originalSender">urn:oasis:names:tc:ebcore:partyid-type:unregistered:puser1</ns:Property>
<ns:Property name="finalRecipient">urn:oasis:names:tc:ebcore:partyid-type:unregistered:puser2</ns:Property>
</ns:MessageProperties>
In the soap UI sendMessage request.
You can check the receipts using the SoapUI ListPendingMessages request.
You must setdomibus.auth.unsecureLoginAllowed=false in domibus.properties
for username,password) basic authentication:
and
#Number of console login attempt before the user is deactivated (default 5)
domibus.console.login.maximum.attempt=5
#Time in seconds for a suspended user to be reactivated. (1 hour per default if property is not set, if 0 the user will not be reactivated)
domibus.console.login.suspension.time=3600