EldoS | Feel safer!

Software components for data protection, secure storage and transfer

BizCrypto adapters and EntSSO

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#24825
Posted: 05/03/2013 07:48:52
by Industriens Pension (Standard support level)
Joined: 05/09/2008
Posts: 33

Which properties can be retrieved from Enterprise Single SignOn when using BizCrypto adapters?
Username and password are obvious but what about private key password or anything else?
I am most interested in SFTP and FTPS adapters.
#24845
Posted: 05/03/2013 10:30:50
by Ken Ivanov (EldoS Corp.)

Hello Kristian,

The FTPS adapter is capable of using the SSO for storing usernames, passwords and client-side SSL certificates, either in plain or encrypted with password.

The SFTP adapter can use SSO for storing usernames, password and client-side SSH private keys, also either in plain or encrypted form.

In both cases, the first secret value is expected to contain the password, the second secret value is expected to contain a binary of the certificate or private key (either in Base16 or Base64 form), and the third secret value is expected to contain a certificate/key password. The second and third secret values are optional.
#24866
Posted: 05/06/2013 09:16:31
by Industriens Pension (Standard support level)
Joined: 05/09/2008
Posts: 33

Could you also please provide how a receive or send port should be configured when using SSO for the certificate file and corresponding password?
#24868
Posted: 05/06/2013 09:51:55
by Ken Ivanov (EldoS Corp.)

Kristian,

When configuring the adapter, you should provide the name of your SSO application to the SSO Affiliate Application property.

The SSO application is expected to return the following secret values:

1) Username: user's FTP server account name (login),
2) 0th secret value: user's FTP server password,
3) 1st secret value: user's client certificate blob,
4) 2nd secret value: user's certificate password.

The certificate should be provided in PFX or PEM format, encoded with base64 or base16 encoding.
#24873
Posted: 05/07/2013 02:18:43
by Industriens Pension (Standard support level)
Joined: 05/09/2008
Posts: 33

So i have a key that looks like this:
Code
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3787C72ECE1D0C93

--Line of key--
--Line of key--
--Line of key--
--Line of key--
--Line of key--
--Line of key--
--Line of key--
--Line of key--
--Line of key--
--Line of key--
-----END DSA PRIVATE KEY-----

I just take the content of the key, all the lines and insert as SSO credentials?

Do the second and third secret value have to have a certain name?

How should i configure the adapter to use the key from the SSO instead of a file as it does now?
#24878
Posted: 05/07/2013 10:48:36
by Ken Ivanov (EldoS Corp.)

Kristian,

Quote
I just take the content of the key, all the lines and insert as SSO credentials?

Not exactly. As the key is stored in multiline format, you need to convert it to a single-line format first to be able to assign it to the affiliate application's property. This can be done by wrapping the whole key in base64 or base16 encoding. The wrapping can be done using a variety of online (e.g. this) and offline (e.g. this) applications. Once you get the key as a single line, you an assign it to the SSO application property.

Quote
Do the second and third secret value have to have a certain name?

No, those properties can have arbitrary names.

Quote
How should i configure the adapter to use the key from the SSO instead of a file as it does now?

You should only assign the name of your affiliate application to the SSO Affiliate Application property and set Private Key Source to Value (sorry, I didn't mention the need to set this property in my previous reply).
#24883
Posted: 05/08/2013 02:40:13
by Industriens Pension (Standard support level)
Joined: 05/09/2008
Posts: 33

I tried that and the result i got was this taken from the log file:
Quote
[08-05-2013 09:36:07.496] EldoS SFTP Adapter: Loading private key
[08-05-2013 09:36:07.496] EldoS SFTP Adapter (receive): Failed to pickup files: Could not find any recognizable digits.
#24889
Posted: 05/08/2013 05:27:32
by Ken Ivanov (EldoS Corp.)

1) Are you passing the key in base16 or base64 encoded form?

2) Please try to prepend the long key string (the one that you put to the SSO application) with 'hex:' or 'base64:' prefix, depending on the encoding you use and check if it changes anything.
#24892
Posted: 05/08/2013 08:27:54
by Industriens Pension (Standard support level)
Joined: 05/09/2008
Posts: 33

The line is base64 and adding 'base64:' as prefix solved the issue, thanks.
#24950
Posted: 05/16/2013 08:23:01
by Industriens Pension (Standard support level)
Joined: 05/09/2008
Posts: 33

Is it the same when configuring an OpenPGP adapter?
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 6713 times

Number of guests: 2, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!