Versions Compared

Old Version 3

changes.mady.by.user Petr Podsednik

Saved on

compared with

New Version Current

changes.mady.by.user Petr Podsednik

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you want to secure Aspire access to the Administration UI using the ConfigFile method, the best and most secure way is by encrypting the passwords and validating them against policy rules. Complete the following steps.

  1. Run bin/encryptPassword. This script will create passwords of the "administrator" and "developer" users to be encrypted inside the settings.xml file when you use the optional "username" parameter. The password you pass to the script for encryption will also be also validated against defined policy rules (see the explanation later in this article)

  2. Enable the ConfigFile authentication on the settings.xml file:

    Code Block
    titlesettings.xml
    <authentication>
  <type>ConfigFile</type>
</authentication>
  3. Start Aspire and use the "administrator" or "developer" users to log in using the recently added passwords. When starting Aspire the passwords will also be validated against defined policy rules.

...

Note
titlePreliminary function

In this version the function is considered to be preliminary as it still does not have  have any support regarding maintaining the list of used password automatically. It must be maintained manually like thisfollowing the next steps:

  • run Run encryptPassword for creating new password.
  • 3 property were created properties are created by the script and stored in your distribution's settings.xml file:
    • usernamePassword - encrypted password
    • usernamePasswordHistoryHash - hash of the password
    • usernamePasswordHistoryLastModified - the time of creation
  • modify Update the "lastModified" attribute of the template user in history the passwordHistory file with the value of  of the usernamePasswordHistoryLastModified property. When started Aspire will use the maximumPasswordAge value from policy file to check if the password is still valid.
    • NOTICE: it´s important that the very first time you generate the encrypted password, that you don´t update the password field in the passwordHistory file, otherwise Aspire will report that it has already been used even though this is the first time. Only update the "lastModified" attribute.
  • If you want to change the password lately later, do this :
    • create a new password element in the history file with the hash of previous password stored in usernamePasswordHistoryHash property
    • repeat the process for creating the new encrypted password - the new password will be validated against the history file

...