Activating Trusted Connections
When trusted connections are active, Metability trusts that the user who is currently logged on to the computer already has been authenticated and allows the user to access Rochade without having to log in again. However, the DI Server will accept the connection from Metability only if it recognizes Metability’s computer as a trusted site.
Trusted sites are identified by their IP address or host name and validated through a pair of RSA keys (that is, one public key and one private key). Setting up a trusted connection between Metability and DI Server requires these steps:
- Create the RSA keys (to know more, see To create an RSA key pair).
- Enable trusted connections in Metability (to know more, see To enable trusted connections in Metability).
- Enable trusted connections in the DI Server and specify Metability’s computer as a trusted site (to know more, see To enable trusted connections in DI Server).
- On the computer on which Metability is installed, open a command prompt.
- Enter this command:
- ASG recommends that you keep the keys secret—especially the private key—to ensure that only trusted sites have access to Rochade.
- You can use a single key pair for validating multiple trusted sites running multiple Rochade applications. For more information, see To enable trusted connections in DI Server.
java –cp instdir\bin\rochade.jar de.rochade.security.GenKeyPair –private outdir/privatekey -public outdir/publickey
where:
instdir is the installation directory of Metability.
outdir is the output directory for the key files.
The key pair is created in the specified directory.
To enable trusted connections in Metability
- Copy the privatekey file to a secure location.
- Open the dataspace.xml file for editing.
- Add these parameters to the SERVER entry that pertains to the server connection for which you want to enable trusted connections:
- Save your changes.
authType="trusted" keyfile="path_to_keyfile"
where path_to_keyfile is the path and name of the privatekey file.
For example:
<SERVER Name="User connection" host="rosrv.asg.com" port="8888" authType="trusted" keyfile="C:\privatekey"/>
To enable trusted connections in DI Server
- Copy the publickey file to a directory on the DI Server (for example, C:\Program Files\Rochade\sbin).
- Open the server.ini initialization file for editing. You can find the file in the appl subdirectory of the Rochade installation directory.
- Add this setting to the server start section of the server.ini initialization file:
- Add the trusted sites section to the server.ini initialization file:
- Save your changes.
- Restart the DI Server.
TRUSTED_SITES=<trusted_sites>
where <trusted_sites> is the name of the section that contains the settings for trusted sites and their corresponding public keys.
For example:
[SERV]
...
TRUSTED_SITES=T_SITES
[<trusted_sites>]
<site>=@<publickey>
where:
<trusted_sites> is the name of the section as specified in step 3.
<site> is the IP address or host name of the computer on which Metability is installed.
ASG recommends that you use fully qualified domain names to refer to trusted clients. For more information, see the ASG-Rochade System Administrator’s Guide.
<publickey> is the path and name of the public key file on the DI Server.
For example:
[T_SITES]
appserver.asg.com=@c:\rochade\sbin\publickey
If you want to use the public key also for another trusted site, add an entry for the site using the same key file. In this case, you also must make sure that the other site uses the corresponding private key file of the key pair.