-
Notifications
You must be signed in to change notification settings - Fork 66
Configure Encrypted Password
Geoportal Server can be configured to use encrypted passwords for OpenSearch/Elasticsearch and LDAP server access.
Download the utility from the Geoportal Server repo. This utility can be used to generate encrypted password using AES 256 symmetric encryption algorithm.
The utility can generate the encrypted string in one step for both OpenSearch and LDAP server. LDAP server configuration is only needed if authentication-ldap is used. If any other authentication is used, please generate encrypted password only for OpenSearch/Elasticsearch.
Please note that if both passwords are to be encrypted, they should be generated together.
-
Unzip EncryptPassword.zip to a local folder.
-
Open a command prompt
-
Make sure that java path is set. You can verify this with
java --version -
On the command prompt, navigate into the
EncryptPasswordfolder -
Run one command:
EncryptPassword.bat <elastic_pass>
OR
EncryptPassword.bat <elastic_pass> <LDAP serevr pass>
Note down Base64 Key, Base64 IV and Encrypted password
To set the encrypted password of a secure search index edit app-context.xml:
- Open app-context.xml and use the values from the previous step
<beans:property name="password" value="" />
<beans:property name="encryptPassword" value="true" /> <-- THIS IS IMPORTANT
<beans:property name="base64Key" value="${gpt_base64Key}" />
<beans:property name="base64Iv" value="${gpt_base64Iv}" />
In the above snippet the values of gpt_base64Key and gpt_base64Iv are set as environment variables.
When authenticating users with LDAP, you will store the encrypted password in authentication-ldap.xml.
-
Add an environment variable
ldap_manager_passwordand set the encrypted password.OR
-
Open authentication-ldap.xml
-
If you set
ldap_manager_passwordas an environment variable, you do not need to include the value in the configuration file. Otherwise, replace ${ldap_manager_password} with encrypted password