Forum Discussion

JonHunt's avatar
JonHunt
Level 5
5 years ago

NSS Portal Basic Authentication setup.

I’m trying to check the URL on the Portal where we put the password for basic authentication for SOAP services but can’t find it, could you send me a quick guide on how to find it and configure it?

 

  • A number of things to note before making this change:

    1. During the change, NSS should not be accessed by other users.
    2. The change involves a configuration within the portal interface AND some manual changes to config files.


    Introduction
    During installation, config files for the NSS web services are updated with the URL for our SOAP API.  By default, this uses no authentication.  The config files are then encrypted, so the URL cannot be edited directly.

    Updating the authentication method in NSS will involve decrypting these config files and manually updating the URLs, then re-encrypting.

    1. Change the authentication method in NSS:

      Navigate to Admin -> Settings -> Adapter:
      ​​

      Select 'Directa API':


      Change the authentication mode to 'Basic Authentication':


      Enter ANY user name.  It does not need to already exist somewhere else or relate to any existing user.  It will simply be used as the username for the authentication.  Enter a password:


      Before submitting your change, take a look towards the bottom of the form.  Notice that the URL is currently an 'anonymous' URL:



      Click OK button at top of form to save.

      Then drill into the 'Directa API' again.  The URL shown at the bottom of the form should have updated with the new details, e.g:

      authtype=Basic;url=http://hostname/NetBackupSelfServicePublicWebService/DirectaApi.svc;username=NSSDAPIUser;password=********;

      Copy the URL from the 'Directa API Connection String' box.

      Click Cancel to close the form.


    2. Decrypt the .config files
      On the web server, navigate to the following directory:
      ...\NetBackup Self Service Adapter 8.2\MSBuild

      Run ConfigDecrypt.bat, entering Y to continue.  This decrypts the config files.


    3. Edit the files
      The following files need editing:
      ...\NetBackup Self Service Adapter 8.2\NetBackupAdapterPanels\web.config
      ...\NetBackup Self Service Adapter 8.2\NetBackupAdapterServices\web.config
      ...\NetBackup Self Service Adapter 8.2\NetBackupAdapterTasks\bin\app.config

      In each of these files, edit the line which starts:
      <add name="DapiConnectionString"

      Change the line, updating the 'connectionString' property.  Replace the bold text highlighted in the following example with the URL copied earlier, replacing the masked password with the one set against the adapter:

      connectionString="authtype=Anonymous;url=http://hostname/NetBackupSelfServicePublicWebService/DirectaApi.svc;"

      Save the changes to each file.


    4. Re-encrypt the .config files

      On the web server, navigate to the following directory:

      ...\NetBackup Self Service Adapter 8.2\MSBuild

       

      Run ConfigEncrypt.bat, entering Y to continue.  This re-encrypts the config files.


    5. Test the changes have worked.  Always check the 'Configuration Check' page first.

     

  • A number of things to note before making this change:

    1. During the change, NSS should not be accessed by other users.
    2. The change involves a configuration within the portal interface AND some manual changes to config files.


    Introduction
    During installation, config files for the NSS web services are updated with the URL for our SOAP API.  By default, this uses no authentication.  The config files are then encrypted, so the URL cannot be edited directly.

    Updating the authentication method in NSS will involve decrypting these config files and manually updating the URLs, then re-encrypting.

    1. Change the authentication method in NSS:

      Navigate to Admin -> Settings -> Adapter:
      ​​

      Select 'Directa API':


      Change the authentication mode to 'Basic Authentication':


      Enter ANY user name.  It does not need to already exist somewhere else or relate to any existing user.  It will simply be used as the username for the authentication.  Enter a password:


      Before submitting your change, take a look towards the bottom of the form.  Notice that the URL is currently an 'anonymous' URL:



      Click OK button at top of form to save.

      Then drill into the 'Directa API' again.  The URL shown at the bottom of the form should have updated with the new details, e.g:

      authtype=Basic;url=http://hostname/NetBackupSelfServicePublicWebService/DirectaApi.svc;username=NSSDAPIUser;password=********;

      Copy the URL from the 'Directa API Connection String' box.

      Click Cancel to close the form.


    2. Decrypt the .config files
      On the web server, navigate to the following directory:
      ...\NetBackup Self Service Adapter 8.2\MSBuild

      Run ConfigDecrypt.bat, entering Y to continue.  This decrypts the config files.


    3. Edit the files
      The following files need editing:
      ...\NetBackup Self Service Adapter 8.2\NetBackupAdapterPanels\web.config
      ...\NetBackup Self Service Adapter 8.2\NetBackupAdapterServices\web.config
      ...\NetBackup Self Service Adapter 8.2\NetBackupAdapterTasks\bin\app.config

      In each of these files, edit the line which starts:
      <add name="DapiConnectionString"

      Change the line, updating the 'connectionString' property.  Replace the bold text highlighted in the following example with the URL copied earlier, replacing the masked password with the one set against the adapter:

      connectionString="authtype=Anonymous;url=http://hostname/NetBackupSelfServicePublicWebService/DirectaApi.svc;"

      Save the changes to each file.


    4. Re-encrypt the .config files

      On the web server, navigate to the following directory:

      ...\NetBackup Self Service Adapter 8.2\MSBuild

       

      Run ConfigEncrypt.bat, entering Y to continue.  This re-encrypts the config files.


    5. Test the changes have worked.  Always check the 'Configuration Check' page first.