cancel
Showing results for 
Search instead for 
Did you mean: 

NSS Portal Basic Authentication setup.

JonHunt
Moderator
Moderator
   VIP   

I’m trying to check the URL on the Portal where we put the password for basic authentication for SOAP services but can’t find it, could you send me a quick guide on how to find it and configure it?

 

1 ACCEPTED SOLUTION

Accepted Solutions

JonHunt
Moderator
Moderator
   VIP   

A number of things to note before making this change:

  1. During the change, NSS should not be accessed by other users.
  2. The change involves a configuration within the portal interface AND some manual changes to config files.


Introduction
During installation, config files for the NSS web services are updated with the URL for our SOAP API.  By default, this uses no authentication.  The config files are then encrypted, so the URL cannot be edited directly.

Updating the authentication method in NSS will involve decrypting these config files and manually updating the URLs, then re-encrypting.

  1. Change the authentication method in NSS:

    Navigate to Admin -> Settings -> Adapter:
    ​​

    Select 'Directa API':


    Change the authentication mode to 'Basic Authentication':


    Enter ANY user name.  It does not need to already exist somewhere else or relate to any existing user.  It will simply be used as the username for the authentication.  Enter a password:


    Before submitting your change, take a look towards the bottom of the form.  Notice that the URL is currently an 'anonymous' URL:



    Click OK button at top of form to save.

    Then drill into the 'Directa API' again.  The URL shown at the bottom of the form should have updated with the new details, e.g:

    authtype=Basic;url=http://hostname/NetBackupSelfServicePublicWebService/DirectaApi.svc;username=NSSDAPIUser;password=**...;

    Copy the URL from the 'Directa API Connection String' box.

    Click Cancel to close the form.


  2. Decrypt the .config files
    On the web server, navigate to the following directory:
    ...\NetBackup Self Service Adapter 8.2\MSBuild

    Run ConfigDecrypt.bat, entering Y to continue.  This decrypts the config files.


  3. Edit the files
    The following files need editing:
    ...\NetBackup Self Service Adapter 8.2\NetBackupAdapterPanels\web.config
    ...\NetBackup Self Service Adapter 8.2\NetBackupAdapterServices\web.config
    ...\NetBackup Self Service Adapter 8.2\NetBackupAdapterTasks\bin\app.config

    In each of these files, edit the line which starts:
    <add name="DapiConnectionString"

    Change the line, updating the 'connectionString' property.  Replace the bold text highlighted in the following example with the URL copied earlier, replacing the masked password with the one set against the adapter:

    connectionString="authtype=Anonymous;url=http://hostname/NetBackupSelfServicePublicWebService/DirectaApi.svc;"

    Save the changes to each file.


  4. Re-encrypt the .config files

    On the web server, navigate to the following directory:

    ...\NetBackup Self Service Adapter 8.2\MSBuild

     

    Run ConfigEncrypt.bat, entering Y to continue.  This re-encrypts the config files.


  5. Test the changes have worked.  Always check the 'Configuration Check' page first.

 

View solution in original post

1 REPLY 1

JonHunt
Moderator
Moderator
   VIP   

A number of things to note before making this change:

  1. During the change, NSS should not be accessed by other users.
  2. The change involves a configuration within the portal interface AND some manual changes to config files.


Introduction
During installation, config files for the NSS web services are updated with the URL for our SOAP API.  By default, this uses no authentication.  The config files are then encrypted, so the URL cannot be edited directly.

Updating the authentication method in NSS will involve decrypting these config files and manually updating the URLs, then re-encrypting.

  1. Change the authentication method in NSS:

    Navigate to Admin -> Settings -> Adapter:
    ​​

    Select 'Directa API':


    Change the authentication mode to 'Basic Authentication':


    Enter ANY user name.  It does not need to already exist somewhere else or relate to any existing user.  It will simply be used as the username for the authentication.  Enter a password:


    Before submitting your change, take a look towards the bottom of the form.  Notice that the URL is currently an 'anonymous' URL:



    Click OK button at top of form to save.

    Then drill into the 'Directa API' again.  The URL shown at the bottom of the form should have updated with the new details, e.g:

    authtype=Basic;url=http://hostname/NetBackupSelfServicePublicWebService/DirectaApi.svc;username=NSSDAPIUser;password=**...;

    Copy the URL from the 'Directa API Connection String' box.

    Click Cancel to close the form.


  2. Decrypt the .config files
    On the web server, navigate to the following directory:
    ...\NetBackup Self Service Adapter 8.2\MSBuild

    Run ConfigDecrypt.bat, entering Y to continue.  This decrypts the config files.


  3. Edit the files
    The following files need editing:
    ...\NetBackup Self Service Adapter 8.2\NetBackupAdapterPanels\web.config
    ...\NetBackup Self Service Adapter 8.2\NetBackupAdapterServices\web.config
    ...\NetBackup Self Service Adapter 8.2\NetBackupAdapterTasks\bin\app.config

    In each of these files, edit the line which starts:
    <add name="DapiConnectionString"

    Change the line, updating the 'connectionString' property.  Replace the bold text highlighted in the following example with the URL copied earlier, replacing the masked password with the one set against the adapter:

    connectionString="authtype=Anonymous;url=http://hostname/NetBackupSelfServicePublicWebService/DirectaApi.svc;"

    Save the changes to each file.


  4. Re-encrypt the .config files

    On the web server, navigate to the following directory:

    ...\NetBackup Self Service Adapter 8.2\MSBuild

     

    Run ConfigEncrypt.bat, entering Y to continue.  This re-encrypts the config files.


  5. Test the changes have worked.  Always check the 'Configuration Check' page first.