CloudBlue Technical Support

Question

Is it possible to configure BA so that it accept APIs only from authorizated users?

Resolution

If authentication is enabled, it is possible to allow access to BA from outside network provided that BA user login and password are passed. External connection then is allowed using the port specified.

Note: These instructions are for BA 5.0, 5.1 and 5.4. Insctructions for BA 5.5 can be found in documentation, for 6.0.x - http://download.pa.parallels.com/pa/6.0/doc/pba/html/74931.htm (if version of BA is below 5.5.5 please also check the following article).

Perform the following actions on the BA Management Node to enable authentication:

1. Stop BA:

   /etc/init.d/pba stop
   

2. Copy the configuration file /usr/local/bm/etc/ssm.conf.d/.xmlrpcd.conf to the /usr/local/bm/etc/ssm.conf.d/.xmlrpcd_auth.conf file:

   cp /usr/local/bm/etc/ssm.conf.d/.xmlrpcd.conf /usr/local/bm/etc/ssm.conf.d/.xmlrpcd_auth.conf
   

3. Copy the configuration file /usr/local/bm/etc/ssm.conf.d/.xrproxy.conf to the /usr/local/bm/etc/ssm.conf.d/.xrproxy_auth.conf file:

   cp /usr/local/bm/etc/ssm.conf.d/.xrproxy.conf /usr/local/bm/etc/ssm.conf.d/.xrproxy_auth.conf
   

Note: It is important that the copied files' names start with a dot.

1. Create two new empty files:

   /usr/local/bm/etc/ssm.conf.d/xmlrpcd_auth.conf
   /usr/local/bm/etc/ssm.conf.d/xrproxy_auth.conf
   

2. Add the following strings into the /usr/local/bm/etc/ssm.conf.d/xmlrpcd_auth.conf file:

   [environment]
   ATMName=XMLRPC_AUTH_Container:$(_index)
   AuthorizationRequired=1
   XMLRPCD_PORT=127.0.0.1:593$(_index)
   
   [options]
   bin = xmlrpcd
   summary = Stellart XML RPC AUTH Server
   arguments = $(XMLRPCD_PORT)
   

3. Add the following strings into the /usr/local/bm/etc/ssm.conf.d/xrproxy_auth.conf file:

   [options]
   bin = xrproxy.pl
   summary = Stellart XML RPC AUTH Proxy Server
   arguments = 5924 5930 5931 5932 5933 5934
   

4. To automatically start authentication on PBA-E start, edit the [options] section of the /usr/local/bm/etc/ssm.conf.d/global.conf file as follows:

   [options]
   startdep = amt muxd www xmlrpcd xrproxy xmlrpcd_auth xrproxy_auth
   

5. Start BA:

   /etc/init.d/pba start
   

6. Allow access from outside network to the port 5924 at BA application server. This port will be used for incoming XML RPC requests with authorization.

7. Optionally, consider to disable non-authorized access to BA XML RPC server by closing the port 5224 in firewall for outside network.

Note: BA 5.0.0-636 HOTFIX 007 must be installed.

Internal content