This page was last edited on September 8, 2020, at 10:41.
Comments or questions about this documentation? Contact us for support!
Starting in Genesys Administrator Extension (GAX) 8.5.25, GAX can connect to Configuration Server using a token to ensure secure communication, instead of a password, as is the case with single sign-on (SSO) deployments. This means that for connections associated with user accounts, GAX can use short-lived encrypted tokens instead of actual passwords to authenticate the connection request.
Generally, GAX generates a symmetric key (in essence, a shared encryption key). Configuration Server also generates a symmetric key, and it must be the same for both Configuration Server and the client. For connections associated with user accounts, GAX creates a password token by signing the username and expiry timestamp with HMAC-SHA256, using the value of token-uuid as a salt to create the token, and then prefixes the preamble tag.
When the client sends a connection request to Configuration Server, the server determines if the Password field contains a password token or a user password by looking for a tag at the beginning of the field's value. If the value does start with a tag (the preamble), Configuration Server decodes the token, extracts the token expiration time and username, and then processes the request as follows:
Token-based authentication is not enabled by default. To enable it, you must enable it on Configuration Server (if not already configured), and then on GAX.
Configure the following configuration options in the [system] section of Configuration Server:
For detailed information about these options, refer to the "Configuration Server Configuration Options" chapter of the Framework Configuration Options Reference Manual.
To configure token-based authentication on GAX, set the following options in the [general] section of the GAX Application object: