App passwords
With FirstSpirit Version 5.2 and higher, all web applications and cluster nodes that communicate with the FirstSpirit Server must undergo authentication.
This area can be used to generate and manage the associated app passwords.
Active: if this option is selected, authentication can be performed using the app password, but if the box is unchecked, no authentication is possible.
Description: An optional description of the password can be provided here.
Allowed IP addresses / host names: The use of a particular password can be restricted to particular IP addresses or host names. When listing multiple entries, they should be separated using commas. Leaving the field blank provides unrestricted access, that is, the specified app password is valid across the board for all connections to the FirstSpirit server.
Default password (“Default”): Initially, only the “Default” password is enabled when you open the “App Passwords” area. The preconfigured default password is kept in the fs-isolated-server.jar file in encrypted format. This ensures that older FirstSpirit installations remain compatible once they have been updated to FirstSpirit Version 5.2 by eliminating the need to directly configure all existing web applications and cluster nodes with the new app passwords for authentication purposes.
To ensure a fully secured connection, the default password for all connections should be replaced with a new app password. Once a new app password has been successfully configured, the default password can be disabled or use of the password can be restricted to particular IP addresses.
It is not possible to delete the default password.
The default password should only be disabled once you are sure that a connection can be successfully authenticated using a new app password. Otherwise, access to the FirstSpirit start page or ServerManager may be accidentally blocked (see also Fixing a faulty configuration). |
Add: Clicking this button opens a new “Edit App Password” dialog. This dialog allows you to make entries/settings relating to the following: the status of the app password (active/inactive), a description, and whether or not use of the password should be restricted to particular IP addresses/host names.
A newly generated app password is displayed in the “Password” area. New passwords are generated on a one-time basis and are not saved. Therefore, the password should be transferred directly to the configuration for the web applications and cluster nodes (any white spaces in the password are merely intended to improve legibility and can be removed if necessary):
The app passwords can only be used for direct socket connections (not for http connections). In addition, the app passwords cannot be used for conventional user authentication processes. |
Edit: Clicking this button opens the “Edit App Password” dialog for editing an existing configuration. This differs from the dialog “Edit App Password” for creating a new App Password (button “Add”) is that no newly generated password is displayed. Instead, it merely shows a button labeled Create new random password. Clicking this button generates a new password (see “Add”). For security reasons, an existing password cannot be displayed again. Therefore, a new password must be generated if necessary and transferred to the configuration for the relevant web applications and cluster nodes.
Delete: Clicking this button removes an existing app password from the list of passwords. Before this can happen, a dialog appears asking you to confirm that you really want to delete the password.
Before deleting a password, you should first enable the default password for any existing internal connections so that the relevant applications can still be accessed afterwards (see Fixing a faulty configuration). It is not possible to delete the default password.