Does BPM'Online support SSL-MA authentication? I have a financial services application that I need to connect to BPM'Online. I am going to develop few custom configuration service endpoints on BPM'Online that are going to be consumed by the financial services app. However, there is a requirement from the customer for adding an extra layer of security to any kind of interactions between the systems through client/server signed certificates(could be X.509 certificates) and perform mutual authentication. So, can mutual authentication  be performed on BPM'Online? 

Like 0

Like

2 comments

Would really appreciate some help here...

amanthena,

I'm not sure what is the difference between "mutual authentication" and just a simple authentication to an SSL application. According to the article by the link below, it seems like there is no difference.

https://blog.cloudboost.io/implementing-mutual-ssl-authentication-fc20ab2392b3

Please find how to call a bpm'online authentication service in the article by the link below. Please read all the article from the very beginning to the very end before creating the integration. There are lot of tricks that you have to use are described there. 

https://academy.bpmonline.com/documents/technic-sdk/7-13/executing-odata-queries-using-fiddler 

Show all comments

Hi,

When I am trying to send request from BPM (http://localhost:82) to external web app (https://localhost:58733) via 'call web service' system action I am getting an error:

"system.net.webexception could not establish secure channel for ssl/tls ---> system.security.authentication.authenticationexception the remote certificate is invalid"

What I am doing wrong? 'Call Web Service' system action should work with SSL/TLS without any problem?

Best regards,

Tom

 

Like 0

Like

2 comments

I've used Call Web Service with SSL without issue. That error is a general .NET error that usually relates to issues with the certificate and likely means one of the following is true:

  • The certificate doesn't match the URL.
  • The certificate is self-signed and not added as a trusted certificate.
  • The certificate is expired.
  • The certificate is signed by a root certificate that's not installed on your machine.

If the cert is ok, and since this is a local install, you can try going to the external URL in IE (on the server where Bpm'online is installed), click the lock icon then "View Certificates", then click the button to "Install Certificate" (be sure you select to install on "Local Machine" and not "Current User"

Tom,

Please use this article to troubleshoot the issue https://blogs.msdn.microsoft.com/friis/2017/10/10/troubleshooting-tls-s… and also Ryan is right. The reason is probably in certificate so that's why you need to check it firstly.

Best regards,

Oscar

Show all comments