Expand my Community achievements bar.

Javascript code of https request for client certificate authentication.

Avatar

Level 3

Hello Everyone,

We need to set up a connection between adobe campaign and ESB(Enterprise service bus). Adobe Campaign( Client ) will call webservices of ESB (Server) to transfer data from Adobe Campaign to ESB.

But ESB supports client certificate authentication.
I am looking for JavaScript code of https request with a client certificate.

I checked the code of many connectors in Adobe Campaign they are using http request with username and password.
I checked on google but did not find it. Everywhere there is code of Node.js for this type of connection.

Please let me know if you have any questions.

Thanks in advance.

6 Replies

Avatar

Level 10

Hi Parveshp,

Please may you elaborate a bit?

Is the ESB service that requires certificate authentication based on TLS (SSL) (most probably) or IPsec or something else?


I guess it is SSL authentication method that you need.

So, is the protocol SOAP or RESTful web service?

Moreover, do you know how to manage openssl tool on the server ? and so do you have access to the server directly (On Premise) or is it On Cloud hosting so you must use the openssl tool of ACC On Cloud ?

Also ask if the ESB service key is RSA 1024 or 2048 bits.

Regarding the Javascript, nothing to do there, only use https protocol for the httpRequest.


For testing purpose, you can use curl tool if you are On Premise hosting and you have access to the server for installing this tool.

Regards
J-Serge

Avatar

Level 3

Hello Jean,

Thanks for checking it.

1. TLS(SSL) certificate authentication.

2. It has not been decided which type of service ESB team will provide Adobe campaign. It can be SOAP or RESRful.

3. OpenSSL is installed on Adobe application server(Window 2016).  Adobe campaign server team gave me client certificate, that I shared with the ESB server team(Linux server)team.

4. There is an on-premise instance.

As per my understanding, I do not need to mention something special in javascript code. I just need to use the following code to call service. Mutual SSL handshake between client and server will be done automatically.

var req = new HttpClientRequest("https://www.somewhere.com/")

req.header["Content-Type"] = "text/xml; charset=utf-8"

req.method = "SEARCH"

req.body = "<xml>any content</xml>"

req.execute();

Thanks.

Parvesh Parmar.

Avatar

Level 10

If it is SOAP (less probable by now REST is far more popular) please use HttpSoapConnection() function instead of HttpClientRequest.

Please check the method, you define it as SEARCH but usually it is POST (or sometimes GET but less convenient and secured).

So it is your network admin team that have managed the private key, and the public key to share between ESB and ACC, ok fine for you.

Then ask them to do a simple test for example with curl if they have the library installed, to check if authentication is fine outside the ACC.

I suggest you to use an xtk:option entry (Administration>Platform>Options) that you read in your code with getOption() so you can set different keys for differents environment (production, dev, QA) without changing your JS code for leveraging the key.

We had similar question in the past and actually finished with using Basic HTTP authentication instead of based on client certificates.

It is totally unclear how to utilize custom certificate for TLS handshake from AC JavaScript code.

Avatar

Level 3

Hello Jean,

Yes, I will use a post method.

Most probably it would be REST API. Therefore HttpClientRequest is ok.

If authentication is outside of campaign then we won't need to use the key in the campaign. But if we need to use a key in JS code, then where should I use it, I mean, do I need to mention in the header part of HttpClientRequest? If yes, is there any specific syntax for it?

Thanks.

Parvesh.

Avatar

Level 4

Hi

It is not possible to set SSL key inside the campaign js code as far as I know. The maximum, that I was able to do is HMAC authorization.

That is if the server is not accessible via HTTPS request and SSL can not be managed by the operation system, of course.

I can recommend to build a simple Java or node.js app that will act as a proxy, install it on the same machine and expose some local port. Connect to the proxy via HTTP or HTTPS and let it handle the secure connection to your ESB.

We used to run NGINX with reverse SSL tunnel for that purpose to encrypt SMS communication over SMPP until developed our own connector over HTTPS to the REST endpoint.