Page tree
Skip to end of metadata
Go to start of metadata

Overview

Since FIXEdge 5.10 all logon password data is unconditionally encrypted.

Encryption for the Password tag (554) was added in 5.10;

Encryption for the NewPassword tag (925) was added in 5.10.1.

Using passwords in logon for authentication. Simple scenario.

How to configure passwords history

In order to store passwords in the separate file there is a History element in the Business Layer of FIXEdge. You can find detailed information about it here: History element 

Assumes that passwords are stored for unique Senders.

The following Passwords.header file should be created:

Passwords.header
Field.1.IsKeyField=yes
Field.1.Tag=49
Field.2.Tag=554
FieldsCount=2

The following text block should be added to BL_Config.xml file:

BL_Config.xml
	<History 
		Name="Passwords" 
		StorageType="File"
		WorkingDirectory="FIXEdge1/conf/" 
		StorageFileName="Passwords">
		<KeyFields>49</KeyFields>
		<Fields>554</Fields>
	</History>

In this case Passwords.header and history file should be placed in WorkingDirectory i.e. FIXEdge1/conf/.

How to save sessions passwords to history

Passwords can be saved to history with special session CONTROL-FIXEDGE. (Make sure that FIXEdge is configured for accepting CONTROL-FIXEDGE session).

In order to reach it you should add the rule to BL_Config.xml file:

BL_Config.xml
<Rule Description="AddSessionToPasswordHistory" >
    <Source>
        <FixSession SenderCompID="CONTROL" TargetCompID="FIXEDGE" />
    </Source>
    <Condition>
        <EqualField Field="35" Value="BE"/>
        <EqualField Field="924" Value="3"/>
    </Condition>
    <Action>
		<CopyField SourceField="115" TargetField="49" IsRequiredField="Y"/>
		<HashField Field="554"/>
		<SaveToHistory Name="Passwords"/>
        <StopProcessing/>
     </Action>
 </Rule> 

For example, send this message to setup password "TestPassword1" to session CLIENT1.

Password checking script usage

  1. Get saved password from history;
  2. Get 554 tag value from logon;
  3. Decrypt the value;
  4. Get hash from the decrypted value;
  5. Compare hashes;
  6. Return bool value to accepting or rejecting session.

BL Rules listing

BL_Config.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
<!DOCTYPE FIXEdge SYSTEM "BusinessLayer.dtd">
-->
<FIXEdge>
<BusinessLayer>
	<!-- ===================== Password history ===================== -->
	<History 
		Name="Passwords" 
		StorageType="File"
		WorkingDirectory="FIXEdge1/conf/" 
		StorageFileName="Passwords">
		<KeyFields>49</KeyFields>
		<Fields>554</Fields>
	</History>

<!-- ===================== Passwords managment ===================== -->
	<Rule Description="AddSessionToPasswordHistory" >
		<Source>
			<FixSession SenderCompID="CONTROL" TargetCompID="FIXEDGE" />
		</Source>
    	<Condition>
    	    <EqualField Field="35" Value="BE"/>
     	   <EqualField Field="924" Value="3"/>
	    </Condition>
    	<Action>
    	    <CopyField SourceField="115" TargetField="49" IsRequiredField="Y"/>
			<HashField Field="554"/>
			<SaveToHistory Name="Passwords"/>
    	    <StopProcessing/>
    	 </Action>
	 </Rule>
 
<!-- ===================== Authentication ===================== -->
    <CreateSessionEvent>
        <Source>
            <FixSession SenderCompID=".*" TargetCompID=".*"/>
        </Source>
        <Condition>
            <EqualField Field="49" Value="CONTROL"/>
            <EqualField Field="56" Value="FIXEDGE"/>
        </Condition>
        
        <Condition>
            <Script Language="JavaScript" FileName ="FIXEdge1/conf/Password_Logon.js"/>
        </Condition>
        <CreateSessionActionIfTrue>
            <AcceptSession/>
        </CreateSessionActionIfTrue>
           <CreateSessionActionIfFalse>
            <RejectSession>Authentication error</RejectSession>
       </CreateSessionActionIfFalse>
    </CreateSessionEvent>
    
    <DefaultRule>
    	<Action>
        	<DoNothing/>
        </Action>
	</DefaultRule>

</BusinessLayer>
</FIXEdge>

JavaScript listing

Password_Logon.js
// The script checks if password is valid for the session

valid = false;
// get hash from history
sender    = getStringField(49);
key = new Array(sender);
savedPass = getFromHistory("Passwords", key, "554");
 
// get hash from logon message
encryptedPass = getStringField(554);
// accept session if only password is in history
if (encryptedPass != null && savedPass != null)
{
	pass = hashString(decryptString(encryptedPass ));
	if (pass == savedPass )
		valid = true;
}
if (valid == false)
{
	// Print session reject reason to FIXEdge.log
	print("[WARN] Wrong password has been received for SenderCompID " + sender + ". ");
}
valid;

References

BL Scripting with JavaScript

Routing Rules and Session Events: XML Transformation Language