Technical Blog Post
Abstract
Enabling Secure Authentication for Odette FTP (OFTP) in Sterling B2Bi
Body
In my previous blog, I had covered the steps for enabling SSL for Odette FTP (OFTP configuration) inside SB2Bi. Click Here for quick access.
Considering complexity of OFTP protocol itself, I realized the need for another blog where I am going to explain the configuration of "Secure Authentication in SB2B's OFTP setup. It is different from SSL that was discussed in my previous blog.
Just like SSL feature added in OFTP 2.0, Secure Authentication too added in OFTP 2.0. RFC for OFTP2 can be accessed @ RFC5024
Hence ensure "Odette FTP API Level" is set to 2.0 in Physical Partner Contract in SB2Bi.
If you are first time user configuring Odette FTP in IBM's SB2Bi product, You may refer to my presentation that covers complete walk-through of File Transfers using Odette FTP2.0 over SSL in IBM Sterling B2B Integrator during "Connect with Experts" live session in May'2014.
To download the presentation or recorded audio of that session, please Click here
SB2Bi OFTP Documentation is here
SB2Bi Odette FTP interacting with 3rd party Odette FTP software with Secure Authentication enabled :
When SB2Bi OFTP is working with different OFTP solution, here are the things needed to configured in SB2Bi to enable "Secure Authentication"
1. Configure private key as "Authorization Private Key" in *LOCAL* OFTP Physical Partner (PP).
2. Share corresponding public key(s) with partner
3. Obtain partner's public key(s) and use it in *REMOTE* PP as "Authentication Certificates"
4. Last and most important thing is to enable "Secure Authentication" check box in corresponding OFTP Physical Partner Contract (PPC).
#4 is what determines whether "Secure Authentication is enabled with particular partner.
This diagram puts together all these points.
SB2Bi interacting with another SB2Bi over OFTP2+Secure Authentication :
Since this covers both Inbound and outbound configurations, it would help wide range of users using SB2Bi for OFTP with "Secure Authentication" enabled. I have used self signed certificates for this demonstration.
Here are some screens that I captured for better explanation of this use-case between 2 SB2Bi environments.
SB2Bi -1
LOCAL PP
REMOTE PP
PPC
SB2Bi-2
LOCAL PP
PPC
UID
ibm11121655