Different SFTP Authentication Support in BizTalk360

Different SFTP Authentication Support in BizTalk360

Published on : Aug 6, 2020

Category : BizTalk360 Update

Lattetapriyanka

Author

Introduction

What are all the various authenticating methods in which a user can use to connect to an SFTP server (depending on how the server is set up), How shall I keep track on my SFTP Port’s Location for data pile up, What are all the possible way to monitor the File count and Directory size in SFTP port, How does BizTalk360 gives an extensive SFTP support, wanted to know the answer for these queries and more, let us get into the blog.

In the upcoming version of BizTalk360, BizTak360 extends its support in SFTP by supporting the Multi-Factor Authentication and /n software SFTP Keyboard Interactive Authentication. We BizTalk360 always gives importance to the customer’s feedback/request and keeps business improvement as its vital important thus provide the customer outbox support which will keep the users in ease and more productive.  Some of our customers are using /n software sftp adapter, we got a request on the same for supporting the /n software SFTP

How does BizTalk360 Support SFTP Location

Keeping up the connection of the SFTP server is very much important to ensure that the data are transferred between the SFTP port. There are many possible reasons that the SFTP Server connection may not be reachable like,

  • SFTP server is down
  • Time out in reaching the SFTP Server
  • Incorrect password used
  • Providing the incorrect Server Address
  • SFTP port not reachable etc.

The major role of the BizTalk Administrator is to keep monitoring the Server connection, but it is not possible to keep tracking on the SFTP port’s location and SFTP server connection, thus with BizTalk360, you can monitor the SFTP File count and Directory size of a particular SFTP port by configuring the same to a BizTalk360 Threshold or Health Alarm with the preferred condition.BizTalk360 monitoring service will check for the configured SFTP location and will send an alert whenever the condition gets violated. It is also possible to monitor on a regular cycle to cross-check whether the SFTP location threshold condition is healthy.

SFTP Client Authentication Mode Support in BizTalk360

BizTalk Server provides the BizTalk SFTP adapter to get connected to the SFTP Server, additionally supports the /n Software SFTP adapter which holds different authentication modes. Authentication modes are,

BizTalk SFTP

/n software SFTP (Supports from V10.0)          

BizTalk360 support in 9.1 and lower Version

BizTalk360 support in upcoming Version

Password

Public Key

Multi-Factor

Password

Public Key 

GSSAPIWith Mic

None

Multi-Factor

Keyboard Interactive

 

Password

Public Key

Password

Public Key

Keyboard Interactive

Multi-Factor

In the BizTalk360 configure the SFTP Location in Monitoring > Manage Mapping > -File Location > SFTP, which will help to monitor the health of the Port’s Location. On configuring the SFTP Location, BizTalk360 will automatically pick the Client Authentication Mode data which is configured in the BizTalk Admin console port.

SFTP Authentication Methods

Password Authentication

This is the simplest form of authentication using the traditional username/password method. A client logs in to SFTP using Username/Password. No user private/public keys are required. The “username” and “password” can be configured under: SFTP > Configure > Security > Client Authentication Mode

In BizTalk360 you can choose the Password by clicking on the Client Authentication Mode drop-down in the Security Details of BizTalk360 and will be allowing you to provide the username and password,  it is also possible to switch the authentication to “PublicKeyAuthentication”.

Password Authentication

Public key Authentication

Public key authentication is a method where the SFTP client identifies itself to the server by using public/private key pairs. Prior to connection, the user’s public key must first be uploaded and registered on the SFTP server, SFTP > Configure > Security > Client Authentication Mode > Private Key

Public key Authentication

In BizTalk360 you can choose the “Public Key Authentication” by clicking on the Client Authentication Mode drop-down which will allow you to provide the Username, Private Key, and the Private Key password. The password here does not mean the username’s password, instead, you need to provide the password of the Public Key, if you provide the password of the username then the Port location which you have configured will be orphaned which means the location is not reachable using the Provide Public key and its password.

SFTP Authentication Methods

In case SFTP Location / Server is not reachable BizTalk360 will show the state of the port as Orphaned and will let you know the reason for the port being Orphaned by hover on the warning symbol and also in the alert notification via mail.

SFTP Authentication Methods Public Key

Multi-Factor Authentication

In the Multi-Factor Authentication we need to provide the Username & Password and the Public/Private key and password. Public/Private key and password configuration are like steps described in the latter section, except that it includes the private key’s password.         

 In the BizTalk360 Current version, the Multi-Factor Authentication support will not be available for you but very soon in the upcoming BizTalk360 V10 release, you will be facilitated with this feature. Thus, you could choose the Multifactor Authentication in BizTalk360 in the Client Authentication Mode list under the security details blade by allowing you to provide the Username, Password, Private Key, and the Private Key password.

Multi-Factor Authentication

Keyboard Interactive Authentication

Keyboard-interactive (KBI) authentication is the most recently introduced form of authentication for SSH. It involves the server sending prompts to the client, which the client must respond to correctly authenticated connection. Its purpose is permitting the client to support a variety of authentication mechanisms without knowing anything about them. In edtFTPj/PRO, when the server sends its list of prompts that require responses, the client searches the list of loaded SSHAuthPrompts for each prompt. It then sends the set responses back to the server. If the expected responses are supplied, the authentication succeeds.

If the prompt is for a user’s password, it will typically be something like “Password:”. The SSHPasswordPrompt class is supplied to make it easier to set up a password prompt.

In the upcoming BizTalk360 release, you could able to choose the Keyboard Interactive Authentication in the Client Authentication Mode list under the security details blade by allowing you to provide the Username and password.

Keyboard Interactive Authentication

Extensive SFTP Support in BizTalk360

SSH Tunnel

SSH is a standard for secure remote logins and file transfers over untrusted networks. It also provides a way to secure the data traffic of any given application using port forwarding, basically tunnelling any TCP/IP port over SSH. This means that the application data traffic is directed to flow inside an encrypted SSH connection so that it cannot be eavesdropped or intercepted while it is in transit. SSH tunnelling enables adding network security to legacy applications that do not natively support encryption.

SFTP Authentication Methods

Considering the importance of SSH Tunnel and its business impact, BizTalk360 supports the proxy SSH tunnel to connect the SFTP or another server by not keeping the username and password as mandatory.

SSH Tunnel

To get connected to the SFTP server with a normal proxy connection in the current BizTalk360 provide the Address, Port, Type, Username, and Password, it will reach the SFTP location using the credentials and check for the connection and its location details of the SFTP port.

Remote path location pattern support

In the BizTalk server while configuring the remote location, the user may provide different types of patterns. As we BizTalk360 comforts the BizTalk user at every point to the core level.

Say for instance: Remote path can be configuring with the following combination, C:/Users/BT360Admin/nS_SFTP_in1

C:/Users/BT360Admin/nS_SFTP_in1/*.*

/C:/Users/BT360Admin/nS_SFTP_in1

/C:/Users/BT360Admin/nS_SFTP_in1/*.*

/C:/Users/BT360Admin/nS_SFTP_in1/

C:/Users/BT360Admin/nS_SFTP_in1

BizTalk360 is capable enough to monitor the File count and Directory size of the Receive Location or Sendport with all those remote path configurations

Remote path location pattern support

Extensive File Mask Support

In the BizTalk Server the file mask is a string that specifies the type of file that the File receive handler will pick up from the receive location. The file name is a string that specifies the name of the file where the File send handler will write the message. The key point to remember in configuring the file mask is that the file mask and file name are not case-sensitive.

To keep up its immense support, we are supporting all the combinations of file masks. BizTalk360 will fetch the File count base on the file mask configured, in spite of its case sensitiveness.

Here are the few samples for File mask,

 CHPAPO*.txt       *.txt          * . *               *outbound322*       PPI*         Tes*.*

  .TXt                      *.tXT          * . XMl          Orderdata.Xml        .XML       TES*.*

Macros support

You can use a predefined set of macros to dynamically create the files in which the File send handler writes messages. Before creating a file on the file system, the File send handler replaces all the macros in the file name with their individual values. You can use several different macros in one file name.

You can use the file name macros while configuring the File send handler in BizTalk Explorer, or by using the BizTalk Explorer object model.

The File send handler does not replace the macros with a value if any of the following are true:

  • The corresponding system property is not set.
  • The macro is misspelled.
  • The value for the macro contains symbols that are not valid in the file name.

In BizTalk360, you can able to monitor the file count and Directory size of the Send ports with macros by keeping the BizTalk File mask configuration configurable.

Conclusion

Hopefully, this blog helps you in understanding the basics of SFTP client authentication, as well as the types of SFTP Client Authentication Mode, its importance, and BizTalk360’s extensive support in handling and monitoring variant authentication Mode. We are happy to announce that the /n software SFTP and Macros support will be available for your service soon in the forthcoming BizTalk360 Version 10.0 release. To explore further give a try on BizTalk360 will take only a minute to place over BizTalk environment