Configuring the PTC RV&S SMTP EMail Server with OAuth Authentication

Serverkonfiguration > SMTP Configuration > Configuring the PTC RV&S SMTP EMail Server with OAuth Authentication

To set up an SMTP email server for OAuth token authentication, you must configure the following properties in the is.properties along with security.properties file. You must ensure that all properties are configured correctly and none of them are left blank.

Following properties must be configured in the is.properties file:

• mksis.smtp.oauth.authentication — Set the value to true to send mails using the OAuth token authentication. Setting this property to false enables the application to send e-mails using the open mail relay.

• mksis.smtp.ssl.enabled — Set the value to true to enable TLS encryption on the SMTP server. You can use this option only when your SMTP server is configured with TLS encryption using the Signer certificate. If your SMTP server is configured with TLS encryption, then you can use the keytool.exe command to import the Signer certificates (custom root CAs or custom intermediate CAs) from the SMTP server into your trusted keystore. The keytool.exe command is in your JRE/JDK folder.


%jdk%\bin\keytool -importcert -alias <<SMTP Server name>> -storetype PKCS12
			-keystore jdk\lib\security\cacerts
			-file <custome_CA_certificate>

where
-importcert - specifies to import the certificate response
-alias      - specifies the name of the entry from which to import
-file       - specifies the path from which to read the CA response

You must repeat the command for all the CAs.

• mksis.logging.email.from — Contains the authentication user name of the sender.

• mksis.logging.email.server.hostname — Contains the name of the SMTP server.

• mksis.logging.email.server.port — Contains the port number.

Following properties must be configured in the security.properties file:

• mksis.security.smtp.oauth.clientID — Contains the Oauth client id for the mail server.

• mksis.security.smtp.oauth.clientSecret — Contains the Client secret for the mail server.

• mksis.security.smtp.oauth.tokenEndpointURL — Contains the Token URL of the e-mail server used to generate the token.

• mksis.security.smtp.oauth.scope — Conatins the scope used to generate the token.

While switching mail relay systems, you must consider the following:

• A server restart is required if you are switching mail relays.

• A server restart is required if you make any changes to any of these properties while using the OAuth token authentication.

After adding or modifying the authentication client id, client secret, scope and, token URL save the security.properties file and run the encryption tool. This ensures that the client secret provided in the security.properties file is ecrypted.

E-mail triggers

If you want to continue using the open mail relay, no changes are required and the triggers should continue to function as expected. In case you are moving to SMTP OAuth token authentication system, you must configure the is.properties and security.properties file as mentioned above and make the following changes to the out-of-the-box trigger scripts provided with the application:

• If you are using Java Mail API, refer to the sample trigger script emailAdvanced_closedmail_OAuth.js especially the functions getSMTPServer(), getSMTPPort(),and getOAuthAccessToken(). Also ensure that you use an appropriate encryption technique to retrieve authentication details from these functions.

• If you are using non Java Mail API (the sendmail() function), you must ensure to use the correct user name that matches the one provided in the SMTP basic authentication. For example, you can use the function as eb.sendmail([email protected], email, subject, message).

• If mksis.smtp.oauth.authentication=true and mksis.smtp.authentication=true, the email is sent using SMTP basic authentication.

• If mksis.smtp.oauth.authentication=true and mksis.smtp.authentication=false, the email is sent using SMTP OAuth token Authentication.

War dies hilfreich?