1. Using Connect Client
  2. Stored Passwords

Stored Passwords

Taleo Connect Client (TCC) communicates to Taleo hosted products using an authenticated user and password. In addition, if proxy servers are installed within the environment additional user credentials can be required by TCC.

Integration User password

TCC maintains the Integration User password locally to establish a connection with a Taleo hosted product. Passwords can be stored in the following locations:

  • Default configuration board file: default.board.xml

  • Environment file: *.properties

  • Configuration files: *_cfg.xml

The Integration User password is encrypted by an AES algorithm with a key size of 128 bits. It is stored in an XML file:

EncryptedPassword=Base64 (AES:128 (password))

Encryption Key Server (EKS)

With release 14A, an encryption key server is delivered with Taleo Connect Client (TCC) which can be used to augment existing password management services. The EKS can be used to generate a key that encrypts passwords within the TCC application.

Encryption Key Server Installation

Step 1. Copy the encryptionkey-server.jar file from the server folder under the TCC installation folder, to a location on the network. It is recommended that this be a different location than the TCC installation. The encryptionkey-server.jar file is the default EKS delivered for enhancing password management.

Step 2. By default, the EKS runs using a local host IP address and port 1126. To use another address or port, a folder and file must be created at the server root location. (A server restart is required following any modification.)

Folder and file name:

  • conf/EncryptionKeyServer.conf File content:

  • HOST_PORT=YOUR_SERVER_PORT

  • HOST_ADDRESS=YOUR_SERVER_ADDRESS

Step 3. The encryption server can now be started, call your_java_location –jar encryptionkey-server.jar.

a. On Windows platform - the following screen prompts is displayed to the user. The user should enter a passphrase value. This value is masked with *.


Image showing the Ecryption Server Passphrase window.

b. On platform - command line will prompt user for passphrase entry.

On starting the EKS for the first time, an AES symmetric encryption key is generated. This will be automatically saved into the conf/ClientKey.key file. The user entered passphrase is used to protect access to the encryption key value stored in this file. Each new installation of the EKS will generate a different & unique encryption key. Due to this, it is strongly recommended that a backup of the key file is made and saved in a secured location. In doing so, it is possible to recover encrypted data if there is a failure with the original implementation. Using the same passphrase would unlock the encryption key needed to decrypt the data. At all subsequent EKS startups, the entered passphrase will be used to unlock the encryption key needed to decrypt any encrypted data.

Configuring TCC using an Encryption Key Server

It is necessary for TCC to be provided with the host address and port of the EKS that was setup and configured in the previous step. This can be added when a new instance of TCC is being installed via the setup dialog step illustrated below. This information is captured during the installation process of the new version of TCC and stored in the TaleoConnectClient.ini file.

If more convenient, the EKS can be installed at a later time, and the relevant host and port information can be added directly into the TaleoConnectClient.ini file as illustrated below:

  • -Dcom.taleo.integration.client.encryption.key.hostPort=Your_Server_Port

  • -Dcom.taleo.integration.client.encryption.key.hostAddress=Your_Server_Address

Please note that using a different encryption server will imply modifying the configuration files to use the new encryption key.

In TCC, no modifications are visible in the UI. When creating a new profile or configuration board entry, if both properties have been specified, the encryption from the server is used to encrypt the password. Otherwise, the default encryption mechanism is used.

Encrypt Password Tool

An additional tool is provided to encrypt individual string values. It is located in theTools > Encrypt Password menu.

Enter the string value to encrypt in the text box and click Encrypt. If the encryption server properties are defined, this will be used to encrypt the value. Otherwise, the default encryption mechanism will be used. The encrypted result is displayed at the bottom of the page. Click Copy to save to clipboard. Click Close to close the window.

Proxy Password Management Using EKS

TCC uses a System Properties file to authenticate itself against proxy servers needed to access the internet. The required System properties are:

-Dhttp.proxyHost=myproxyhostname

-Dhttp.proxyPort=portnumber

-Dhttp.proxyUser=username

-Dhttp.proxyPassword=hello123

-Dhttps.proxyPassword=securedHello123

Note: Values defined for properties http.proxyPassword and https.proxyPassword need to be encrypted. The new Encryption Password Tool can be used to encrypt different String values. The presence of the Encryption Key Server address and port properties is used to determine the encryption mode.

The two following properties must be added to use the Encryption Key Server:

-Dcom.taleo.integration.client.encryption.key.hostAddress=your_server_address

-Dcom.taleo.integration.client.encryption.key.hostPort=your_server_port

There are two different ways to set up System properties, depending on the way TCC is launched.

  1. On windows via the GUI:

    When running TCC through the Windows GUI, all System properties must be defined in the TaleoConnectClient.ini file located at the root of the installation folder.

  2. Launching TCC through the Command Line interface:

    When running TCC in a Command Line interface, the System properties must be included in the TaleoConnectClient.bat (Windows) or TaleoConnectClient.sh (Linux) files.

    To be able to run TCC from command line without any issue it is recommended to use the following Java options (don't forget to replace the variables with the values that are best for the type of operations that are done).

    JAVA_OPTS=" 
-ms${JAVA_MIN_MEM}M 
-mx${JAVA_MAX_MEM}M 
-XX:NewSize=${NEWGEN}m 
-XX:MaxNewSize=${MAXNEWGEN}m 
-XX:PermSize=${PERMGEN}m 
-XX:MaxPermSize=${MAXPERMGEN}m

EKS Logging Service

A logging service is available for operations related to the encryption key server. Logging is written in file log/ EncryptionServerLog.log. Default level is INFO. It is possible to change the logging level using a property at startup. Here are the possibilities:

  • -Dlog.file.level=LEVEL_TO_USE

  • -Djava.util.logging.config.file=YOUR_LOGGING_PROPERTIES_FILE_PATH

    Here is an example of logging properties file content: com.taleo.integration.client.encryption.key.level=FINE