Touchstone hot fix 12.2.7 addendum

Guidelines to configure Touchstone with a set token-based OKTA SSO credentials to authenticate with AnalyzeRe PRIME and, to customize timeout during authentication.

This configuration is optional. If users prefer not to use token-based OKTA SSO credentials to authenticate, the user can use Touchstone's standard authentication process.

This hot fix also offers a new configurable option for timeout during authenticating. The default timeout is set to 30 seconds.

For a list of all hot fixes and service packs, refer to Hot Fixes and Service Packs.

For a list of known issues, refer to Known Issues.

Configure Prime Connection for OKTA Authentication

The file XMLRepo.xml is located in Program Files\AIR\HPC folder of every compute node of Touchstone cluster.

  1. In the SettingsCredentials section, verify the URL is set to the actual address of PRIME server.
  2. Update the UseOAuth setting from "false" (the default) to "true".

    Setting UseOAuth to true forces client to use M2M mechanism for authentication If UseOAuth is set to false, or absent from config, client falls back to existing basic authentication.

  3. In the DefaultAnalyzeReSettings section, change the DefaultRequestTimeout parameter from 30000 (30 seconds, the default) to something higher, say 60000 (60 seconds).

Obtain OKTA Credentials

  1. Contact your Analyze Re representative and request Okta credentials for your organization.

    You will receive a file containing content similar to this:

    export BASE_URL=YOUR_PRIME_SERVER_URL
export OAUTH_TOKEN_URL=YOUR_OAUTH_TOKEN_URL
export OAUTH_CLIENT_ID=YOUR_OAUTH_CLIENT_ID
export OAUTH_CLIENT_SECRET= YOUR_OAUTH_CLIENT_SECRET
  2. Update and save the XMLRepo.xml file.

Configure Okta authentication

  1. For each line starting with OAUTH_TOKEN_URL, OAUTH_CLIENT_ID, and OAUTH_CLIENT_SECRET copy text value starting right after equal sign (“=”), encrypt it with Encryption Utility if necessary, and paste encrypted value in XMLRepo.xml file making it values of following tags (replace strings surrounded by **):
    Key Target XMLRepo.xml tag Encrypt
    OAUTH_TOKEN_URL OAuthTokenUrl Yes
    OAUTH_CLIENT_ID OAuthClientId Yes
    OAUTH_CLIENT_SECRET OAuthClientSecret Yes
    BASE_URL URL No
  2. Set value of UseOAuth to "true".
  3. Configure Request Timeout.
  4. Additionally, you can change default request timeout to a value other than pre-set 30 seconds.
  5. Uncomment the following line in XMLRepo.xml:

  6. Set desired value expressed in milliseconds (60 seconds in example above) as a value of DefaultRequestTimeout tag.
  7. Save the file.

If you have questions or need assistance, please contact your Verisk representative.