Web Applications and the Importance of keeping up-to-date

What & Why

When integrating with web applications such as Shopify, Salesforce, Concur, Amazon the most difficult challenge is often dealing with security and authorisation.

These challenges are through the stack: operating system, framework & IMan.

These challenges are changing frequently and may change suddenly.

This article specifies the current IMan compatibility, challenges and why you should be regularly updating Windows and IMan.

This isn’t a picnic, it’s war out there, war is hell, and you need to be prepared as such!

TLS

TLS (Transport Layer Security) is the standard protocol for secure communications. It is the protocol used for securing https, email, remote database connections & SSH.

There are different versions (1.0, 1.1, 1.2 & 1.3) of the protocol. The current defacto-version of the protocol is 1.2, 1.3 is increasingly supported, but 1.2 should be around for a long time.

Protocols can be found to have flaws and as such can be deemed unsecure, necessitating a new protocol or version. This happened with heartbleed which effectively invalidated the SSL protocol.

The TLS version is auto-negotiated by the client & server, where the server dictates the minimum version. If the client doesn’t support the minimum version, the connection will fail.

TLS Cipher

Within the TLS protocol are a set of standard cipher suites. The cipher is the mathematical set of operations applied to data sent through the protocol.

Some cipher suites are more secure than others.

During the negotiation phase the server and client will agree the cipher to use. If the client and server cannot agree the cipher suite the connection will fail.

TLS – Windows, .net & IMan Support and Interplay

IMan is built on .net Framework, which ultimately runs on Windows Workstation and Server.

IMan (and the various components within) do not create and negotiate TLS connections, instead we rely on a combination of functionality provided by .net and Windows. When making a connection IMan does not have any real control over the version or agreed cipher. If the connection fails because either the TLS version or cipher cannot be agreed there is little we can do.

Services can and do terminate support for different TLS versions and even different cipher suites. It is important to keep both Windows and IMan up to date to prevent unwanted outages.

IMan TLS Support

Version 4.2 PU5 and all Version 5 support TLS 1.2.

Earlier versions of IMan may have patchy support where https connections support TLS 1.2, but email may fail.

IMan is reliant on .net and ultimately on Windows for opening and negotiating the connection.

Windows 10, Windows Server 2016, 2019 & 2022 all support the TLS 1.2 with all the current secure ciphers.

Windows Server 2012 supports TLS 1.2, but even with a fully patched server some of the more secure cipher suites are not supported. Some services may allow only a limited set of secure cipher suites and therefore connections to these services from IMan will fail.

Authentication (OAuth 2.0 Authorisation Code Flow)

Authentication is another moving target. First there were passwords, then secure passwords, multi-factor (MFA) and OAuth 2.0 authentication methods.

Services/applications are increasingly required to support OAuth 2.0 and Authorisation Code flow. Instead of a simple username and password (sent on each request) the OAuth authorisation code flow requires you to login to the application, and on success the application will post back an authorisation code which is then exchanged for an access token.

Hosted Sage200, SageX3, Concur, Shopify, Salesforce, Shopee, Amazon are services which are either phasing out older connection methods or have simply never supported older, less secure authentication methods.

In version 5.0 we have introduced capability to both System Connectors and OAuth 2.0 Authentication to support this method of authentication.

This is supported through the Authorise button at the bottom of both screens.

We will over the next several product updates refine, expand and improve the experience. Authorisation Code flow will also be ported to email and other services.

We will not be back porting this functionality to earlier versions of IMan.

Software Assurance & OAuth 2.0 Authorisation

When authenticating using the Auth Code Flow must have a public URL for the service to post the callback containing the authentication code.

Since your on-premise IMan probably does not have a public facing URL/IP we now have a public service providing this functionality. This service is monitored by ourselves, maintained and will evolve to meet the changing needs.

As a consequence, any authentication requests from IMan will first check if your Software Assurance is current. If your serial is invalid or software assurance has lapsed your authorisation attempt will fail.

Summary

In short, anyone integrating with web applications and services need to:

  • Host IMan on a recent version of Windows (Server). We recommend 2019 and above.
  • Keep Windows Patched
  • Update IMan Regularly. As a result of the backend changes introduced in Version 5.0 we will be releasing product updates on a very regular basis.

Contact

Realisable Software Ltd provides code-free, cost-effective applications integration solutions for SMEs. Our core IMan product is designed to integrate almost any application with a number of Sage solutions and online payment processors.

Looking to purchase IMan, please see our resellers here.

Realisable Software
Ph: +44 (0) 208 123 1017

Copyright © Realisable. All rights reserved.
Realisable is a registered trademark

Close

Request Demo

Realisable Software Ltd provides code-free, cost-effective applications integration solutions for SMEs. Our core IMan product is designed to integrate almost any application with a number of Sage solutions and online payment processors.

Looking to purchase IMan, please see our resellers here.

Realisable Software
Ph: +44 (0) 208 123 1017

Copyright © Realisable. All rights reserved.
Realisable is a registered trademark

Close

Access Downloads

Realisable Software Ltd provides code-free, cost-effective applications integration solutions for SMEs. Our core IMan product is designed to integrate almost any application with a number of Sage solutions and online payment processors.

Looking to purchase IMan, please see our resellers here.

Realisable Software
Ph: +44 (0) 208 123 1017

Copyright © Realisable. All rights reserved.
Realisable is a registered trademark

Close