Marketcetera Platform Authentication

Authentication in the Marketcetera platform covers all participating components. The ORS provides the authentication services.

Quick answers

How do I log onto Photon?

Use enduser as the username and enduser_password for the password.

I entered correct username and password and I still can't login

Make sure Marketcetera Server Components are running. You should see a command line window with the title Marketcetera Server Components. If the Server Components are not running, you can start them from the Start menu under All Programs, open Marketcetera->Start Marketcetera Server Componetns.

Can I change the password?

Yes, you can do that. To this end, read the rest of this page.

So I can make my installation really secure?

This release provides basic authentication. However, it is not fully secure and should not be considered as such. For example, we currently store the passwords in clear text. In addition, the authentication protocol is using a non secure port. These shortcomings are on our 1.0 release to-do list.

Setting up accounts

The accounts recognized by the platform are all listed in <marketcetera installation directory>/ors/conf/ors_users.properties. Each row defines one account in the form user=password.

Users can also be grouped together into groups. Each row of <marketcetera installation directory>/ors/conf/ors_groups.properties defines one group and its members in the form group=user1,user2,.... Presently, groups have no associated semantics; in effect, they are mere placeholders for future use.

The default setup defines the following users in ors_users.properties:

ors=ors_password
tradebase=tradebase_password
enduser=enduser_password

And the following groups are defined in ors_groups.properties:

system=ors,tradebase
endusers=enduser

The enduser(s) user/group is intended for use by Photon, OrderLoader, and all other client applications.

Using accounts

Once accounts are created, they can be used by the platform components:

Photon

Photon asks for the user credentials at startup, or whenever the user requests to reconnect to the ORS. A login dialog is shown and Photon keeps asking for credentials until the user either gives up and clicks the cancel button, or the user supplies the correct credentials.

Tradebase

Tradebase stores its user credentials inside <marketcetera installation directory>/tradebase/config/broker.yml. The credentials must be listed in the production section.

ORS and OrderLoader

The ORS and OrderLoader each provide multiple ways for the user to enter credentials.

1. The credentials can be specified inside <marketcetera installation directory>/ors/conf/ors_user.properties (or <marketcetera installation directory>/orderloader/conf/orderloader_user.properties) in the form:

activemq.user=user
activemq.password=password

2. The command-line, using the -u/-user option for the username, or the -p/-password option for the password, e.g.

runORS.bat -u user -password password

3. After you start the application from the console, the user is prompted to enter any credentials that currently don't exist in the configuration file or supplied in the command line.

It is possible to specify just the user inside a configuration file (or the command-line); then the application will request just a password via the console.

If a credential is provided in both the configuration file and the command-line, the command-line overrides the configuration file.

If the specified credentials are rejected by the ORS server, then the application simply terminates with a failure (it does not ask again for credentials).

A missing credential is the same as a blank (empty) one, i.e.

activemq.user=

is the same as having no row for user;

runORS.bat -u ""

is the same as having no option for user; and pressing Enter without typing a user at the console prompt is the same as if one was never prompted.