Setup

1. Download the Windows (64 bit version)

2. Setup instructions:

   • Create a Windows account (local or domain)
   • Log in and extract the downloaded file, Generate your Licensed file by following the steps outlined in Machine Token Utility (hexaeight.mac)
   • If you plan to use Face Authentication don't forget to run VC_redist.x64.exe before configuring your Token Server and change the FACEAUTHENTICATION environment variable to True in the next section

3. Ensure the License environment variables have been set:

   • HEXAEIGHT_RESOURCENAME
   • HEXAEIGHT_MACHINETOKEN
   • HEXAEIGHT_SECRET
   • HEXAEIGHT_LICENSECODE
   • HEXAEIGHT_ALLOW_CAPTCHA_FOR=ANYONE
   • ENABLE_HEXAEIGHT_FACERECOGNITION=False

   Use the set or setx command as described in the Machine Utility section upon obtaining your License.

Configuration

1) Generate Captcha configuration files: - This will create the required configuration files: captchapolicy.csv & captchamodel.conf

C:\Data\machinetoken>HexaEight_Token_Issuer.exe -y
Captcha Configuration CSV Files - Generated Successfully

C:\Data\machinetoken>dir cap*
 Volume in drive C has no label.
 Volume Serial Number is 6899-B06C

 Directory of C:\Data\machinetoken

09/11/2024  01:54 PM               512 captchamodel.conf
09/11/2024  01:54 PM               979 captchapolicy.csv
               2 File(s)          1,491 bytes
               0 Dir(s)     977,915,904 bytes free

---

2) Generate the Timecode required for Token validation.

C:\Data\machinetoken>HexaEight_Token_Issuer.exe -t
Enter Synchronization Time Code : [Press Enter To Generate a New Time Code]
Generating New Time Code ...
New Time Code : 28768365
Attempting to Set This Token Server To Use This Time Code ...
Succeded.


C:\Data\machinetoken>dir clients
 Volume in drive C has no label.
 Volume Serial Number is 6899-B06C

 Directory of C:\Data\machinetoken\clients

09/12/2024  06:20 AM    <DIR>          .
09/12/2024  06:20 AM    <DIR>          ..
09/12/2024  06:20 AM               988 auth.hexaeight.dns-dynamic.net.slf
               1 File(s)            988 bytes
               2 Dir(s)     977,133,568 bytes free

• The .slf file in clients directory indicates that the Time code Key was successfully generated

---

3) Advanced Security : Edit captchapolicy.csv to specify only allowed email domains (Optional)

# Captcha Sample Policy File

# -----------------------------------------------------
# Allow Any Email Address to request for a Captcha
# Denying a captcha for a user might result in the user
# not being able to complete the login process.
# -----------------------------------------------------
# -------------------------------------------------------------------
#   EMAILUSER | AUTHSERVER | REQUEST | PERMISSION
# -------------------------------------------------------------------
p, /*@gmail.com, auth.hexaeight.dns-dynamic.net, CAPTCHA, enable
p, /*@yahoo.com, auth.hexaeight.dns-dynamic.net, CAPTCHA, enable
p, /*@microsoft.com*, auth.hexaeight.dns-dynamic.net, CAPTCHA, enable
p, /*@photonemail.com*, auth.hexaeight.dns-dynamic.net, CAPTCHA, enable

---

4) Custom port and HTTPS (Optional) - Modify appsettings.json to change the default HTTP port (5000) or add HTTPS support.

{
  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "http://0.0.0.0:8080"
      },
        "HttpsInlineCertFile": {
        "Url": "https://0.0.0.0:8443",
        "Certificate": {
          "Path": "certificate.pfx",
          "Password": "CertificatePassword"
        }
      },
    }
  }
}

---

5) Start the Token Server by Enabling Quick and Enterprise mode flags: - The Quick mode uses faster encryption algorithm while the enterprise mdoe ensures it can support multiple Token Servers in the same environment

C:\Data\machinetoken>HexaEight_Token_Issuer.exe -q -e
Token Server Quick Mode Enabled.
Enterprise Mode Enabled.

Current Resource Owner:auth.hexaeight.dns-dynamic.net
----------------------
Note: Ensure to verify the permissions of the current Directory
 and remove everyone except Service owner for Security purposes.

HexaEight Tokens
----------------
Default Swagger URL : http://hostname:PORT/swagger/index.html
If you do not have a appsettings.json file the default PORT is 5000
Determining and Completing List of External Resources For Fetching ASK Keys... Done
HexaEight Token Server Started Successfully

---

6) Launch HexaEight Token Server at boot time (Optional)

• Use tools like nssm to create a Windows service
• This ensures your Token Server starts automatically at boot time
• Don't forget to open the firewall port (default: 5000)

Sample starttokenserver.bat

timeout /t 30
c:\Data\machinetoken\HexaEight_Token_Issuer.exe -q -e 1>c:\Data\machinetoken\tokenserver.log 2>c:\Data\machinetoken\tokenserver.err

:loop

timeout /t 5
c:\Data\machinetoken\HexaEight_Token_Issuer.exe -q -e 1>c:\Data\machinetoken\tokenserver.log 2>c:\Data\machinetoken\tokenserver.err

goto loop

Sample nssm commands

nssm install <ServiceName> C:\path-to\tokenserver\starttokenserver.bat
nssm set <ServiceName> ObjectName ".\<current Username>" "<your Password>"
nssm set <ServiceName> AppDirectory "C:\path-to\tokenserver"
nssm set <ServiceName> Start SERVICE_DELAYED_AUTO_START

---