Appian restricts communications between the engine servers and the application server(s) using a security token and a secure license. It is possible to run Appian without the token, which causes an error message to be logged.
Appian Engines are bound to your application server(s) using a security token.
- The security token prevents unauthorized calls to the engines that might cause denial of service.
- Unauthorized calls can be made by unauthorized network intrusions or by common security applications that scan server ports.
- When a custom security token is used, only trusted systems are permitted to make calls to the engines.
- The security token can be any string of 256 characters (not simply alpha-numeric).
Installing a Secure Token
A default security token is automatically installed by the Appian setup program. The default security token (appian.sec) is a 256 character string of letters. All default tokens are identical.
Generating a Custom Security Token
- With the application server shut down and engine servers shut down, generate a random 256 character string of alpha-numeric characters using a text editor.
- Remove any line breaks if you use the string supplied by the external link.
- Save the new security token in the following location:
- When an appian.sec file is placed in this directory, it is used instead of the default security token.
- Note: If you search for the
appian.sec file, you will find the default token file in several directories. These do not need to be deleted or modified. The file placed in
<APPIAN_HOME>/conf/ takes precedence.
- (Multi-server installations) Save the
appian.sec token in the location listed above on each server in your instance, including servers that only run Appian engines. Security tokens on each server in an instance must be identical.
- Generate a unique security token for each installation to retain the full security benefits of this feature.