Initializing help system before first use

Providing the REST API Credentials

For security reasons, the Xpress software does not accept the credentials to the Insight Server via command line or environmental variable. Instead, for each supported operating system (Windows, Mac, and Linux) the Xpress software integrates with the default secure storage mechanism for that OS.

Windows

When the environment is configured for remote solving, as described in the previous section, Xpress will retrieve the REST API credentials to Insight from the secure storage. The REST API credentials obtained from Insight for your account (see Generating REST API Credentials) need to be entered into the secure storage.

On Windows, Xpress integrates with Credential Manager.
  1. To open Credential Manager, type credential manager in the search box on the taskbar and select Credential Manager Control panel.
  2. Select Windows Credentials to access the manager.
  3. In the Generic Credentials list, click Add a generic credential.
  4. Populate the fields as follows:
    • Internet or network address: ficoxpress:<insight URL>

      e.g. ficoxpress:http://localhost:8080

    • User name: <Client Id value from Insight>
    • Password: <Client secret value from Insight>
  5. Click OK, then close the Credential Manager.

Mac OS

On Mac OS, Xpress integrates with Keychain Access and requires 'application passwords' not 'internet passwords'. Therefore, use of the KeyChain Access UI is not recommended. The command-line security tool should be used which generates 'application passwords'. We also recommend deleting any existing ficoxpress passwords as only the first password will be read by the software.
  1. Open a terminal in interactive mode so credential secrets are not stored in your terminal history.
  2. In your terminal, first delete old passwords for this URL and then create a new one by typing:
    1. security - i
    2. security> delete-generic-password -s ficoxpress:<url>
    3. security> add-generic-password -s ficoxpress:<url> -a <client-id> -w <secret>
    4. security>
  3. Press Ctrl-D to quit the security prompt.

The credentials will now be visible as an "application password" in Keychain.

Linux

On Linux, openssl tools are used to encrypt a file containing the Client id and Client secret.
  1. Set environment variable XPRESS_COMPUTE_AUTH_KEYFILE to the keyfile location. From the Linux bash shell, enter the following command and press Enter: 
    SET XPRESS_COMPUTE_AUTH_KEYFILE = <keyfile_location>
    Note: For security, the <keyfile_location> should be on a different drive to the home directory.
  2. Populate the key file with secure random data. Enter the following command and press Enter: 
    openssl rand -base64 -out $XPRESS_COMPUTE_AUTH_KEYFILE 48
  3. To encrypt the Client ID and Client secret values into a file named .ficoxpress in your home directory, enter the following command, replacing CLIENTID and SECRET with the actual Client ID and Client secret values from the Insight Server: 
    (echo "CLIENTID" ; echo "SECRET" ) | openssl enc -aes-256-cbc -salt -md sha256 -out ~/.ficoxpress -pass file:$XPRESS_COMPUTE_AUTH_KEYFILE
Parent Topic Using the Compute Interface with Xpress

© 2001-2024 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.