Anaplan API Authentication service - nuances...


Official documentation from Anaplan:


In order to successfully connect to the Anaplan Authentication service you will need to:

  1. Generate a CA certificate. with access to both the public certificate and the private key
  2. Add the public cert to the anaplan security site
  3. Generate random byte** string
  4. Sing random byte** string

**the random byte string IS NOT just a random string of characters. the byte referred to is actually a data field type. I have tested using random strings and encoding it and has not worked. The only way i got it to work is following the example of the Java script, and creating the random string and signed random string. An alternative method is to use anaplan's packaged process. This process calls the Anaplan Connect .jar file, which is part of zip file. This call only goes to the authentication value creation.

To use the anaplan process a Java Key Store (JKS) will need to be created. Once created, the .bat file included in the zip file will need to updated with the JKS location, JKS alias and JKS password. Screenshot of the successful process completion is provided below.


Here is the zip file of the certificate generator provided by the anaplan support team: certAuthGenerator.7z 

The file: certAuthGenerator.bat needs to be configured to match your JKS (Java Key Store)




OR you can use the code below to create the same result

I have posted some code below. I used Eclipse to execute.


import java.util.Random;
import java.util.Base64;
import java.util.UUID;
public class anaplan_random_150_string_encoded {
    public static void main(String[] args) {
        // TODO Auto-generated method stub
            System.out.println("The strings are created below");
            char[] password = "password".toCharArray();
            String alias = "alias_name_here";
            String keystoreFilename = "C:/OpenSSL-Win64/bin/<Java_Key_Store_file>";
            SecureRandom random = new SecureRandom();
            byte bytes[] = new byte[150];
            String encodedData = Base64.getEncoder().encodeToString(bytes);
            try {
                KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
                FileInputStream fis = new FileInputStream(keystoreFilename);
                    ks.load(fis, password);
                    PrivateKey key = (PrivateKey)ks.getKey(alias, password);
                    //Use SHA512withRSA with RSA keys, SHA512withDSA for DSA keys,...
                    //See supported algorithm here: <a href="<a href="" target="_blank"></a>" target="_blank"><a href="</a" target="_blank"></a</a>>
                    String signatureAlgorithm = "SHA512withRSA";
                    //Digital Signature
                    Signature sig = Signature.getInstance(signatureAlgorithm);
//                    sig.update(Files.readAllBytes(Paths.get(file)));
                    byte[] signature_bytes = sig.sign();
                    String encodedData_signed = Base64.getEncoder().encodeToString(signature_bytes);
                    System.out.println("Encoded signed data: " + encodedData_signed);
            } catch (KeyStoreException e) {   
                // TODO Auto-generated catch block
//            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            //KeyStore keyStore = KeyStore.getInstance("JKS");
 catch (FileNotFoundException e) {
                // TODO Auto-generated catch block
            } catch (GeneralSecurityException e) {
    // TODO Auto-generated catch block
} catch (IOException e) {
    // TODO Auto-generated catch block
            System.out.println("Encoded data: " + encodedData);


random string generation  Expand source



  • Hi @Jason_C 

    I used the same script

    Iam able to generate the encode signed data and encoded data using java code. Now what are the next steps to connect to anaplan? 

  • Is there any other way to acquire the reference "*.bat" file? I do not have access to the linked Sonos Confluence page.