Step 4 - Using the Service Manager
General Tab
After finalizing the configuration changes within the RAS Service, it must be restarted to make the changes effective. The RAS Service Manager module allows operators to start, stop or restart the RAS Service and also make changes to service related configurations. Also, it provides the operator to select either to run the RAS Service in Service Mode or Gateway Mode by selecting the respective radio button from RAS Service Mode section. By default, Enable Service Mode option is selected.
Follow the link Service Manager > General, it will show the following screen:
If operator selects the Enable Gateway Mode option then following screen is show:
The Configuration items are as follows:
Items |
Description |
||
Server Names |
The address of RAS Service being controlled from this Service Manager. Ensure the address points to the correct service URL, i.e. if you are running the service on multiple machines in a load-balanced configuration, then ensure the (selected) name is correct for the particular instance that needs to be started/stopped/restarted. By default it will display the URL of local machine. |
||
Start |
Start the service. Status will change to “Running” after a successful start. |
||
Stop |
Stop the service. Status will change to “Stopped” after the service is stopped. |
||
Restart |
Stop and then start the service in one go, Status will change to “Running” after a successful restart. |
||
RAS Service Mode |
This section provides the operator with two modes i.e. Service Mode and Gateway Mode. Operator can select respective radio button to either configure the RAS as a service or gateway to a remote RAS Server. |
||
Enable Service Mode |
When this radio button is selected, RAS Service will run in Service Mode. |
||
Default Settings |
This sections define the configurations required by a Client to access RAS Service. |
||
Client ID |
Shows the Client ID of RAS Service. Client applications where Client ID is not available RAS Service will use this Client ID as default client. RAS service verifies that this is a registered Client ID within the Client Manager module before granting access to this service. This Client ID will be use for request from Go>Sign Mobile app or requests to RAS service via CSC protocol.
|
||
HMAC key to generate OAuth Tokens |
Select a HMAC key that, which pre-exists in the Key Manager, will be used by ADSS RAS Service to generate the OAuth tokens. A default HMAC key comes pre-bundled with the ADSS Server installation. This can be replaced with operator generated HMAC keys that may either exist in software (database) or on a PKCS#11 device e.g. an HSM. |
||
Authorisation Certificate Settings |
This sections define the configurations required for certification service to be used for mobile device authorisation certificate generation. |
||
Certification Service Address |
Use this field to add certification service address(es). |
||
List of Certification Service Addresses |
This field shows the Certification Service addresses that can be used to obtain certificates for keys generated within SAM Service and typically used for remote signing. Multiple service addresses can be added. The "Test" button checks that the ADSS Server is available. The "Remove" button deletes a configured Certification Service address. |
||
Certification Profile |
Specifies the certification profile to be used. Note: This profile must not allow Enable key pair generation through RAS. |
||
Client ID |
Shows the Client ID of Certification Service. RAS Service will send this Client ID while communicating with Certification service. Certification service verifies that this is a registered Client ID within the Client Manager module before granting access to this service. |
||
Use TLS Client Authentication |
If this option is enabled then RAS service will communicate with Certification service using TLS client authentication. Select the TLS Client Certificate which pre-exists in the Key Manager. Note: It is required to register the Issuer CA of the TLS Client certificate in Trust Manager with the CA for verifying TLS client certificates purpose. |
||
Push Notification Settings |
This section defines the configurations required for push notifications using third party Firebase platform. It allows ADSS Server to send push notifications to Go>Sign Mobile App. For this purpose, ADSS Server needs to be registered with the Firebase platform. |
||
Server Address |
Specify the server address that has been provided by Firebase during account configuration, e.g. https://fcm.googleapis.com/fcm/send |
||
Server Key |
Specify the server key that has been provided by Firebase during account configuration, e.g. "key=BPJazCSYmww9o0Gpc1EzbJiyOe95GR7VCScN_nTc". |
||
Notification Title |
Specifies the title for push notification being send to the Go>Sign Mobile App. |
||
Notification Message |
Specifies the message for push notification being send to the Go>Sign Mobile App. |
||
Enable Gateway Mode |
When this radio button is selected, RAS Service will run in Gateway Mode to communicate with a remote RAS Server. |
||
RAS Service Address |
Use this field to add RAS Service address(es). |
||
List of RAS Service Addresses |
This field shows the RAS Service addresses that can be used to communicate with remote RAS Servers. Multiple service addresses can be added. The "Test" button checks if the selected RAS Server is available for communication. The "Remove" button deletes a configured RAS Service address. |
||
RAS Profile |
Optionally specifies the RAS profile to be used for back-end RAS Service request. Note: If not configured then request will be forwarded to back-end RAS service without RAS profile and the back-end RAS Server will use the default RAS profile configured against the Client in Client Manager. |
||
Client ID |
Define the Client ID registered in back-end RAS Service. RAS Service will use this Client ID while communicating with back-end RAS Service. The back-end RAS service verifies that this is a registered Client ID within the Client Manager module before granting access to the service. |
||
Client Secret |
Provide the Client Secret generated against above configured Client when it was registered in back-end RAS Service. |
||
Use TLS Client Authentication |
If this option is enabled then RAS Service will communicate with back-end RAS Service using TLS client authentication. Note: By default it is disabled. |
||
Certificate |
Select the client TLS certificate which pre-exists in the Key Manager. Note: It is required to register the Issuer CA of the client TLS certificate in Trust Manager with the purpose CA for verifying TLS client certificates. |
Service Information Tab
This tab displays information about RAS Service and its capabilities. The clients can retrieve this information by invoking "/info" API of CSC Protocol and the information configured on this screen will be returned in response. All the information on this tab is configured according to the CSC specification.
Follow the link Service Manager > Service Information, it will show the following screen:
The configuration items are as follows:
Items |
Description |
Service Name |
This field shows the remote service that will have a default value as shown in the image above. The operator can change the service name as per his/her choice. Note: Maximum 255 characters are allowed. |
Service Logo |
This field contains the URI of the logo image of the service. The operator can change its value as required. |
Country |
This field represents the country where the service is operating. The drop-down will list the countries and the operator can update its value by selecting the required country. |
Language |
This field represents the language supported by the service. The operator can select the required language from the drop-down list in order to update its value. |
Description |
This filed represent the description of the service. The default value is shown in the image above. The operator can change its value to their own description as required. Note: Maximum 255 characters are allowed. |
Authorisation Server Base URI |
This field defines the Base URI of the OAuth2 interface of RAS Service. Business Applications can use this base URI to invoke OAuth2 APIs of RAS Service. |
CSC Specification Version |
This field shows the CSC specification version that is being currently supported i.e. 1.0.3.0. |
Authorisation Type |
This field represents the authorisation types supported by RAS Service. The supported types that are shown in the above image as default are:
Note: This is a read only field and operator cannot change its value. |
Methods |
This field shows the CSC methods (APIs) supported by RAS Service. The supported methods include:
Note: This is a read only field and operator cannot change its value. |
Ensure all the changes are saved by clicking the Save button and restart the service to take changes effect.. |
See also
Step 1 - Configuring RAS Profile
Step 2 - Registering Business Applications
Step 3 - Configuring Notification Settings