The ADSS Signing Service keep record of every request and corresponding response made to the service in the transactions log for auditing purpose. Each item in the image is described below:

Each item in the screenshot is described below:

Items

Description

Clear Search

After a Search this window will only show the filtered records.The Clear Search button is used to view the full set of records.

Search

This opens a new window where search criteria can be entered based on each column of the transaction grid.

Customise Columns

This opens a new window to configure which column need to be shown on the grid and which column need to be hidden. See below for details.

Export Logs

Exports the selected transactions log into a zipped CSV file in human readable format.

Verify Integrity

Verifies the integrity of the RA service transaction log records. It detects tampered records and generates a report that can be exported to a physical drive. When exporting HMAC verification reports, it is recommended to save the file with “.html” extension so that the report can be viewed in an internet browser

|< < > >|

These buttons are for navigating the different pages of the transaction log.

Note: The number of records shown per page is configurable from within Global Settings

Export Logs

Exports the transactions logs into a zipped CSV file in human readable format.

Verify Integrity

Verifies the integrity of the certification service transaction log records. It detects tampered and deleted records and generates a report that can be exported to a physical drive.

Note: When exporting HMAC verification reports, it is recommended to save the file with “.html” extension so that the report can be viewed in an internet browser.

Show Archived

This opens a new window where you can import and view previously archived file i.e. archived/exported transactions log.

Log ID

A unique serial number for the log record, it is system-defined and not part of the request/response messages.

Request Type

This element identifies the type of request that was received. The acceptable requests are:

  • Hash
  • Sign
  • Status
  • Assembly
  • Empty Signature

Note: Each request type is described in detail in the ADSS Server Developers Guide.

Response Status

This shows which response is returned. Possible values are: 

  • Success
  • Failed
  • Pending
  • Cancelled

Request Time

Records the date/time when the request was received.

Response Time

Records the date/time when the response was sent.

Request/Response

Provides a link to view the request/response messages.

Note: The document to be signed/ signed document will not be saved in the request/response messages by default.

Remote Server Request/Response

It contains the request and response information of the communication done with the remote Signing Server. It will help the admin to observe what information was exchanged with the remote server.

Input Document

Click on "View" link to display the input document for the specific signing transaction. View link will only be present if documents are being stored in the log files (which is not the default option).  

Note: In order to enable this feature see the Service Manger for more details.

Output Document

Click on "View" link under this column to display the output document for the specific signing transaction. View link will only be present if documents are being stored in the log file (which is not the default option). 

Note: In order to enable this feature see the Service Manger for more details.

Client ID

This is the Client ID as found in the request message. ADSS Signing Service verifies it is a legitimate Client ID as registered in the Client Manager module before granting access to the signing service. For more details see the link Registering Business Applications.

TLS Cert

Clicking on “View” link under this column displays the TLS client authentication certificate. The “View” link is only present when TLS client authentication was used to send requests to the signing service.

Signing Cert

Clicking on “View” link under this column displays the request signing certificate. The “View” link is only present when a signed request was sent to the certification service.

Note: The signed requests are only supported to issue X.509 certificates and its not relevant for CV certificate used in E-Passport.

Error Code

Hover your mouse over the "View" link to show the error message e.g. Signature computation failure, Signing Service Disabled etc.


The Signing Service transaction records can be sorted in either ascending or descending order by selecting a table column from the drop down list. From the drop down menu in above screen, choose Import Archived and click on Go button. This will show the following screen: 


Items

Description

Import archived transaction file

Use this option to browse the archived log file in zip format from the operator machine. By using this option the archived log file is uploaded on the ADSS Server. 

It can be an expensive operation if the file is of large size so the operator is allowed to upload a file with maximum size up to 25 MB. Use the archived file path option for files bigger than 25 MB.

Archived transaction file path

Use this option if the file size is greater than 25 MB. This option does not upload the archived file to the server. Rather the server reads the file from given file path before importing which is faster than the above option. You can either specify the local file system path or a network path.

Note: Do specify the archived log file name in the file path.


The archived files were created in the csv format till ADSS Server v4.7.5 but from v4.7.6 and onward the archived files are zipped to save the disk space when archiving. If you are importing the archived files created using a pre-v4.7.6 deployment to ADSS Server v4.7.6 or later then first zip them before importing otherwise ADSS Server will not recognise them as correct archived files.


As explained above, clicking on the Search button on Signing Transactions Log Viewer displays following screen:

  

This helps to locate a particular type of signing service transaction. The transaction can be searched based on "Request ID", "Client ID", "Doc Signing Cert", "Request Type", "Response Status", "Request Time From", "Request Time To", "Response Time From" and "Response Time To". If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.

​If "_" character is used in the search then it will act as wildcard.


Clicking on the Customise Columns button on Signing Transactions Log Viewer displays following screen:

 

By default few columns are in the "Selected Columns" list. In order to hide a column move the required column to "Available Columns" list.

Each log record within the database is protected with a cryptographic HMAC checksum to detect any intentional or accidental modification of records. Clicking the Verify Integrity button verifies the log integrity by checking each checksum and generates a report as shown below:

Click on the Export logs button to export the request/response to a network file. 
Clicking the Fix HMAC Errors button will re-calculate the HMAC for tempered transaction logs records for this module.

Note: This option will not detect the unauthorized deleted records but it will only fix the unauthorized modifications and/or ambiguous records for which HMAC value is not present/incorrect.

Verify Integrity feature is available for the transactions log of all services within ADSS Server.


Clicking on the link for Log ID shows detail of the selected transaction as shown below:

In case when Two-factor authentication (also known as 2FA) is enabled, then clicking on the Log ID will show the relevent authentication log details along with current transaction log details as shown below:



Clicking on View link under the request/response column for an XML request shows the XML request and response for the selected signing transaction in different tabs:

Clicking on the Response tab shows the XML response as below:

You can export the request/response XML files on to a physical drive by clicking the relevant Export button.

Note: The ADSS Signing Service also provides an optimised HTTP interface. This interface is used for example by the ADSS Auto File Processor (AFP) for fast signing of documents from Watched Folders.  Hence in this case there is no longer any XML/SOAP encoding to be displayed for the transaction. Therefore clicking on the view link under Request/Response column for an HTTP request/response fields are displayed as shown below:

Clicking on the Response tab shows the response for the selected transaction over HTTP


See also

Configuring the Signing Service

PDF Signature Appearances
PDF Signature Locations
Authentication Logs

Logs Archiving

Alerts
Management Reporting
Optimising ADSS Signing Server Performance

Signing Service Interface URLs