General Tab

After finalizing the configuration changes within the RAS Service, it must be restarted to make the changes effective. The RAS Service Manager module allows operators to start, stop or restart the RAS Service and also make changes to service related configurations. Also, it provides the operator to select either to run the RAS Service in Service Mode or Gateway Mode by selecting the respective radio button from RAS Service Mode section. By default, Enable Service Mode option is selected.

Follow the link Service Manager > General,  it will show the following screen:

If operator selects the Enable Gateway Mode option then following screen is show:



The configuration items are as follows: 

Items

Description

Server Names

The address of RAS Service being controlled from this Service Manager. Ensure the address points to the correct service URL, i.e. if you are running the service on multiple machines in a load-balanced configuration, then ensure the (selected) name is correct for the particular instance that needs to be started/stopped/restarted. By default it will display the URL of local machine.

Start

Start the service. Status will change to “Running” after a successful start.

Stop

Stop the service. Status will change to “Stopped” after the service is stopped.

Restart

Stop and then start the service in one go, Status will change to “Running” after a successful restart.

RAS Service Mode

This section provides the operator with two modes i.e. Service Mode and Gateway Mode. Operator can select respective radio button to either configure the RAS as a service or gateway to a remote RAS Server.

Enable Service Mode

When this radio button is selected, RAS Service will run in Service Mode.

Default Settings

This sections define the configurations required by a Client to access RAS Service. 

Client ID

Shows the Client ID of RAS Service. Client applications where Client ID is not available RAS Service will use this Client ID as default client. RAS service verifies that this is a registered Client ID within the Client Manager module before granting access to this service. This Client ID will be use for request from Go>Sign Mobile app or requests to RAS service via CSC protocol.

​A default RAS profile must be defined against this client in Client Manager in order to process the requests from client applications i.e. Go>Sign Mobile app or CSC protocol etc.

HMAC key to generate OAuth Tokens

Select a HMAC key that, which pre-exists in the Key Manager, will be used by ADSS RAS Service to generate the OAuth tokens. A default HMAC key comes pre-bundled with the ADSS Server installation. This can be replaced with operator generated HMAC keys that may either exist in software (database) or on a PKCS#11 device e.g. an HSM.

Authorisation Certificate Settings

This sections define the configurations required for certification service to be used for mobile device authorisation certificate generation. 

Certification Service Address

Use this field to add certification service address(es).

List of Certification Service Addresses

This field shows the Certification Service addresses that can be used to obtain certificates for keys generated within SAM Service and typically used for remote signing. Multiple service addresses can be added. The "Test" button checks that the ADSS Server is available. The "Remove" button deletes a configured Certification Service address.

Certification Profile

Specifies the certification profile to be used. 

Note: This profile must not allow Enable key pair generation through RAS.

Client ID

Shows the Client ID of Certification Service. RAS Service will send this Client ID while communicating with Certification service. Certification service verifies that this is a registered Client ID within the Client Manager module before granting access to this service.

Use TLS Client Authentication

If this option is enabled then RAS service will communicate with Certification service using TLS client authentication. Select the TLS Client Certificate which pre-exists in the Key Manager

Note: It is required to register the Issuer CA of the TLS Client certificate in Trust Manager with the CA for verifying TLS client certificates purpose.

Push Notification Settings

This section defines the configurations required for push notifications using third party Firebase platform. It allows ADSS Server to send push notifications to Go>Sign Mobile App. For this purpose, ADSS Server needs to be registered with the Firebase platform.  

Server Address

Specify the server address that has been provided by Firebase during account configuration, e.g. https://fcm.googleapis.com/fcm/send

Server Key

Specify the server key that has been provided by Firebase during account configuration, e.g. "key=BPJazCSYmww9o0Gpc1EzbJiyOe95GR7VCScN_nTc". 

Notification Title

Specifies the title for push notification being send to the Go>Sign Mobile App.

Notification Message

Specifies the message for push notification being send to the Go>Sign Mobile App.

Enable Gateway Mode

When this radio button is selected, RAS Service will run in Gateway Mode to communicate with a remote RAS Server.

RAS Service Address

Use this field to add RAS Service address(es).

List of RAS Service Addresses

This field shows the RAS Service addresses that can be used to communicate with remote RAS Servers. Multiple service addresses can be added. The "Test" button checks if the selected RAS Server is available for communication. The "Remove" button deletes a configured RAS Service address.

RAS Profile

Optionally specifies the RAS profile to be used for back-end RAS Service request. 

Note: If not configured then request will be forwarded to back-end RAS service without RAS profile and the back-end RAS Server will use the default RAS profile configured against the Client in Client Manager.

Client ID

Define the Client ID registered in back-end RAS Service. RAS Service will use this Client ID while communicating with back-end RAS Service. 

The back-end RAS service verifies that this is a registered Client ID within the Client Manager module before granting access to the service.

Client Secret

Provide the Client Secret generated against above configured Client when it was registered in back-end RAS Service.

Note: Don’t share the Client Secret with anyone. Once the client secret is configured then operator cannot see it because once operator leave this page the client secret will be masked with asterisks for security reason and cannot be seen again.

Use TLS Client Authentication

If this option is enabled then RAS Service will communicate with back-end RAS Service using TLS client authentication. 

Note: By default it is disabled.

Certificate

Select the client TLS certificate which pre-exists in the Key Manager. 

Note: It is required to register the Issuer CA of the client TLS certificate in Trust Manager with the purpose CA for verifying TLS client certificates.


Service Information Tab

This tab displays information about RAS Service and its capabilities. The clients can retrieve this information by invoking "/info" API of CSC Protocol and the information configured on this screen will be returned in response. All the information on this tab is configured according to the CSC specification. 

Follow the link Service Manager > Service Information, it will show the following screen:

The configuration items are as follows: 

Items

Description

Service Name

This field shows the remote service that will have a default value as shown in the image above. The operator can change the service name as per his/her choice. 

Note: Maximum 255 characters are allowed.

Service Logo

This field contains the URI of the logo image of the service. The operator can change its value as required.

Country

This field represents the country where the service is operating. The drop-down will list the countries and the operator can update its value by selecting the required country.

Language

This field represents the language supported by the service. The operator can select the required language from the drop-down list in order to update its value.

Description

This filed represent the description of the service. The default value is shown in the image above. The operator can change its value to their own description as required. 

Note: Maximum 255 characters are allowed.

Authorisation Server Base URI

This field defines the Base URI of the OAuth2 interface of RAS Service. Business Applications can use this base URI to invoke OAuth2 APIs of RAS Service.

CSC Specification Version

This field shows the CSC specification version that is being currently supported i.e. 1.0.4.0. 

Note: This is a read only field and operator cannot change its value.

Authorisation Type

This field represents the authorisation types supported by RAS Service. The supported types that are shown in the above image as default are:

  • basic
  • oauth2code
  • oauth2client

Note: This is a read only field and operator cannot change its value.

Methods

This field shows the CSC methods (APIs) supported by RAS Service. The supported methods include:

    1. auth/login
    2. auth/revoke
    3. credentials/list
    4. credentials/info
    5. credentials/authorize
    6. signatures/signHash
    7. oauth2/authorize
    8. oauth2/token
    9. oauth2/revoke

Note: This is a read only field and operator cannot change its value.


Ensure all the changes are saved by clicking the Save button and restart the service to take changes effect.

 
See also

Step 1 - Configuring RAS Profile

Step 2 - Registering Business Applications
Step 3 - Configuring Notification Settings