Client Manager
The ADSS Client Manager module is used to control business application access to the following ADSS Server services:
The other ADSS Server services including ADSS TSA, ADSS OCSP and ADSS SCVP are not controlled by client manager since these are more general services offered to a wide range of end-user clients and not to a smaller number of business application clients. These services use their own Access Control module to allow open or restricted access.
For the bullet point list of trust services shown above, these are based on an XML/SOAP Web Services interface and the interaction of end-users with these services is typically done via business applications which in turn make requests to ADSS Server. This section explains how these client business applications can be registered so that they can be authenticated and their access to specific services, service profiles and keys can be reviewed and authorized.
Click on the Client Manager tab to access this module. The screen displays a table of all existing clients that can access the above ADSS Server trust services:
Click the New button as shown in the above screen to register new clients, you will be presented with the following screen:
The configuration items are as follows:
Item | Description |
Status | A client may be marked as Active or Inactive. Note: Only active clients can request services from ADSS Server. |
Client ID | Specify a unique ID of the client that will be used later for service requests to ADSS Server. This field is mandatory to be filled for client registration. If crypto source Azure Key Vault is being used for Key/Certificate storage while using Certification/RA services, then only these characters are supported in Client ID: A-Z, a-z, 0-9 and hyphen "-". This is important because the final certificate alias is a concatenation of Client ID and the certificate alias being sent in requests to Certification/RA services. Note:
|
Request Signing Certificate |
If
any of the services require the request message to be signed then the
client’s request signing certificate must be imported using the Browse button so that the ADSS
service modules can verify the signature on the request message. Once the client get registered then the configured certificate can be viewed/removed using View Certificate / Remove button respectively. Once a configured Certificate is removed, user needs to press the Save button to make the changes take effect. |
TLS Client Certificate | If any of the services require the request message to be sent over TLS Client Authentication then the TLS Client Authentication Certificate must be imported using the Add button so that the ADSS Server can validate the request against this certificate. Once added, user needs to press the Save button to make the changes take effect. Multiple TLS Client Certificates can be added against a single client. Note: It is required to register the Issuer CA of the TLS Client Authentication Certificate in Trust Manager with the purpose CA for verifying TLS client certificates. |
Certificate Friendly Name | Enter a unique friendly name for the certificate for internal tracking and reporting purposes. |
Certificate DN | Certificate DN is an auto populated field and is
extracted from configured certificate. By clicking on this, user can
also view the certificate. |
Valid To | Shows the date and time till when a configured certificate is valid. |
Status | Shows the status of the configured certificate in the table. The possible values are Active/Expired/Not Yet Valid. |
Remove | This button is used to remove a configured certificate from the list by selecting it using radio button against it. Once removed, user needs to press the Save button and Restart Service Instance to make the changes take effect. |
Auxiliary Setings | Specifies the additional information of the client for easy management. |
Client Friendly Name |
Enter a unique friendly name for the client application for internal
tracking and reporting purposes. This field is mandatory to be filled
for client registration. Note: The maximum acceptable length for Client ID is 50 visible characters. |
Phone No |
Optionally specify the Client's Phone Number. |
Address |
Optionally specify the Client's Address. |
Email Address |
Optionally specify the Client's Email Address. |
Employee No |
Optionally specify the Client's Employee Number. |
Social Security Number |
Optionally specify the Client's Social Security Number. |
National Identification Number |
Optionally specify the Client's National Identity Number. |
Additional Information 1 |
Optionally specify the additional information related to Client |
Additional Information 2 |
Optionally specify the additional information related to Client |
It is not necessary to register each end-user on ADSS Server; only the business applications that actually make requests to the ADSS Services needs to be registered
The list of registered ADSS Server clients can be sorted by Status, Client ID, Created At, or Friendly Name.
Clicking on the Search button on Client Manager main screen will display following screen:
This helps to locate a particular client. The clients can be searched based on Client ID, Client's Friendly Name and Status. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.
If "_" character is used in the search then it will act as wildcard.
See also