Configuring the SAM Service
These are the steps to be taken when configuring the ADSS SAM Service.
The order in which the steps are defined is not important; it is possible to go back to an earlier step and make changes later if
required.
| Steps | Description |
| Step 1 | Configure a Hardware Crypto Source within Key Manager for this service. This is a mandatory step if the user's keys are to be held in an HSM for Authorised Remote Signing. The ADSS SAM Appliance provides a CC EAL4+ certified EN 419241-2 Qualified Remote Signing solution and uses the Utimaco CP5 Se1500 HSM. In non-certified mode the ADSS SAM Service can be run using any HSM supported by ADSS Server or software based keys. |
| Step 2 | Configure one or more SAM Profiles that will be relevant for managing users, signing keys, authorised devices, authorisation requests, signing requests, getting the signed hash (i.e. PKCS#1 signature) and their current statuses. Client
applications refer to the SAM Profile within their request messages
sent to the ADSS SAM Service. |
| Step 3 | Register one or more client applications within the Client Manager.
These can now be authorised to make requests to one or more SAM Profiles. |
| Step 4 |
Use the ADSS SAM Service Manager to start/stop/restart the service.
ADSS SAM Service is required to be restarted when a SAM Profile
is added/updated/deleted. |
Each of these steps is described in the sections that follow:
