Transactions Log Viewer
The Verification Service Transaction Log Viewer provides a record of each request made to the service and each response returned by the service. See below:
Each item in the screenshot is described below:
Items |
Description |
Clear Search |
After a Search this window will only show the filtered records. The Clear Search button is used to view the full set of records. |
Search |
This opens a new window where search criteria can be entered based on each column of the transaction grid. |
Customise Columns |
This opens a new window to configure which column need to be shown in the grid and which column need to be hidden. |
|< < > >| |
These buttons are for navigating the different pages of the transaction log. Note: The number of records shown per page is configurable from within Global Settings. |
Export Logs |
This button is used to export the selected transactions log into a zipped CSV file in which each column is separated by literal '~&~'. The file can be viewed using Microsoft Excel. However, in order to view and analyze the contents of the file in detail (all the archived transactions etc.), the operator needs to import the file into ADSS using the Import Archived option. |
Verify Integrity |
Verifies the integrity of the signing service transaction log records. It detects tampered and deleted records and generates a report that can be exported to a physical drive. Note: When exporting HMAC verification reports, it is recommended to save the file with “.html” extension so that the report can be viewed in an internet browser. |
Show Archived |
This opens a new window where you can import and view previously archived file i.e. archived/exported transactions log. |
Log ID |
A unique serial number for the log record, it is system-defined and not part of the request/response messages. |
Transaction ID |
This is a unique identifier for the transaction as defined by the client application in the verification request message. Each transaction ID will need to be unique. Note: If a Transaction ID is repeated within a request message then the ADSS Verification Service uses the same response that it has provided previously for that Transaction ID. For further details on the format of the Transaction ID consult the ADSS Developer Guide. |
Configuration ID |
It is a unique revision number that is automatically assigned for each profile on update operation. This revision ID is stored with every transaction to keep track of what set of configurations of the profile was used to perform a particular transaction. |
Client ID |
This is the Client ID as found in the request message. ADSS Verification Service verifies it is a legitimate Client ID as registered in the Client Manager module before granting access to the verification service. For more details see the link Registering Business Applications. |
Request Type |
This identifies the type of request that was received. The acceptable requests are:
|
Response Time |
Records the date/time when the request was received. |
Request/Response |
Provides a link to view the request/response messages. |
Remote Server Request/Response |
It contains the request and response information of the communication done with the remote Verification Server. It will help the Admin to observer what information was exchanged with the remote server. |
Input Document |
Click on "View" link to display the input document for the specific verification transaction. View link will only be present if documents are being stored in the log files (which is not the default option). In order to enable this feature see the Service Manger for more details. Note: This column is hidden by default and can be make visible from customise column button at the top of the grid, For more details on customise column see below. |
Output Document |
Click on "View" link under this column to display the output document for the specific verification transaction. View link will only be present if documents are being stored in the log file (which is not the default option). In order to enable this feature see the Service Manger for more details. |
TLS Cert |
Clicking on “View” link under this column displays the TLS client authentication certificate. The “View” link is only present when TLS client authentication was used to send requests to the verification service. Note: This column is hidden by default and can be made visible from customise column button at the top of the grid, For more details on customise column see below. |
Signing Cert |
Clicking on “View” link under this column displays the request signing certificate. The “View” link is only present when a signed request was sent to the signing service. Note: This column is hidden by default and can be made visible from customise column button at the top of the grid, For more details on customise column see below. |
Error Code |
Hover your mouse over the "View" link to show the error message e.g. PDF validation disabled, Verification module stopped etc. |
The verification service transaction records can be sorted in either ascending or descending order by selecting a table column from the drop down list. From the drop down menu in above screen, choose Import Archived and click on Go button. This will show the following screen:
Each item in the screenshot is described below:
Items |
Description |
Import archived transaction file |
Use this option to browse the archived log file in zip format from the operator machine. By using this option the archived log file is uploaded on the ADSS Server. It can be an expensive operation if the file is of large size so the operator is allowed to upload a file with maximum size up to 25 MB. Use the archived file path option for files bigger than 25 MB. |
Archived transaction file path |
Use this option if the file size is greater than 25 MB. This option does not upload the archived file to the server. Rather the server reads the file from given file path before importing which is faster than the above option. You can either specify the local file system path or a network path. Note: Do specify the archived log file name in the file path. |
The archived files were created in the CSV format till ADSS Server v4.7.5 but from v4.7.6 and onward the archived files are zipped to save the disk space when archiving. If you are importing the archived files created using a pre-v4.7.6 deployment to ADSS Server v4.7.6 or later then first zip them before importing otherwise ADSS Server will not recognize them as correct archived files. |
As explained above, clicking on the Search button on Verification Transactions Log Viewer displays following screen:
This helps to locate a particular type of verification service transaction. The transaction can be searched based on "Transaction ID", "Client ID", "Request Time From", "Request Time To", "Response Time From", "Response Time To", "Request Type" and "Response Status", . If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.
If "_" character is used in the search then it will act as wildcard. |
As mentioned above columns in the transactions log viewer page can be cutsomised to only show the desired columns and hide the rest. Clicking on the Customise Columns button on Verification Transactions Log Viewer displays following screen:
By default few columns are in the "Selected Columns" list. In order to hide a column move the required column to "Available Columns" list
Each log record within the database is protected with a cryptographic HMAC checksum to detect any intentional or accidental modification of records. Clicking the Verify Integrity button verifies the log integrity by checking each checksum and generates a report as shown below:
Click on the Export logs button to export the request/response to a network file.
The transaction logs are not exported according to the applied filter/search, they are exported as a complete zip file. |
Clicking the Fix HMAC Errors button will re-calculate the HMAC for tampered transaction logs records for this module.
Note: This option will not detect the unauthorized deleted records but it will only fix the unauthorized modifications and/or ambiguous records for which HMAC value is not present/incorrect.
Verify Integrity feature is available for the transactions log of all services within ADSS Server. |
By clicking any of the configuration ID, following dialog will appear with Transaction State and Current State columns:
Configuration ID works as follows:
- On profile update operation, the pre-state of the profile is stored with a unique identifier in the profile history table. A new unique identifier is created for each update operation. The unique Id representing the latest state stored along the profile information in profile table. On profile create operation the default value is “1” and is used for profile’s current state.
- In transaction log viewer a link is shown to launch the profile configuration used to process the particular request. When user clicks on this link, a database query made to profile history table and the profile state is shown in a generic viewer with Transaction State and Current State.
- Transaction State column contains the values against a specific field at the time of performing a transaction.
- Current State column shows the current settings for the profile used in a transaction in the past.
- If any of the field settings are changed in between the Transaction State and Current State, it is highlighted to let the user know that this field’s state has been changed since the transaction was made.
Clicking on View link under the request/response column for an XML request shows the XML request and response for the selected signing transaction in different tabs:
Clicking on the Response tab shows the XML response as below:
You can export the request/response XML files on to a physical drive by clicking the relevant Export button.
The ADSS Verification Service also provides an optimised HTTP interface. Hence in this case there is no longer any XML/SOAP encoding to be displayed for the transaction. Therefore clicking on the view link under Request/Response column for an HTTP request/response fields are displayed as shown below: |
Clicking on the Response tab shows the response for the selected transaction over HTTP
Clicking on the View button will display a signed ETSI validation report which is signed using verification response signing key.
It is also possible to view the low-level details of how a particular transaction was processed by pressing the View Detail button, this will show the following table:
The upper half of this page shows high level information about the selected signature verification or the certificate validation transaction. The values are as follows:
Items |
Description |
Log ID |
A unique serial number for the log record, it is system-defined and not part of the request/response messages. |
Transaction ID |
This is a unique identifier for the transaction as defined by the client application in the verification request message. |
Request Type |
This identifies the type of request that was received. The acceptable requests are: SV (Signature Verification) and CV (Certificate Validation). |
Signature Type |
This identifies the type of signature verified in the selected verification transaction. |
Signature Validation Indication |
This indicates the validity of signatures when the signature is verified via TSL. |
Signature Found |
This is the number of signature found in a verification request message. |
Response Status |
This identifies if ADSS successfully processed the verification request. The possible values are "Success" and "Failed". |
Client ID |
This is the Client ID as found in the request message. ADSS Verification Service verifies it is a legitimate Client ID as registered in the Client Manager module before granting access to the verification service. For more details see the link Registering Business Applications |
Overall Assertion Status |
This defines overall trust status returned by the verification service.
|
Validation Time |
This is the time instant when the signature is verified. This can be either timestamp time, machine time or the historical validation time if mentioned in the verification request message. |
The ETSI validation report will only be generated if the signatures are verified via TSL. |
See also
Configuring the Verification Service
Validating and Enhancing Existing Signatures
Logs Archiving
Alerts
Verification Management Reporting
Verification Service Interface URLs