XKMS Service
The following configurations relating to the XKMS Service can be made within Client Manager.
- Allow the client to access the ADSS XKMS Service.
- Assign the XKMS Profiles which can be accessed by this client.
- Configure a default XKMS Profile for this client.
Once a client is registered, permissions to access the XKMS Service can be granted by editing this client. On the edit screen, clicking on the XKMS Service link at the top of the page shows the following screen:
Select the Allow this client to access the ADSS XKMS Service checkbox. This ensures that the client can make XKMS Service requests to ADSS Server. If the application also needs to access other ADSS services (e.g. verifying signed documents or generating and certifying user signing keys) then the relevant links (Verification Service, Certification Service etc.) should be followed to allow permissions for these services.
The next action is to define which XKMS profiles (configured within the ADSS XKMS Service) are to be made available to this client. Remember that XKMS profiles are configurations that define the certificate validation procedure which will be validated under this profile (e.g. its lifetime and internal fields). By default all the existing XKMS profiles will be made available to each newly registered client. Different clients may need to have access to different XKMS profiles. In order to allow access to a particular XKMS profile, simply move that profile from the left-hand group box labelled Available XKMS Profiles to the right-hand group box labelled Selected XKMS Profiles using the >> button shown in the screenshot above. Clients can only reference those XKMS profiles that are shown in the Selected XKMS Profiles. To remove access to a particular profile use the opposite << button to move the relevant profile back to the right-hand box.
The Profile Usage Map button provides an overview of which profiles are being used by which clients.
The Default XKMS Profile defines which profile to use in case the request message from this client does not reference any specific XKMS profile.
Click the Save button when the list is updated to store the changes.
Whenever configurations are updated on this page remember to restart the XKMS Service and have the changes take effect. |
See also
Verification Service
Certification Service
XKMS Service
LTANS Service
Decryption Service
Go-Sign Service
RA Service
RAS Service
SAM Service
CSP Service