Advance Settings
The following configurations related to Data Encryption Key (DEK) and client secret which can be configured within the Client Manager by clicking on the Advanced Settings tab.
This service allows client applications (e.g. Ascertia SigningHub or any third party application) to use a KEK managed by ADSS Server within its HSM. Note the KEK is only used to encrypt/decrypt Data Encryption keys (DEKs). The DEKs themselves are used directly by the client application to encrypt/decrypt data e.g. SigningHub documents. The benefits of this approach are that client applications do not need to integrate directly with an HSM themselves but can rely on this key management service offered by ADSS Server
The client secret is a secret known only to the business application (e.g. ADSS Signing Service or Go>Sign Mobile SDK) and the authorization server e.g. ADSS RAS Service. The business application provides the client ID and Client secret to the authorisation server for authentication.
Clicking on the Advanced Settings link at the top of the page shows the following screen:
The configuration items are as follows:
Item |
Description |
||
Allow this client to access the DEK encryption |
Checking this checkbox allows the client to access the DEK encryption/decryption service of ADSS Server. |
||
Key Encryption Key (KEK) |
Configure the relevant Key Encryption Key (KEK) which is to be accessible to this client. Note the KEKs are identified in the ADSS Server Key Manager and may have been created in software or HSM. |
||
Client Secret |
Generate and configures the client secret for the relevant client by clicking on the generate button.
|
||
Redirect URI |
It is a Business Application URI where the user will be redirected by RAS Service after authenticating it using OAuth2 mechanism. |
See also
Signing Service
Certification Service
SAM Service
RAS Service
CSP Service
Unity Service
Advanced Settings