The ADSS Client Manager module is used to control business application access to the following ADSS Server services:

  • ADSS Certification Service
  • Advanced Settings


The other ADSS Server service i.e. ADSS OCSP Service is not controlled by client manager since it is more general services offered to a wide range of end-user clients and not to a smaller number of business application clients. The OCSP Service use its own Access Control module to allow open or restricted access.


For the bullet point list of trust services shown above, these are based on an XML/SOAP Web Services interface and the interaction of end-users with these services is typically done via business applications which in turn make requests to ADSS Server. This section explains how these client business applications can be registered so that they can be authenticated and their access to specific services, service profiles and keys can be reviewed and authorized.

Click on the Client Manager tab to access this module. The screen displays a table of all existing clients that can access the above ADSS Server trust services:



Click the + button as shown in the above screen to register new clients, you will be presented with the following screen:




The configuration items are as follows:


Item

Description

Status

A client may be marked as Active or Inactive.

Note: Only active clients can request services from ADSS Server.

Client ID

Specify a unique ID of the client that will be used later for service requests to ADSS Server. This field is mandatory to be filled for client registration.

​​If crypto source Azure Key Vault is being used for Key/Certificate storage while using Certification/RA services, then only these characters are supported in Client ID: A-Z, a-z, 0-9 and hyphen "-". This is important because the final certificate alias is a concatenation of Client ID and the certificate alias being sent in requests to Certification/RA services.

Note: 

  • The maximum acceptable length for Client ID is 50 visible characters.
  • If you are registering a foreign SPOC as a client, then client ID should consists of two-letter country code of the foreign SPOC e.g. 'FR' for France.

Request Signing Certificate

If any of the services require the request message to be signed then the client’s request signing certificate must be imported using the Browse button so that the ADSS service modules can verify the signature on the request message. 

Once the client get registered then the configured certificate can be viewed/removed using View Certificate / Remove button respectively. Once a configured Certificate is removed, user needs to press the Save button to make the changes take effect.

TLS Client Certificate

If any of the services require the request message to be sent over TLS Client Authentication then the TLS Client Authentication Certificate must be imported using the Add button so that the ADSS Server can validate the request against this certificate. Once added, user needs to press the Save button to make the changes take effect. Multiple TLS Client Certificates can be added against a single client. 

Note: It is required to register the Issuer CA of the TLS Client Authentication Certificate in Trust Manager with the purpose CA for verifying TLS client certificates. 

Certificate Friendly Name

Enter a unique friendly name for the certificate for internal tracking and reporting purposes. 

Certificate DN

Certificate DN is an auto populated field and is extracted from configured certificate. By clicking on this, user can also view the certificate.

Valid To

Shows the date and time till when a configured certificate is valid.

Status

Shows the status of the configured certificate in the table. The possible values are Active/Expired/Not Yet Valid.

Remove

This button is used to remove a configured certificate from the list by selecting it using radio button against it. Once removed, user needs to press the Save button and Restart Service Instance to make the changes take effect.

Auxiliary Settings

Specifies the additional information of the client for easy management. 

Client Friendly Name

Enter a unique friendly name for the client application for internal tracking and reporting purposes. This field is mandatory to be filled for client registration.

Note: The maximum acceptable length for Client ID is 50 visible characters.

Phone No

Optionally specify the Client's Phone Number.

Address

Optionally specify the Client's Address.

Email Address

Optionally specify the Client's Email Address.

Employee No

Optionally specify the Client's Employee Number.

Social Security Number

Optionally specify the Client's Social Security Number.

National Identification Number

Optionally specify the Client's National Identity Number.

Additional Information 1

Optionally specify the additional information related to Client.

Additional Information 2

Optionally specify the additional information related to Client.


​It is not necessary to register each end-user on ADSS Server; only the business applications that actually make requests to the ADSS Services needs to be registered.


The list of registered ADSS Server clients can be sorted by Status, Client ID, Created At, or Friendly Name.

Clicking on the Search button on Client Manager main screen will display following screen:



This helps to locate a particular client. The clients can be searched based on Client ID, Client's Friendly Name and Status. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.


If "_" character is used in the search then it will act as wildcard.


See also

ADSS Server Knowledge Base

Welcome

Getting Started
Concepts & Architecture
ADSS Services
Management Reporting
Key Manager
Trust Manager
CA Manager
Client Manager
Global Settings
External Services
User Manager
System Logs
Server Manager
Approval Manager

Operational Management

Advanced Configuration