Configuring the SAM Service
These are the steps to be taken when configuring the ADSS SAM Service.
The order in which the steps are defined is not important; it is possible to go back to an earlier step and make changes later if required.
|
Steps |
Description |
|
Configure a Hardware Crypto Source within Key Manager for this service. This is a mandatory step if the user's keys are to be held in an HSM for Authorised Remote Signing. The ADSS SAM Appliance provides a CC EAL4+ certified EN 419241-2 Qualified Remote Signing solution and uses the Utimaco CP5 Se1500 HSM. In non-certified mode the ADSS SAM Service can be run using any HSM supported by ADSS Server or software based keys. |
|
|
Configure one or more SAM Profiles that will be relevant for managing users, signing keys, authorised devices, authorisation requests, signing requests, getting the signed hash (i.e. PKCS#1 signature) and their current statuses. Client applications refer to the SAM Profile within their request messages sent to the ADSS SAM Service. |
|
|
Register one or more client applications within the Client Manager. These can now be authorised to make requests to one or more SAM Profiles. |
|
|
Use the ADSS SAM Service Manager to start/stop/restart the service. ADSS SAM Service is required to be restarted when a SAM Profile is added/updated/deleted. |
Each of these steps is described in the sections that follow:
- Step 1 - Configuring Hardware Crypto Source
- Step 2 - Configuring SAM Profile
- Step 3 - Registering Business Application
- Step 4 - Using the Service Manager
See also