When you need to sign using local smartcards or USB Tokens, then ADSS Signing Server Go>Sign Service is required. Application Request Routing (ARR) is used as alternative of AJP Connector on Proxy Server. Application Request Routing is a feature of IIS that enables you to control Internet traffic using a proxy server.

Consult the following points to configure Application Request Routing services.

Prerequisites

To set up a forward proxy server using ARR, you must have the following:

  • IIS 7.0 or above on Windows 2008 (any SKU) or newer with Tracing role service installed for IIS.
  • Microsoft Application Request Routing Version 3 and dependent modules
  • Minimum of one worker server with working sites and applications.

Install ARR

If Application Request Routing Version 3 has not been installed, it is available for download from “https://www.microsoft.com/en-us/download/confirmation.aspx?id=47333

Install URL Rewrite

Install the URL Rewrite module for IIS through the Server Manager. For more information, see Installing IIS 8.5 on Windows Server 2012 R2.

Enable ARR as a Forward Proxy

  1. To enable ARR as a proxy, and to create a URL Rewrite rule to enable ARR as a forward proxy, proceed as follows:
  2. Open Internet Information Services (IIS) Manager.
  3. In the Connections pane, select the server.
  4. In the server pane, double-click Application Request Routing Cache.



  1. In the Actions pane, click Server Proxy Settings.



  1. On the Application Request Routing page, select Enable proxy.



  1. In the Actions pane, click Apply. This enables ARR as a proxy at the server level.

Configure Website on IIS

  1. To start the process of turning ARR into a forward proxy, click on the server node in the Connections pane.
  2. In the server pane, double-click Sites.
  3. Right clicks on the Sites and chooses option Add Website



  1. Add Website. This table details the options:


Field

Value

Site name:

[Site Name] e.g  adss.gosign.service

Default Application Pool:

Default Application Pool

Physical Path:

D:\Ascertia\[Site Name]

Type:

https

IP address:

All Unassigned

Port:

443

Host name:

[Site Name] e.g  adss.gosign.service

Require Server Name Indication:

Checked

Disable HTTP/2:

Unchecked

Disable OCSP Stapling:

Unchecked

SSL certificate:

ADSS Go>Sign Service

Start Website immediately:

Checked


  1. Click OK to create website

Configure Rule for ADSS Go>Sign Service

  1. In the Sites pane, click on the site adss.gosign.service
  2. Double-click URL Rewrite to add rule for ADSS Go>Sign Service.



  1. In the Actions pane, click Add Rule(s)



  1. In the Add Rule dialog box, double-click Blank Rule.


 


  1. In the Edit Inbound Rule dialog box, enter "ADSS GoSign Service" for Name. In the Match URL area, enter the following:
    1. Using: Regular Expression
    2. Pattern: (.*)



  1. Scroll down to the Conditions area of the Edit Inbound Rule dialog box, and then click Add….


  1. In the Add Condition dialog box, select or enter the following:
    1. Condition Input: {CACHE_URL}
    2. Check if input string: Matches the Pattern
    3. Pattern: ^(https?)://
    4. Enable the Ignore Case


  1. Scroll down to the Action area of the Edit Inbound Rule dialog box, and then enter the following:
    1. Action Type: Rewrite
    2. Rewrite URL: https://192.168.3.45:8778/(R:1) for https or http://192.168.3.45:8777/(R:1) for http services


The table details the options:


Field

Value

Name:

ADSS GoSign Service

Pattern:

(.*)

Conditions:

  • Primary Actor clicks the Add button
  • Add the Conditional input as {CACHE_URL}
  • Selects the Check if input string to Match the Pattern
  • Adds the Pattern as  ^(https?)://
  • Enable the Ignore case
  • Click OK to save the settings


Action Type:

Rewrite

Rewrite URL:

https://192.168.3.45:8778/{R:1}

Append query string:

Checked

Log rewritten URL:

Unchecked

Stop processing subsequent rules:

Unchecked

Configure Go>Sign Service Address in ADSS Sever

  1. Go to the ADSS Server Console Panel
  2. Set the Go>Sign Address “https://adss.gosign.service” in Go >Sign Service >Server Manager>Go>Sign Service Settings


Configure Go>Sign Service Address in SigningHub

  1. Go to the SigninHub Administrator panel
  2. Set the Go>Sign Address “https://adss.gosign.service/” in Configurations>Connectors> Go>Sign Service Address






See also