Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Security may be turned on or off per web service instance. In order to activate the security, please follow this guide.

Please oben the web user interface of tia Webservice and click on the gear symbol in the actions column of the webservice instance you wish to activate security for. This will open the configuration of the instance.

tia Web Service UI with highlighted gear-symbol in the Action column.

Please switch to the tab Security and tick the checkbox of the option UseSecurity.

Three types of security are being supported.

  1. Checking, if the application’s name is signed

  2. Sending read-/write-operations using configured certificate

  3. Permission regarding content server operations (serverinfo, info, create, delete and get)

Signing an application’s name

Three fields should be configured in order to verify that the application name is signed.

  1. PublicKeystore Path (May be found here OSGi → Configuration → WebService MainConfiguration

  2. PublicKeystore Password (May be found here *OSGi → Configuration → WebService MainConfiguration)

  3. PublicStoreAlias (Main → tia Web Service → Instance name → Gear-symbol → Security-tab → PublicStoreAlias

You may configure a keystore which consists of one or many certificates (with public keys). When a seckey is received by an instance, seckey’s signature will be verified against the alias configured at the web service’s instance configuration.

After enabling the UseSecurity setting and configuring a keystore alias, the signing of the application’s name will be verified using the public key mapped against the alias in the specified keystore.

Please note: It’s necessary to restart the instance in order for the security settings to take effect.

Using a certificate

The option Certificate within the Security-tab ( Main → tia Web Service → Gear-symbol in the Actions column of the instance) allows you to use different types of certificates. Currently you may choose from the following types.

  • KGS

  • ID3

  • none

Please note: In case the remote content server does not contain any certificate, you may send a certificate from a specific web service instance, by clicking the key-symbol.

tia Web Service UI with highlighted “Send certificate”-action.

It’s also possible to send certificates to every web service instance with configured security, by clicking the Send Certificates-button at the bottom of the instance overview.

Configuring permission for Content Server operations

An web service instance may be configured to allow certain or all operations. The following operations are possible.

  • serverinfo: The web service instance allows to execute serverinfo-requests against the defined content server endpoint.

  • info: The web service instance allows to execute info-requests against the defined content server endpoint.

  • create: The web service instance allows to execute create-requests for documents against the content server endpoint.

  • delete: The web service instance allows to execute delete-requests for documents against the defined endpoint

  • get: The web service instance allows to exeute get-requests for documents against the defined endpoint

Please note: These options and permissions work separated from the UseSecurity-option. Therefore the parameter UseSecurity does not has to be enabled.

You may find these options by opening the web userinterface → Main → tia Web Service → Gear-symbol in Actions-column of the instance → Security-tab

Opened web userinterface with highlighted request permission options

Importing a certificate with Public Key

  • No labels