The configuration on the dialogue page described here refers to the services that DATA Boreum can use with the server software Governikus Suite. Governikus Suite contains the product DATA Deneb, to which DATA Boreum can transfer files for mass signature and from which DATA Boreum can also obtain time stamps.
You therefore only need to enter data on this dialogue page of DATA Boreum if you want to use the signature service of DATA Deneb for mass signatures or if you want to request a time stamp from DATA Deneb for signatures.
To ensure that the services of the DATA Deneb product can only be requested by authorised clients, DATA Boreum must authenticate itself to the server software. Therefore, the data for the authentication service must also be specified on this dialogue page.
|
Note: The concrete connection and configuration data you need on this dialogue page can be obtained from the administrator of the Governikus Suite. |
Authentication Service
DATA Boreum must be configured as a client in the Authentication Service so that DATA Boreum can make requests to the services of Governikus Suite. The requests are authenticated by the Authentication Service and forwarded to the corresponding services. Here the authentication is validated and then the request is executed by the service. For the configuration of the authentication service in DATA Boreum, the following data must be specified:
· Server: Enter the address of the Authentication Service as URL here. In the example, replace <server> with the correct server name or IP address:
- https://<server>:8443/auth Note: please note that the part /auth of the path in the URL may only be used for authentication servers (Keycloak) in version 16.x or older, for later versions this extension must be omitted, i.e.:
- https://<server>:8443/ take this URL for authentication server (Keycloak) version 17.0.1 or younger
· Realm name: This name indicates the valid configuration for the authentication service.
· Client ID: DATA Boreum is created as a client in the authentication service under this name.
· Client Secret: A string of letters and numbers must be entered here that uniquely identifies the client in the authentication service.
· Username/Password: The data with which you gain access to the signature service and time stamp service with your DATA Boreum instance must be entered in these fields.
Signature Service
Via the Signature Service, DATA Boreum is able to create mass signatures on up to 500 files in one call. For the configuration of the Signature Service in DATA Boreum, the server address must be specified as URL:
· Server: Enter the address of the Signature Service as URL here. In the example, replace <server> with the correct server name or IP address:
- https://<server>:8443/signservice/rest
Timestamp Service
With the Timestamp Service, DATA Boreum is able to embed timestamps into the signatures of files. To configure the Timestamp Service in DATA Boreum, the following data must be specified:
· Server: Enter the address of the Timestamp Service as an URL here. In the example, replace <server> with the correct server name or IP address:
- https://<server>:8443/timestampservice/rest
· Profile-ID: The Profile-ID is used to address a specific Timestamp Service of which qualified, electronic timestamps can be requested. The Profile-ID must be written exactly as it is stored in Governikus Suite. Upper and lower case are distinguished.
The following figure shows the Governikus tab with an example configuration.
Figure 17: "Governikus" tab