Security Service Manager

 

 

 

The Security Service Manager module is used to configure web service endpoint for various pasUNITY Enterprise Suite components for communication with the system.

 


This module functions outside the realm of the normal permissions hierarchy.  It can be viewed by any user with membership in Site Administrators or Security Administrators site-level roles with no regard to permissions assigned to the tab on which the module is placed.  For more information on the roles referenced in this section please see the role based security topic.  Administrative users can configure additional module settings by clicking the  button.


 

This module presents a sortable data grid that displays the friendly name, endpoint URL, and certificate details used to secure each endpoint enabled for communication.  Prior to configuring secure service endpoints, a valid X.509 certificate needs to be installed on the application servers by a support technician.

 

Adding New Secure Service Endpoints

 

To add a new secure service endpoint members of the Site Administrators role click the  button which will open the secure service endpoint editor and allow an administrative user to define the details of a new secure service endpoint.

 

Editing Existing Secure Service Endpoints

 

To edit an existing secure service endpoint members of the Site Administrators role click the  button which will open the secure service endpoint editor and allow an administrative user to define the details of a new secure service endpoint.

 

Secure Service Endpoint Attributes

 

The following attributes are exposed through the editor:

 

Name: This is the display name of the secure service endpoint and may not be blank and must be unique within the system.

Identifier:  This is the URL of the endpoint

Certificate Find Type: Method used to locate a certificate to secure and validate communication over the endpoint.  Valid choices are find by thumbprint and find by name.

Certificate Find Value: This is either the name or thumbprint of the X.509 certificate used to encrypt communicate to the endpoint.  Using thumbprint is more exact than name but when certificates are renewed and replaced will necessitate an update as the thumbprint will not likely be preserved in the new certificate whereas the name likely would.

 

Endpoint URL Conventions

 

The provided URL for any given product usually only varies by host name and port number.  The remainder of the signature typically follows the following patterns:  While all service endpoints will ultimately be accessed solely over HTTPS only Active Directory Federation Service endpoints must be specified with the HTTPS: protocol type.

 

Active Directory Federation Services:

https://hostname.domain.com/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256

pasUnity Matrix V2012a:

http://hostname.domain.com:7080/pasUnity/2012a/MatrixService/Federated

pasUnity Remote Impeller V2012a:

http://hostname.domain.com:9080/pasUnity/2011a/RemoteImpellerService/Federated

pasTransfer Execution V2012a:

http://hostname.domain.com:7080/pasTransfer/2012a/ExecutionService/Federated

pasPortal Security Token Services:

http://hostname.domain.com/STS

pasPortal Mapping V2012a:

http://hostname.domain.com/pasTransfer/Mapping/V2012a/MappingService/Federated

pasPortal Foundation V2012a:

http://hostname.domain.com/pasPortal/Foundation/V2012a/FoundationService

pasPortal Expense Dictionary V2011a:

http://hostname.domain.com/pasExpense/Dictionary/V2011a/DictionaryService/Federated

 


Copyright © 2024 pasUNITY, Inc.

 

Send comments on this topic.