DATA Boreum can use services from Governikus server software that offer mass signatures via a signature service and enable time stamps to be applied via a time stamp service. Services from the following Governikus Server products can currently be configured via this tab:
· DATA Deneb: Governikus DATA Deneb is a product that is delivered with the Governikus Suite up to release 5.8.x.
· DATA Sign Fachintegration: Governikus DATA Sign Fachintegration is designed as a successor product to DATA Deneb and is delivered as a stand-alone product.
You therefore only need to enter data on this dialogue page of DATA Boreum if you want to use the signature service of DATA Deneb for mass signatures or if you want to request a time stamp from DATA Deneb for signatures.
To ensure that the services of the DATA Deneb product can only be requested by authorised clients, DATA Boreum must authenticate itself to the server software. Therefore, the data for the authentication service must also be specified on this dialogue page.
|
Note: The concrete connection and configuration data you need on this dialogue page can be obtained from the administrator of the Governikus Suite. |
Authentication Service
DATA Boreum must be configured as a client in the authentication service so that DATA Boreum can make requests to the services of DATA Deneb or DATA Sign Fachintegration.
· Requests are authenticated by the authentication service.
· Once authentication has taken place, the request is forwarded to the corresponding service.
· The requested service checks the authentication provided.
· Only then is the request executed by the service.
The following data must be entered to configure the authentication service in DATA Boreum:
· Server: Enter the address of the Authentication Service as URL here. In the example, replace <server> with the correct server-name or IP address:
- https://<server>:8443/auth Note: please note that the part /auth of the path in the URL may only be used for authentication servers (Keycloak) in version 16.x or older, for later versions this extension must be omitted, i.e.:
- https://<server>:8443/ take this URL for authentication server (Keycloak) version 17.0.1 or younger
· Realm name: This name indicates the valid configuration for the authentication service. Within the default settings (delivered test installation) this entry is:
- governikus-extern
· Client ID: DATA Boreum is created as a client in the authentication service under this name. This entry reads as follows in the default settings (delivered test installation):
- for DATA Deneb boreum-client
- for DATA Sign Fachintegration sign-service-testclient
· Client Secret: A string of letters and numbers must be entered here that uniquely identifies the client in the authentication service.
Signature Service
DATA Boreum is able to create mass signatures via the signature service. The number of calls for DATA Boreum is not limited. If a mass signature card is used without a limit on the number of signatures, the number of files per call by DATA Boreum is limited to a maximum of 500 files. It is possible that a mass signature card in use limits the number of signatures for one call. If this limit is less than 500 signatures, the limit set by the signature card applies. The PIN of the signature card must be entered once for each call. To configure the signature service in DATA Boreum, the server address must be specified as a URL:
· Server: Enter the address of the Signature Service as URL here. In the example, replace <server> with the correct server-name or IP address:
- https://<server>:8443/signservice/rest
Timestamp Service
With the Timestamp Service, DATA Boreum is able to embed timestamps into the signatures of files. To configure the Timestamp Service in DATA Boreum, the following data must be specified:
· Server: Enter the address of the timestamp service as the URL here. In the example, replace <server> with the correct server-name or IP address:
- for DATA Deneb https://<server>:8443/timestampservice/rest
- for DATA Sign Fachintegration https://<server>:8443/tsp
· Profile-ID: The Profile-ID is used to address a specific Timestamp Service of which qualified, electronic timestamps can be requested. The Profile-ID must be written exactly as it is stored in Governikus Suite. Upper and lower case are distinguished.
The following figure shows the Governikus tab with an example configuration.
Figure 17: "Governikus" tab