Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

-

(smile) Configuration Application Tool har vært gjenstand for store endringer i versjon 3.7, så for at alle skal kunne kjenne seg igjen i de ulike skjermbildene og feltforklaringene har vi beholdt brukerguiden for versjonene 3.0 - 3.6 og lagt ut versjon 3.7 som eget dokument.

 

 

 

 

 

 

Column
width62%

 (lightbulb) This document is written in English only

 

Panel
borderColor#d7e0ea
bgColor#d7e0ea
titleColor#ffffff
borderWidth1
titleBGColor#d7e0ea
borderStylesolid

Include Page
INCLIB:_blue_box_style
INCLIB:_blue_box_style

Div
classblue-box-header

Tip!

Div
classblue-box-bread

This documentation applies only to Disse sidene gjelder kun .net-version ofversjonen avBuypass Access Manager. It provides a description for the LRA responsible in the organization of how to set up and configure the LRAHer har vi lagt ut informasjon til den som er LRA ansvarlig i organisasjonen som skal sette opp og konfigurere BAM-klienten

 

Configuration Application is a standalone application to provide GUI for configuration XML file. Configuration Application located in the same directory with installed LRA Client. Name of executable is ConfigurationApplication.exe.

Default setup folder has from v3.4 changed to Buypass Access Manager, so it has changed from:

Windows x32 – Program Files\Buypass\Lra Client

Windows x64 – Program Files (x86)\Buypass\Lra Client

To:

Windows x32 – Program Files\Buypass\Buypass Access Manager

Windows x64 – Program Files (x86)\Buypass\ Buypass Access Manager

 

Also link to ConfigurationApplication.exe is placed in Start menu (Windows 7).

Image Removed

 

 

 

 

 

 

 

 

 

 

 

 

Id

Description

Comments

#1

Update button

Gets list of available mapping fields from AD

#2

First name

First name should consist of first and middel name

#3

Last name

Last name should consist of last name only

#4

Email

Official email of User in the organization

#5

Issuer Key mapping**

AD field to be used as IssuerKey. Should be unique per organization.

UserName will be transferred to Buypass if MixedMode and used as lookup on search. Must not be changed without notifying Buypass.

#5

SSN in AD mapping**

11 digits number which consist of date of birth (6 digits on format ddmmyy) and social security number (5 digits).

Available forms:

  1. Direct mapping of full SSN: “AdField”
  2. Full SSN in two fields: “AdBirthdate{ddMMyyyy};Ssn2Field”
  3. Partly. Only birthdate: “AdBirthdate{ddMMyyyy}”
  4. None

Note: Date format is case sensitive. Additional information about date and time formats can be found here on Microsofts pages.

#6

Issuer Key mapping**

AD field to be used as IssuerKey. Should be unique per organization.

UserName will be transferred to Buypass if MixedMode and used as lookup on search. Must not be changed without notifying Buypass.

** For any AD mapping fields you can use any AD attribute listed in AD Attributes List. For selected AD attribute «LDAP-Display-Name» should be used.

 

(warning)  On search the client is reading the configuration and searches AD based on this. If the fields in AD does not correspond to configuration the Operator may have strange information in GUI OR User will perhapes not be found. 

Excample: If AD has SSN registered in 1 field, but in the configuration this is mapped to 2 fields, then SSN will show the content from field 1 twice. 21036912345 in AD-field will be 2103691234521036912345 in GUI.

 

Active directory - group mappings

Image Removed

 

Id

Description

Comments

#1

Update button

Gets list of available groups from AD

#2

Local certificate group

Users belonging to Local certificate group will have local certificate issued (LC).

#3

Operator group

Users belonging to Operator group will have enrollment agent certificate issued (EA).

#4

Administrator group

Users belonging to Administrator group will have enrollment agent certificate issued (EA).

#5

Qualified certificate group

Users belonging to Qualified certificate group will have a par of qualified certificates issued (QC).

 

Certificate Authority - CA

Image Removed

 

Id

Description

Comments

#1

Server name

Defines the common name of the CA configuration. Button Select allows to obtain CA name automatically.

Example: ca.testlab.local\Testlab CA

#2

Update button

Gets certificate templates

#3

Logon template

Name of template - if you get OID as in the example the template is unknown

#4

Temporary template

Name of template - if you get OID as in the example the template is unknown

#5

Enrollment agent template

Name of template - if you get OID as in the example the template is unknown

#6

Test CA button

Ensures CA is accessible and template fields are not empty

 

(warning) Implemented a check in v3.6 so there are no longer possible to search for CA templates without a corresponding OID.

 

Reports

Image Removed

 

Id

Description

Comments

#1

Path to reports output directory

Filearea for storage of reports.

#2

Test button

When pushing a TEST button we generate a file then store it and delete.

 

Document Registry

Image Removed

 

Id

Description

Comments

#1

Local document registry path

Filearea for storage of PDF documents generated when LRA functions are run.

#2

Test button

When pushing a TEST button we generate a file then store it and delete.

 

Remote functions

Image Removed

Id

Description

Comments

#1

Remote functions enabling checkbox

If organization is using remote functions having Users at remote locations this checkbox must be ticked off. Give access to Remote function menu.

If checked remote functions menu appears in LRA

#2

Auto check request count

If number of remote certificate request should be counted and shown in Main menu this checkbox must be ticked off.

#3

Path to requests

Filearea for storage of remote certificate requests.

#4

Path to responses

Filearea for storage of certificates generated which act as responses of remote requests.

#5

Requests pooling interval

Defines the polling interval in milliseconds. Default value is 2000.

#6

Max number of attempts

Defines the maximum retry times the LRA client tries to acces the remote area. Default value is 30.

#7

Test button

When pushing a TEST button we generate a file then store it and delete.

 

Buypass mapping

Image Removed

 

Id

Description

Comments

#1

Merchant ID

Merchant ID connected to organization. Will be provided by Buypass

#2

Timeout

Max time of waiting response from LTS - the Buypass interface

#3

Endpoint address

Address for PROD: https://www.buypass.no/weblts/p1

Address for TEST: https://www.test4.buypass.no/weblts/p1

#4

Merchant certificate serial number

Serial number of merchant certificate installed in certstore. By using button SELECT you can obtain certificate serial key automatically 

Certificate should be installed as described in LRA Client readme

#5

Use SSN as IssuerKey

Possibility to register a UserName other than SSN in BUYPASS MODE:

  • If IssuersKey=SSN=TRUE the field of UserName will be disabled in Preregistration-gui.
    Filling in SSN should not as today duplicate the UserName-field.
    The UserName-field should be kept disabled, because duplicating will confuse more than make sense.
  • If IssuersKey=SSN=FALSE then UserName-field must be enabled and Operator must enter whatever value in this field additionally in SSN.

#6

Test LTS connection button

Signing a request and send it to LTS to get a response OK

 

Issue process

Image Removed

Id

Description

Comments

#1

Agreement sign required

If User should accept agreement on first time issuance of local certificates this ceckbox must be ticked off.
NOTE: For first time issuance of qualified certificates the User must always accept the agreement.

#2

User scan and document scan required

If User should sign and get his ID document scanned on first time issuance of local certificates this ceckbox must be ticked off.
NOTE: For first time issuance of qualified certificates the User must allways sign and get his ID document scanned.

#3Allow more Local certificatesEnables possibility to issue additional local certificates in ID card scenario.
#4Allow Operator identificationEnables possibility for the Operator to say that User is known and there are no need of extra identification. In smaller organizations where "everyone knows everyone" this will make the issuance process easier, .... but the Operator still have the responsibility to identify the user.

#4

Document scan required on replace

If User should get his ID document scanned on issuance of replacement of both local and qualified certificates this ceckbox must be ticked off.

#4

Third party identification enabled

If organization allow 3.party identification in cases where User has forgotten his own ID document this checkbox must be ticked off.
3.party identification means another colleague in organization is using his smartcard to verify the Users identity.

#5

Timeout

Third party card waiting timeout

 

Test all tabs for master config

Image Removed

Id

Description

Comments

#1

Test all button

Tests all backends/devices with current settings and shows aggregated results.

#2

Test result area

Column
width2%

Column
width26%
Div
classright-navigation

Content this page  

Table of Contents

Include Page
INCLIB:_right_navigation_style
INCLIB:_right_navigation_style

Column
width10%

Section
Column
width62%

Include Page
INCLIB:_bottom_bar
INCLIB:_bottom_bar

Column
width2%

Column
width26%
 
Column
width10%

Include Page
INCLIB:_navigation_buttons_style
INCLIB:_navigation_buttons_style
Include Page
INCLIB:doc_center_style
INCLIB:doc_center_style
 
Include Page
INCLIB:_template_style
INCLIB:_template_style