This document is written in English only Panel |
---|
borderColor | #d7e0ea |
---|
bgColor | #d7e0ea |
---|
titleColor | #ffffff |
---|
borderWidth | 1 |
---|
titleBGColor | #d7e0ea |
---|
borderStyle | solid |
---|
| Include Page |
---|
| INCLIB:_blue_box_style |
---|
| INCLIB:_blue_box_style |
---|
|
Div |
---|
| This documentation applies only to Disse sidene gjelder kun .net-version ofversjonen avBuypass Access Manager. It provides a description for the LRA responsible in the organization of how to set up and configure the LRAHer har vi lagt ut informasjon til den som er LRA ansvarlig i organisasjonen som skal sette opp og konfigurere BAM-klienten. |
|
Configuration Application is a standalone application to provide GUI for configuration XML file. Configuration Application located in the same directory with installed LRA Client. Name of executable is ConfigurationApplication.exe. Default setup folder has from v3.4 changed to Buypass Access Manager, so it has changed from: Windows x32 – Program Files\Buypass\Lra Client Windows x64 – Program Files (x86)\Buypass\Lra Client To: Windows x32 – Program Files\Buypass\Buypass Access Manager Windows x64 – Program Files (x86)\Buypass\ Buypass Access Manager Also link to ConfigurationApplication.exe is placed in Start menu (Windows 7). Image Removed Id | Description | Comments |
---|
#1 | Update button | Gets list of available mapping fields from AD | #2 | First name | First name should consist of first and middel name | #3 | Last name | Last name should consist of last name only | #4 | Email | Official email of User in the organization | #5 | Issuer Key mapping** | AD field to be used as IssuerKey. Should be unique per organization. UserName will be transferred to Buypass if MixedMode and used as lookup on search. Must not be changed without notifying Buypass. | #5 | SSN in AD mapping** | 11 digits number which consist of date of birth (6 digits on format ddmmyy) and social security number (5 digits). Available forms: - Direct mapping of full SSN: “AdField”
- Full SSN in two fields: “AdBirthdate{ddMMyyyy};Ssn2Field”
- Partly. Only birthdate: “AdBirthdate{ddMMyyyy}”
- None
Note: Date format is case sensitive. Additional information about date and time formats can be found here on Microsofts pages. | #6 | Issuer Key mapping** | AD field to be used as IssuerKey. Should be unique per organization. UserName will be transferred to Buypass if MixedMode and used as lookup on search. Must not be changed without notifying Buypass. |
** For any AD mapping fields you can use any AD attribute listed in AD Attributes List. For selected AD attribute «LDAP-Display-Name» should be used. On search the client is reading the configuration and searches AD based on this. If the fields in AD does not correspond to configuration the Operator may have strange information in GUI OR User will perhapes not be found. Excample: If AD has SSN registered in 1 field, but in the configuration this is mapped to 2 fields, then SSN will show the content from field 1 twice. 21036912345 in AD-field will be 2103691234521036912345 in GUI. Image Removed Id | Description | Comments |
---|
#1 | Update button | Gets list of available groups from AD | #2 | Local certificate group | Users belonging to Local certificate group will have local certificate issued (LC). | #3 | Operator group | Users belonging to Operator group will have enrollment agent certificate issued (EA). | #4 | Administrator group | Users belonging to Administrator group will have enrollment agent certificate issued (EA). | #5 | Qualified certificate group | Users belonging to Qualified certificate group will have a par of qualified certificates issued (QC). |
Image Removed Id | Description | Comments |
---|
#1 | Server name | Defines the common name of the CA configuration. Button Select allows to obtain CA name automatically. Example: ca.testlab.local\Testlab CA | #2 | Update button | Gets certificate templates | #3 | Logon template | Name of template - if you get OID as in the example the template is unknown | #4 | Temporary template | Name of template - if you get OID as in the example the template is unknown | #5 | Enrollment agent template | Name of template - if you get OID as in the example the template is unknown | #6 | Test CA button | Ensures CA is accessible and template fields are not empty |
Implemented a check in v3.6 so there are no longer possible to search for CA templates without a corresponding OID. Image Removed Id | Description | Comments |
---|
#1 | Path to reports output directory | Filearea for storage of reports. | #2 | Test button | When pushing a TEST button we generate a file then store it and delete. |
Image Removed Id | Description | Comments |
---|
#1 | Local document registry path | Filearea for storage of PDF documents generated when LRA functions are run. | #2 | Test button | When pushing a TEST button we generate a file then store it and delete. |
Image Removed Id | Description | Comments |
---|
#1 | Remote functions enabling checkbox | If organization is using remote functions having Users at remote locations this checkbox must be ticked off. Give access to Remote function menu. If checked remote functions menu appears in LRA | #2 | Auto check request count | If number of remote certificate request should be counted and shown in Main menu this checkbox must be ticked off. | #3 | Path to requests | Filearea for storage of remote certificate requests. | #4 | Path to responses | Filearea for storage of certificates generated which act as responses of remote requests. | #5 | Requests pooling interval | Defines the polling interval in milliseconds. Default value is 2000. | #6 | Max number of attempts | Defines the maximum retry times the LRA client tries to acces the remote area. Default value is 30. | #7 | Test button | When pushing a TEST button we generate a file then store it and delete. |
Image Removed Id | Description | Comments | #1 | Merchant ID | Merchant ID connected to organization. Will be provided by Buypass | #2 | Timeout | Max time of waiting response from LTS - the Buypass interface | #3 | Endpoint address | Address for PROD: https://www.buypass.no/weblts/p1 Address for TEST: https://www.test4.buypass.no/weblts/p1 | #4 | Merchant certificate serial number | Serial number of merchant certificate installed in certstore. By using button SELECT you can obtain certificate serial key automatically Certificate should be installed as described in LRA Client readme | #5 | Use SSN as IssuerKey | Possibility to register a UserName other than SSN in BUYPASS MODE: - If IssuersKey=SSN=TRUE the field of UserName will be disabled in Preregistration-gui.
Filling in SSN should not as today duplicate the UserName-field. The UserName-field should be kept disabled, because duplicating will confuse more than make sense. - If IssuersKey=SSN=FALSE then UserName-field must be enabled and Operator must enter whatever value in this field additionally in SSN.
| #6 | Test LTS connection button | Signing a request and send it to LTS to get a response OK |
Image Removed Id | Description | Comments |
---|
#1 | Agreement sign required | If User should accept agreement on first time issuance of local certificates this ceckbox must be ticked off. NOTE: For first time issuance of qualified certificates the User must always accept the agreement. | #2 | User scan and document scan required | If User should sign and get his ID document scanned on first time issuance of local certificates this ceckbox must be ticked off. NOTE: For first time issuance of qualified certificates the User must allways sign and get his ID document scanned. | #3 | Allow more Local certificates | Enables possibility to issue additional local certificates in ID card scenario. | #4 | Allow Operator identification | Enables possibility for the Operator to say that User is known and there are no need of extra identification. In smaller organizations where "everyone knows everyone" this will make the issuance process easier, .... but the Operator still have the responsibility to identify the user. | #4 | Document scan required on replace | If User should get his ID document scanned on issuance of replacement of both local and qualified certificates this ceckbox must be ticked off. | #4 | Third party identification enabled | If organization allow 3.party identification in cases where User has forgotten his own ID document this checkbox must be ticked off. 3.party identification means another colleague in organization is using his smartcard to verify the Users identity. | #5 | Timeout | Third party card waiting timeout |
Image Removed |