Architecture of Net iD Portal
About
The architecture of Net iD Portal consists of several services. The required services are:
-
NiE (Net iD Enterprise)
-
NiP GUI (Net iD Portal Graphical User Interface)
-
NiP API (Net iD Portal Application Programming Interface)
-
NiP GS (Net iD Portal Generic Service)
-
NiP TS (Net iD Portal Timer Service)
-
Database
-
Files
Net iD Enterprise (NiE)
Net iD Enterprise is a PKI client, provided by SecMaker, which needs to be installed on the local client. NiE handles all the architecture of local tokens, smart card readers and local libraries.
Refer to the Net iD Enterprise documentation for more information.
Net iD Portal Graphical User Interface (NiP GUI)
NiP GUI contains all the structures that can be used by the default web browser. NiP GUI contains the graphical design pack, front-end architecture and structure that are interacting with NiE. NiP GUI can be used on a web server of in the environment or the local workstation. NiP GUI requires NiE to be installed locally on the client.
Net iD Portal Application Programming Interface (NiP API)
NiP API is a web service that contains all the structure and interfaces connecting to the services on server side.
NiP API contains two main web services:
- Application
-
The purpose of the application service is to provide the NiP GUI with a server application interface.
- External
-
The purpose of the external service is to provide third party vendors with a server application interface against Net iD Portal.
The interfaces of the application and external services are:
- ServiceSoap.svc
-
Simple Object Access Protocol (SOAP) specification of the interface formatted as Extensible Markup Language (XML). ServiceSoap.svc uses BasicHttpBinding and all object types are formatted in PascalCase.
- ServiceRestJson.svc
-
Representational State Transfer (REST) specification of the interface formatted as JavaScript Object Notation (JSON). ServiceRestJson.svc uses WebHttpBinding and all object types are formatted in PascalCase.
- ServiceRestXml.svc
-
Representational State Transfer (REST) specification of the interface formatted as Extensible Markup Language (XML). ServiceRestXml.svc usrs WebHttpBinding and all object types are formatted in PascalCase.
Refer to the Net iD Portal API documentation for more information.
Net iD Portal Generic Service (NiP GS)
NiP GS is a Windows Service application running beside the web service on the local server. The purpose of NiP GS is to relieve big and continuous data structures from the services. NiP GS runs as the basic/mex HTTP protocol with port 61236 as default. NiP GS has two modules that runs automatically at startup:
-
TraceServer
The module receives trace calls asynchronously from the trace structure of the services and saves the traces to local file. -
Log
The module receives log entry calls asynchronously from the services and store the entries into the database.
Net iD Portal Timer Service (NiP TS)
NiP TS is a Windows Service application running beside the web service on the local server. The purpose of NiP TS is to running as a background process against Net iD Portal. The settings can be modified through the "Administration" section of the portal.
NiP TS runs as the basic/mex HTTP protocol with port 61234 as default. NiP TS has several modules that can be started in different time intervals. The modules are:
-
Monitor
The module monitors the system through different kind of tasks. The module runs each 10 minute as default and checks for scheduled works in the Net iD Portal system. The tasks are:-
Automatically logout of inactive users.
-
Notification of certificates that are going to expire.
-
Release of inactive tasks.
-
Deletion of expired tasks.
-
Status updates for certificates.
-
Status updates for tokens.
-
-
Uploader
The module monitors local server directory path for uploading files to Net iD Portal in different kind of tasks. The tasks are:-
Processing of updated text resources.
-
Processing batch of users that should be created.
-
Processing batch of personalized token orders for users.
-
-
Gemalto .
The modules are specified for order, status and revocation of tokens against token manufacturer Gemalto.
Example of settings:
The default module is "MonitorModule". There are non-default modules in the Timer Service and these are custom actions.
<Modules>
<Module Name="MonitorModule">
<ModuleAssemblyFile>SecMaker.NiP.TS.Module.Monitor.dll</ModuleAssemblyFile>
<ModuleClassName>SecMaker.NiP.TS.Module.MonitorModule</ModuleClassName>
<TimerSeconds>600</TimerSeconds> (1)
</Module>
</Modules>
1 | The <TimerSeconds> tag will specify the time in seconds for how often the module runs (i.e. 600 = each 10 minute). |
Database
NiP API stores all data in two databases. The purpose of the two databases are:
- System
-
Contains all the data of the application configuration, users, tokens and certificates.
- Log
-
Separated database that contains all the log information (also known as audit logs).
Database collations
NiP API uses the following default database collations:
-
Microsoft SQL Server:
SQL_Latin1_General_CP1_CI_AS
-
Oracle MySQL:
UTF8_GENERAL_CI
with default character set to UTF-8.
Database constraints
NiP API uses the following constraint name syntax for the database tables:
-
PrimaryKeys:
PK_%TABLENAME%_ID
-
ForeignKeys:
FK_%TABLENAME%_%PRIMARYKEYREFERENCE%
-
DefaultConstraintName:
DF_%TABLENAME%_%COLUMNNAME%
Note that Microsoft SQL Server has a maximum value of 128 characters and Oracle has a maximum value of 64 characters of the constraint name schema.
Database tables
The system database contains several tables for different type of storage. The table names are stored as abbreviation names and describes their own purpose. The following table describes the names and purposes of the database tables:
Table name (short) | Table name (full) | Description | ||
---|---|---|---|---|
acquis |
Acquis |
Contains Officer’s Acquis |
||
acquis_usr_relns |
Acquis User Relations |
Contains relations keys between Acquis and Officers |
||
act_usrs |
Active Users |
Contains information and handle types about current logged on users. |
||
adm_cfgs |
Administration Configurations |
Contains static task configuration of the administration types. |
||
adnl_ids |
Additional Identities |
Contains additional identities for End Entity objects |
||
cache_objs |
Cache Objects |
Contains different type of cache objects. |
||
cm_soc_sec_nrs |
Customized Social Security Numbers |
Contains customized social security numbers to specific feature (see the User Guide for more information). |
||
creds |
Credentials |
Contains credential information for third party services. |
||
crt_auths |
Certificate Authorities |
Contains information about the certificate authority services. |
||
crt_tmls |
Certificate Templates |
Contains information about the certificate templates. |
||
crt_whitelist_appvls |
Certificate Whitelist Approvals |
Contains Certificate whitelist approvals for End Entity objects |
||
crt_whitelists |
Certificate Whitelists |
Contains Certificate whitelists for End Entity objects. |
||
crts |
Certificates |
Contains information and binary data of the stored certificates. |
||
dir_svcs |
Directory Services |
Contains information about the directory services. |
||
end_entities |
End Entity |
Contains information about End Entity objects |
||
gen_sets |
Generic Settings |
Contains generic settings and configuration of the NiP API instance. |
||
gen_txts |
Generic Texts |
Contains generic texts configured from the admin interface |
||
hist_tkns |
Historical Tokens |
Contains a list of a user’s historical tokens. |
||
key_objs |
Key Objects |
Contains binary key objects for different types of relations. |
||
lic_svc_adms |
Undefined |
Undefined
|
||
lic_svc_nie |
Undefined |
Undefined
|
||
lic_svc_nie_mstr |
Undefined |
Undefined
|
||
lic_svc_nip |
Undefined |
Undefined
|
||
natl_regs |
National Registrations |
Contains information about the national citizen register services |
||
org_ofc_addrs |
Organization Offices Addresses |
Contains information about the addresses to offices of an organization |
||
org_ofcs |
Organization Offices |
Contains information about the offices of an organization. |
||
orgs |
Organizations |
Contains information about the organizations. |
||
otps |
One Time Passwords |
Contains temporary one-time password object types. |
||
privileges |
Privileges |
Contains a list of static and customized privileges. |
||
role_privilege_relns |
Role Privilege Relations |
Contains relation keys between roles and privilege tables. |
||
role_usr_grps_relns |
Role User Group Relations |
Contains relation keys between roles and user group tables. |
||
roles |
Roles |
Contain a list of roles. |
||
rprts |
Reports |
Contains information templates of reports. |
||
sa_key_objs |
Undefined |
Undefined
|
||
sa_key_usr_relns |
Undefined |
Undefined
|
||
sa_key_usrs |
Undefined |
Undefined
|
||
sms_tmls |
SMS Templates |
Contains information about the SMS templates. |
||
smtp_tmls |
SMTP Templates |
Contains information about the SMTP templates. |
||
srvs |
Servers |
Contains server objects. |
||
task_type_privilege_relns |
Task Type Privilege Relations |
Contains relation keys between task type and privilege tables. |
||
task_types |
Task Types |
Contains a list of static and customized task types. |
||
tasks |
Tasks |
Contains task objects. |
||
tkn_crt_tml_relns |
Token Template Certificate Template Relations |
Contains relation keys between token template and certificate template tables. |
||
tkn_mfrs |
Token Manufacturers |
Contains information about external token manufactures. |
||
tkn_prfls |
Token Profiles |
Contains information about token profile configurations. |
||
tkn_rgtr |
Token Register |
Contains customized token register. |
||
tkn_tmls |
Token Templates |
Contains information about token templates. |
||
tkn_usr_relns |
Token User Relations |
Contains relation keys between token and user tables. |
||
tkns |
Tokens |
Contains token objects. |
||
unit_tests |
Undefined |
Undefined
|
||
usr_appvls |
User Approvals |
Contains user approvals of End Entity objects |
||
usr_grp_relns |
User Group Relations |
Contains relation keys between user and group tables. |
||
usr_grp_restr_relns |
User Group Restriction Relations |
Contains relation keys between usergroups and their restrictions against other usergroups |
||
usr_grps |
User Groups |
Contains user group objects. |
||
usr_imgs |
User Images |
Contains user image binaries. |
||
usr_org_ofc_addrs_relns |
User Office Addresses relations |
Contains relation keys between user and Office Addresses |
||
usrs |
Users |
Contains user objects. |
||
version |
Version |
Contains current database context version. |
The tables of the log database are:
System database table | Name | Description |
---|---|---|
log_ents |
Log Entries |
Contains information, binary data and signatures of the log entries. |
Database documentation
Refer to the Net iD Portal Main database, Net iD Portal Log database, and Net iD Portal LogClient database documentation for more information.
File structure - Net iD Portal services
NiP GUI file structure
The file structure of NiP GUI:
Path | Description |
---|---|
%path%\%version%\asset\css |
Contains the cascading style sheets (css) of the GUI. |
%path%\%version%\asset\fonts |
Contains the fonts of the GUI. |
%path%\%version%\asset\image |
Contains the images of the GUI. |
%path%\%version%\language |
Contains the local language files in json format. |
%path%\%version%\app.js |
GUI and front-end application structure. |
%path%\%version%\config.js |
Configuration of the GUI. |
%path%\index.html |
Default start page. |
NiP API file structure
The file structure of NiP API:
Path | Description |
---|---|
%path%\bin*.* |
Contains all the assemblies and libraries. |
%path%\texts*.* |
Contains local trace files generated by NiP API. |
%path%\Global.asax |
Specifies the handler for the instance of NiP API. |
%path%\ServiceRestJson.svc |
NiP API REST interface formatted as Json. |
%path%\ServiceRestXml.svc |
NiP API REST interface formatted as XML. |
%path%\ServiceSoap.svc |
NiP API SOAP interface. |
%path%\Trace.svclog |
Instance diagnostic trace. |
%path%\Web.Config |
Instance configuration of the NiP API and web service. |
NiP GS file structure
The file structure of NiP GS:
Path | Description |
---|---|
%path%\*.dll |
All the assemblies and libraries (same files as for NiP API and NiP TS). |
%path%\texts*.* |
Contains local trace files generated by NiP GS. |
%path%\SecMaker.NiP.GS.exe |
The executable file that is installed in the Windows Service Manager. |
%path%\SecMaker.NiP.GS.exe.config |
Instance configuration of the NiP GS. |
NiP TS file strucutre
The file structure of NiP TS:
Path | Description |
---|---|
%path%\*.dll |
All the assemblies and libraries (same files as for NiP API and NiP GS). |
%path%\texts*.* |
Contains local trace files generated by NiP TS. |
%path%\SecMaker.NiP.TS.exe |
The executable file that is installed in the Windows Service Manager. |
%path%\SecMaker.NiP.TS.exe.config |
Instance configuration of the NiP TS. |