Net iD Portal TimerService (NiP TS)

NiP TS is a Windows Service application running beside the web service on the local server. The purpose of NiP TS is to run as a background process against Net iD Portal. To modify the NiP TS settings, go to Administration  General settings  (Net iD Portal)  TimerService settings.

NiP TS runs as the basic/mex HTTP protocol with port 61234 as default. NiP TS has several modules that can be started in different time intervals. The default module is MonitorModule. There are non-default modules in the TimerService and these are custom actions.

Monitor

The module Monitor monitors the system through different kind of tasks. The module runs each 10 minute as default and checks for scheduled works in the Net iD Portal system. The tasks are:

LogoutIdleUsers

Automatically logout of inactive users.

NotifyExpireCertificates

Send email/SMS notification of certificates that are going to expire.

NotifyOrganizations

Send email/SMS notification when license validity period or number of allowed registered users is reached.

ReleaseIdleTasks

Release of inactive tasks.

RemoveExpiredOtps

Remove expired OTPs.

RemoveExpiredTasks

Deletion of expired tasks.

RemoveIdleLogins

Remove inactive or failed logins.

UpdateCertiificateStatus

Update certificate status, and sets invalid certificates to expired.

UpdateCertificateWhitelistStatus

Sets certificate whitelist to inactive according to configuration.

UpdateTokenStatus

Update token status, and sets invalid tokens to history token.

Example 1. Module Monitor
<Modules>
	<Module Name="MonitorModule">
		<ModuleAssemblyFile>SecMaker.NiP.TS.Module.Monitor.dll</ModuleAssemblyFile>
		<ModuleClassName>SecMaker.NiP.TS.Module.MonitorModule</ModuleClassName>
		<TimerSeconds>600</TimerSeconds> (1)
		<TimerStart>01:00:00</TimerStart> (2)
		<TimerEnd>05:30:00</TimerEnd> (3)
	</Module>
</Modules>
1 The <TimerSeconds> element specifies the time in seconds for how often the module runs. The value 600 will run the module each 10 minutes.
2 The <TimerStart> element specifies the time when the module starts. Value is given in hh:mm:ss
3 The <TimerEnd> element specifies the time when the module stops. Value is given in hh:mm:ss

Uploader

The module Uploader monitors local server directory path for uploading files to Net iD Portal in different kind of tasks. The tasks are:

CreateUserBatch

Processing batch of users that should be created.

OrderTokenPersonalizedBatch

Processing batch of personalized token orders for users.

Language

Processing of updated text resources for GUI by uploading a .csv file.

Example 2. Module Uploader
<Modules>
	<Module Name="UploaderModule">
		<ModuleAssemblyFile>SecMaker.NiP.TS.Module.Uploader.dll</ModuleAssemblyFile>
		<ModuleClassName>SecMaker.NiP.TS.Module.Uploader.UploaderModule</ModuleClassName>
		<TimerSeconds>900</TimerSeconds>
		<TimerStart>01:00:00</TimerStart>
		<TimerEnd>05:30:00</TimerEnd>
		<ModuleConfiguration>
			<ImportDirectory>C:\Program Files\NiP\TimerServiceUploader</ImportDirectory>
		</ModuleConfiguration>
	</Module>
</Modules>

Synchronizer

The Synchronizer module publish certificates from the Microsoft CA database on Net iD Portal. This is done for a future functionality where you can search for, and revoke, certificates that are not issued by Net iD Portal.

Example 3. Module Synchronizer
<Modules>
	<Module Name="SynchronizerModule">
		<ModuleAssemblyFile>SecMaker.NiP.TS.Module.Synchronizer.dll</ModuleAssemblyFile>
		<ModuleClassName>SecMaker.NiP.TS.Module.Synchronizer.SynchronizerModule</ModuleClassName>
		<TimerSeconds>0</TimerSeconds>
		<TimerStart>01:00:00</TimerStart>
		<TimerEnd>05:30:00</TimerEnd>
		<ModuleConfiguration></ModuleConfiguration>
	</Module>
</Modules>

Gemalto modules

The modules are specified for order, status and revocation of tokens against token manufacturer Gemalto.

GemaltoBatchOrder

The module GemaltoBatchOrder handles and sends batch orders to external manufacturer. This module only handles non-personalized cards.

Example 4. Module GemaltoBatchOrder
<Modules>
	<Module Name="GemaltoBatchOrderModule">
		<ModuleAssemblyFile>SecMaker.NiP.TS.Module.GemaltoBatchOrder.dll</ModuleAssemblyFile>
		<ModuleClassName>SecMaker.NiP.TS.Module.GemaltoBatchOrder.GemaltoBatchOrderModule</ModuleClassName>
		<TimerSeconds>600</TimerSeconds>
		<TimerStart>01:00:00</TimerStart>
		<TimerEnd>05:30:00</TimerEnd>
		<ModuleConfiguration>
			<Url>https://xml.setec.se/Service.asmx</Url>
			<SigningCertificate>thumbprint</SigningCertificate>
			<SslCertificate>thumbprint</SslCertificate>
			<OfflineSimulation>
				<Enabled>false</Enabled>
				<TimeSpan>
					<Seconds>80</Seconds>
				</TimeSpan>
			</OfflineSimulation>
		</ModuleConfiguration>
	</Module>
</Modules>

GemaltoCardOrder

This module handles and sends orders to external card manufacturer. When the order is complete it is signed and sent to the external card manufacturer. This module handles personalized cards.

Prerequisites

To be able to send an order to external card manufacturer it must have a corresponding task, and the external manufacturer must be set up to access the orders.

Order content

The order must contain the following:

  • Users serialnumber (person number)

  • Users name

  • Users address (synchronized from NAVET)

  • Office information and address

  • Product information

  • Customer information at external card manufacturer

Example 5. Module GemaltoCardOrder
<Modules>
	<Module Name="GemaltoCardOrderModule">
		<ModuleAssemblyFile>SecMaker.NiP.TS.Module.GemaltoCardOrder.dll</ModuleAssemblyFile>
		<ModuleClassName>SecMaker.NiP.TS.Module.GemaltoCardOrder.GemaltoCardOrderModule</ModuleClassName>
		<TimerSeconds>130</TimerSeconds> (1)
		<TimerStart>01:00:00</TimerStart>
		<TimerEnd>05:30:00</TimerEnd>
		<ModuleConfiguration>
			<MaxOrdersPerBatch>5</MaxOrdersPerBatch> (2)
			<Url>https://xml.setec.se/Service.asmx</Url> (3)
			<SigningCertificate>thumbprint</SigningCertificate> (4)
			<PublicKeyForEncryption/>
			<OfflineSimulation>
				<Enabled>false</Enabled>
				<TimeSpan>
					<Seconds>130</Seconds>
				</TimeSpan>
			</OfflineSimulation>
		</ModuleConfiguration>
	</Module>
</Modules>
1 <TimerSeconds> decides with which interval the module should be run after the start of the TimerService Service.
2 <MaxOrdersPerBatch> decides how many orders (maximum) should be processed and sent to external card manufacturer during the run of the module. When orders are successfully sent the module will no longer process the orders.
3 <Url> is the URL to the web service at the external card manufacturer.
4 <SigningCertificate> is the thumbprint of the local certificate that should be used to sign the batch of orders sent to the external card manufacturer. Since it is a signature being made the local service must have the appropriate rights to the keys for the corresponding certificate.

Task status

  • Only orders with “task_status_adnl” 10 and 90 will be processed.

  • 10 is “ReadyToBeSent

  • 90 is “ReadyToBeResent”. This status will be set if the last run of the task was unsuccessful.

  • When the batch of orders are successfully sent “task_status_adnl” will be set to 20.

See section TaskStatusAdnl for complete description of Task statuses.

Certificate order

When the order is accepted by the external card manufacturer it calls the ExternalWebService (EWS) with the task GUID, and certificate template information to get certificates. EWS will process the order if a task with the corresponding GUID is available and then issue certificates according to the TokenTemplate setup. When certificates are issued, the task gets a new task_status_adnl which is 522, and the task binary is updated with the corresponding information. When this is done, the order is complete.

GemaltoCardStatus

Send a card status change to Gemalto. For example when blocking a card.

Example 6. Module GemaltoCardStatus
<Modules>
	<Module Name="GemaltoCardStatusModule">
		<ModuleAssemblyFile>SecMaker.NiP.TS.Module.GemaltoCardStatus.dll</ModuleAssemblyFile>
		<ModuleClassName>SecMaker.NiP.TS.Module.GemaltoCardStatus.GemaltoCardStatusModule</ModuleClassName>
		<TimerSeconds>0</TimerSeconds>
		<TimerStart>01:00:00</TimerStart>
		<TimerEnd>05:30:00</TimerEnd>
		<ModuleConfiguration>
			<Url>https://xml.setec.se/eBlocked/Service.asmx</Url>
			<SslCertificate>thumbprint</SslCertificate>
			<SigningCertificate>thumbprint</SigningCertificate>
		</ModuleConfiguration>
	</Module>
</Modules>

GemaltoCodeLetterReprintOrder

Send PIN/PUK letter orders for a card to Gemalto.

Example 7. Module GemaltoCodeLetterReprintOrder
<Modules>
	<Module Name="GemaltoCodeLetterReprintOrder">
		<ModuleAssemblyFile>SecMaker.NiP.TS.Module.GemaltoCodeLetterReprintOrder.dll</ModuleAssemblyFile>
		<ModuleClassName>SecMaker.NiP.TS.Module.GemaltoCodeLetterReprintOrder.GemaltoCodeLetterReprintOrderModule</ModuleClassName>
		<TimerSeconds>500</TimerSeconds>
		<TimerStart>01:00:00</TimerStart>
		<TimerEnd>05:30:00</TimerEnd>
		<ModuleConfiguration>
			<Url>https://xml.setec.se/Service.asmx</Url>
			<SigningCertificate>thumbprint</SigningCertificate>
			<PublicKeyForEncryption></PublicKeyForEncryption>
			<OfflineSimulation>
				<Enabled>false</Enabled>
			</OfflineSimulation>
		</ModuleConfiguration>
	</Module>
</Modules>

GemaltoOrderStatus

The module GemaltoOrderStatus asks Gemalto for status on pending orders.

Example 8. Module GemaltoOrderStatus
<Modules>
	<Module Name="GemaltoOrderStatusModule">
		<ModuleAssemblyFile>SecMaker.NiP.TS.Module.GemaltoOrderStatus.dll</ModuleAssemblyFile>
		<ModuleClassName>SecMaker.NiP.TS.Module.GemaltoOrderStatus.GemaltoOrderStatusModule</ModuleClassName>
		<TimerSeconds>120</TimerSeconds>
		<TimerStart>01:00:00</TimerStart>
		<TimerEnd>05:30:00</TimerEnd>
		<ModuleConfiguration>
			<Url>https://xml.setec.se/eBlocked/Service.asmx</Url>
			<SslCertificate>thumbprint</SslCertificate>
			<SigningCertificate>thumbprint</SigningCertificate>
			<OfflineSimulation>
				<Enabled>false</Enabled>
				<TimeSpan>
					<Seconds>120</Seconds>
				</TimeSpan>
			</OfflineSimulation>
		</ModuleConfiguration>
	</Module>
</Modules>