Trusted Services
Some services are required to make use of the Planon Software Suite business interface, executing business logic on behalf of a particular user. In order for the code to function as intended (i.e. with the proper authorization) such services must be able to log on acting as that particular user.
Since these services will be unaware of the user’s password, obviously for the sake of security, another means of authentication is required.
The Trusted Services solution allows the registration of services that are considered ‘trusted’. This registration involves adding a certificate for each service configured. Such a certificate is related to a particular service and corresponds with a key pair that is only available to that service.
Each service can now authenticate itself using an item of signed information. Planon Software Suite then enables each service authenticated this way to act as a known Planon user.
The authentication of a service takes place with each request from that service.
The installer automatically generates certificates and keystores for trusted services used by the Planon software such as mobile apps or the Planon application. The complete configuration is also automatically done at the time of installation. The trusted service is placed into the database and the certificate is automatically loaded on starting the application server. The certificate is reloaded each time the application server is restarted. To make sure always the latest installed certificate is used. This applies only for the automatically generated certificates and only if located in: ...\Server\wildfly-*\standalone. This is the location the installer will place these certificates automatically.
| If you run multiple application servers, make sure you use the same certificate for a specific service on all the application servers on which the service runs. Keep in mind the installer automatically generates certificates and is not aware about multiple application servers. |
In the case of Trusted Services, we will create a self-signed certificate. If you want to use an already existing keystore entry, or you want to include the certificate in a chain, you will have to perform further actions, which due to the diversity of possible configurations, are not described in this manual.