Configure Communication Protocols

CA Strong Authentication Administration Guide › Managing CA Strong Authentication Server Instances › Configure Communication Protocols

Configure Communication Protocols

You can configure the protocols that Administration Console, SDKs, and Web Services use to communicate with a CA AuthMinder Server instance for credential management, authentication, and administration purposes

The following table explains the protocols that are listed on the Protocol Configuration page and gives their default port numbers:

Protocol	Default Port Number	Description
Administration Web Services	9745	This protocol is used to manage SAML, ASSP, profile and policy configurations.
ASSP	9741	Adobe Signature Service Protocol (ASSP) is used with Adobe Reader and Adobe Acrobat to authenticate users for server-side digital signing of the PDF documents.
RADIUS	1812	This is a RADIUS listener protocol that is used to extend CA AuthMinder capability to support the Remote Authentication Dial In User Service (RADIUS) protocol. Note: When configured to support RADIUS, CA AuthMinder Server acts as a RADIUS server.
Server Management Web Services	9743	The Administration Console and the arwfutil tool communicate to the CA AuthMinder Server instance for server management activities by using this protocol.
Transaction HTTP	9746	This protocol receives HTTP data. It is used for CA Auth ID OTP provisioning and CA Auth ID PKI key bag management operations. Note: This protocol does not expose other generic CA AuthMinder operations.
Transaction Native	9742	This is a binary CA AuthMinder protocol for issuance and authentication. This protocol is used by Issuance and Authentication Java SDKs.
Transaction Web Services	9744	This protocol receives Web services requests that are sent by Authentication and Issuance Web services.

Follow these steps:

Note: The data that is displayed in the Instance Statistics (see Monitoring Instance Statistics) page depends on the parameters that are configured on this page.

Click the Services and Server Configurations tab in the main menu.
Ensure that the CA Strong Authentication tab in the submenu is active.
Under the Instance Configurations section, click the Protocol Management link to display the Protocol Configuration page.
Select the Server Instance for which you want to configure the protocols.
In the List of Protocols section, click the protocol that you want to configure.
The page to configure the specific protocol appears.
Edit the fields on the page, as required. The following table explains these fields:

Protocol Status

Indicates whether the protocol is Enabled or Disabled.

Change Protocol Status Action

Select this option to enable the Action list and then select the new status from the Action drop-down list.

Note: The Server Management protocol cannot be disabled. Therefore, these options are not displayed for this protocol.

Port

Define the port number where the protocol service will be available.

Maximum Allowed Request Size (in KB)

Define the maximum size of the request that you can send to the CA AuthMinder Server. If the input size exceeds this value, then the request is not processed by the CA AuthMinder Server.

Note: By default, there is no limit on the input request size.

Minimum

Define the minimum number of threads that the client and the CA AuthMinder Server can maintain.

Maximum Threads

Specify the maximum number of threads that can exist between the client and the CA AuthMinder Server.

Note: The following fields are not applicable for RADIUS protocol.

Thread Threshold

Specify the maximum number of threads in percentage. Any additional requests over the threshold percentage of maximum threads will be closed immediately after serving the request.

For example, Maximum Threads by default is 128 and Thread Threshold is 90%, this indicates that the threads that are established beyond 115 will be served and closed immediately.

Client Idle Timeout (in Seconds)

Specify the interval, in seconds, for which the CA AuthMinder Server waits for a request from the client before closing the connection.

Connection Keep Alive

Enable this option if you want the client to retain the connection even after the request is processed.

The connection is closed when the connection duration is equal to Client Idle Timeout (in Seconds) period.

Transport

Specify the mode for data transfer.

The supported values are:

SSL(1-Way): One-way Secure Sockets Layer (SSL) is used to encrypt and decrypt data under transmission.

SSL(2-Way): Two-way SSL is used to encrypt and decrypt data under transmission.

Note: This option is available only if you have configured the trust store.

TCP: Transmission Control Protocol (TCP) mode is used to encrypt and decrypt data under transmission.

Key in HSM

Enable this check box if the private key for the SSL communication is stored on the HSM device. The CA AuthMinder Server will find the private key based on the certificate chain provided.

Certificate Chain (in PEM Format)

Upload the server certificate chain by using the respective Browse button in the corresponding field.

Note: This field is available only if you select the Key in HSM option.

P12 File Containing Key Pair

The password corresponding to the P12 file.

P12 File Password Select Client Store

Select the trust store that contains the root certificates of the trusted CAs.

See Creating Trust Stores for more information about how to configure a trust store.

Note: This field is applicable only for two-way SSL communication.
Click Save.
Note: Configure each protocol individually.
Restart the CA AuthMinder Server instance for which you made the preceding changes. See Refresh a Server Instance for instructions about the procedure.