Select release
Deployment Tutorials

Deploying Enrollment Server

Deploying Enrollment Server on JBoss/Wildfly

Migration Instructions

Configuration Properties

Documentation for Onboarding Server

Mobile Token

Operation Extensions

Implementation Tutorials

Authentication in Mobile Banking Apps (SCA)

Verifying PowerAuth Signatures On The Server

Deploying Enrollment Server

Edit on Github Send Feedback v1.4.2

This chapter explains how to deploy Enrollment Server.

The enrollment server component will need to be customized in case you need to customize the activation process. The customization is described in the tutorial Implementing the Server-Side for Authentication in Mobile Banking Apps (SCA).

Downloading Enrollment Server

You can download the latest enrollment-server.war from the Enrollment Server releases page.

Configuring Enrollment Server

The default implementation of an Enrollment Server has only one compulsory configuration parameter powerauth.service.url that configures the REST service location of a PowerAuth Server. The default value for this property points to localhost:

powerauth.service.url=http://localhost:8080/powerauth-java-server/rest

Configuration of Enrollment Server Functionality

Publishing of Mobile Token endpoints can be enabled or disabled using following configuration property:

enrollment-server.mtoken.enabled=true

The activation spawn functionality can be enabled or disabled using following configuration property:

enrollment-server.activation-spawn.enabled=false

Setting Up REST Service Credentials

(optional) In case PowerAuth Server uses a restricted access flag in the server configuration, you need to configure credentials for the Enrollment Server so that it can connect to the REST service:

powerauth.service.security.clientToken=
powerauth.service.security.clientSecret=

The RESTful interface is secured using Basic HTTP Authentication (pre-emptive). The credentials are stored in the pa_integration table.

Configuring Push Server

The Enrollment Server also allows simple device registration to push notifications by calling PowerAuth Push Server API. While configuring this URL is technically optional, we recommend configuring the push server URL:

powerauth.push.service.url=http://localhost:8080/powerauth-push-server

Deploying Enrollment Server

You can deploy Enrollment Server into any Java EE container.

The default configuration works best with Apache Tomcat server running on default port 8080. In this case, the deployed server is accessible on http://localhost:8080/enrollment-server/.

To deploy Enrollment Server to Apache Tomcat, simply copy the WAR file in your webapps folder or deploy it using the “Tomcat Web Application Manager” application (usually deployed on default Tomcat address http://localhost:8080/manager).

Running Enrollment Server from console using the java -jar command is not supported.

Correlation Header Configuration (Optional)

You can enable correlation header logging in Enrollment server by enabling the following properties:

powerauth.service.correlation-header.enabled=true
powerauth.service.correlation-header.name=X-Correlation-ID
powerauth.service.correlation-header.value.validation-regexp=[a-zA-Z0-9\\-]{8,1024}
logging.pattern.console=%clr(%d{${LOG_DATEFORMAT_PATTERN:yyyy-MM-dd HH:mm:ss.SSS}}){faint} %clr(${LOG_LEVEL_PATTERN:%5p}) [%X{X-Correlation-ID}] %clr(%5p) %clr(${PID: }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:%wEx}

Update the correlation header name in case you want to use a different HTTP header than X-Correlation-ID. You can also update the regular expression for correlation header value validation to match the exact format of correlation header value that will be used.

The logging pattern for console is the Spring default logging pattern with the addition of %X{X-Correlation-ID}. This variable is used to log the actual value of the correlation header.

For best traceability, the correlation headers should be enabled in the whole PowerAuth stack, so enable the correlation headers in other deployed applications, too. The configuration property names are the same in all PowerAuth applications: powerauth.service.correlation-header.*. The correlation header values are passed through the stack, so the requests can be traced easily across multiple components.

Deploying Enrollment Server On JBoss / Wildfly

Follow the extra instructions in chapter Deploying Enrollment Server on JBoss / Wildfly.

Supported Java Runtime Versions

The following Java runtime versions are supported:

  • Java 11 (LTS release)
  • Java 17 (LTS release)

The Enrollment Server may run on other Java versions, however we do not perform extensive testing with non-LTS releases.

How to Disable Display of Tomcat Version

It case you do not want to show Tomcat version on error pages when deploying Enrollment server, you can use the following configuration:

  • Edit the file <install-directory>/conf/server.xml.
  • Search for the parameters <Host name="..."/>.
  • Just below that line, insert the following parameters <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>.
  • Restart Tomcat.
Last updated on Nov 03, 2022 (10:36) Edit on Github Send Feedback
On this page:
Search

1.4.x

Enrollment Server