SigningHub Admin API

Make the following changes in the “appsettings.Production.json” file to configure Application Settings for the SigningHub Admin API.

To specify the language file path:

The path for language resource files must be specified using the LanguageFilePath configuration in appsettings.Production.json. This setting defines the directory from which SigningHub loads language files.

"LanguageFilePath": {
  "Languages": "wwwroot/Languages"
}

To configure default settings:

The default resource paths for SigningHub must be specified using the 'Default Settings' configuration in appsettings.Production.json. This section defines the directories from which SigningHub loads various resources, such as email templates, country and timezone data, logos, fonts, appearances, document templates, and common language files.

"DefaultsSettings": {
  "EmailTemplates": "default/emailtemplates/",
  "CountryPath": "default/languages/country/",
  "TimeZonePath": "default/languages/timezone/",
  "LogoPath": "default/companylogo/",
  "FontPath": "default/fonts/",
  "DefaultJsonPath": "default/",
  "Appearances": "default/appearances/",
  "EmailLanguagesFolder": "default/languages/emails/",
  "Document": "default/document/",
  "CommonLanguagesPath": "default/languages/common/"
}

To validate the allowed audience of JWT:

"ValidateAudience": "false"

Set the value of the ValidateAudience key to false (default) to ignore audience validation. To enforce audience validation against the allowed audience of JWT, set the value of this key to true.

To enable TLS/SSL authentication:

Make the following change in the “web.config” file for the SigningHub Admin API.

<location path="authenticate/ssl">
    <system.webServer>
        <security>
            <access sslFlags="Ssl, SslRequireCert, SslNegotiateCert" />
        </security>
    </system.webServer>
</location>

For the TLS/SSL authentication, uncomment the above location tag. SigningHub will work as of today and does not allow TLS/SSL authentication when the location tag is commented out.

To add the '00' IDD prefix (if not already present) in the mobile number:

"MODIFY_MOBILE_NUMBER_FOR_SAM": "true"

For the tag with the “MODIFY_MOBILE_NUMBER_FOR_SAM” key, set the value 'True” and SigningHub works as of today by adding the '00' prefix (if not already present) in the mobile number before sending it to the ADSS Server's SAM.

If it's “False”, SigningHub will send the mobile number to the ADSS's SAM without any modifications.

To disable Swagger documentation:

"EnableSwaggerDocumentation": "false"

Set the value of the EnableSwaggerDocumentation key to false (default) or omit the key to disable Swagger documentation for security reasons. To enable Swagger documentation, set the value of this key to true.

To use HashiCorp KeyVault:

"HASHI_CORP_UAMI_CLIENT_ID": "",
"HASHI_CORP_LOGIN_URL": "",
"HASHI_CORP_UAMI_URL": "https://management.core.windows.net/"
"HASHI_CORP_UAMI_NAME": "",
"HASHI_CORP_NAMESPACE": "",
"HASHI_CORP_VAULT_PATH": "",
"HASHI_CORP_SECRET_KEY": "",
"HASHI_CORP_SECRET_KEY_TYPE": "PASSWORD" <!--Possible Values: PASSWORD | CONNECTION_STRING-->

For the tag with the “HASHI_CORP_UAMI_CLIENT_ID” key, specify the unique identifier for the client application integrating with the HashiCorp Key Vault connector.

For the tag with the “HASHI_CORP_LOGIN_URL” key, specify the URL where the HashiCorp Vault can be accessed for authentication and authorisation.

For the tag with the "HASHI_CORP_UAMI_URL" key, specify the URL endpoint associated with the User-Assigned Managed Identity (UAMI) within Azure Active Directory (AD). SigningHub uses this URL to authenticate and authorise the client application with HashiCorp Vault using the UAMI. Default value: https://management.core.windows.net/

For the tag with the “HASHI_CORP_UAMI_NAME” key, specify a unique identifier or label within Azure Active Directory (AD), used to identify and manage individual users or entities within the Azure AD framework, ensuring an organised and secure structure for user-related information and permissions.

For the tag with the “HASHI_CORP_NAMESPACE” key, specify the logical partition within HashiCorp Vault for organising and managing secrets.

For the tag with the “HASHI_CORP_VAULT_PATH” key, specify a pathway to a location within the HashiCorp Vault for storing and managing secrets and data.

For the tag with the “HASHI_CORP_SECRET_KEY” key, specify the key against which to get the value from the Key Vault.

For the tag with the “HASHI_CORP_SECRET_KEY_TYPE” key, possible values are password and connection string.

For the above tags, add the relevant details of the HashiCorp KeyVault to integrate SigningHub with HashiCorp KeyVault to securely access sensitive information, such as secrets stored within HashiCorp KeyVault. If it's empty, then SigningHub will work without the HashiCorp KeyVault integration.

PreviousSigningHub Admin NextSigningHub Desktop Web

Last updated 2 months ago

Was this helpful?

hashtagTo specify the language file path:

hashtagTo configure default settings:

hashtagTo validate the allowed audience of JWT:

hashtagTo enable TLS/SSL authentication:

hashtagTo add the '00' IDD prefix (if not already present) in the mobile number:

hashtagTo disable Swagger documentation:

hashtagTo use HashiCorp KeyVault: