SigningHub Web API

Make the following changes in the “appsettings.Production.json” file to configure Application Settings for the SigningHub Web API.

To display the Global Sign Logo under the system tray:

"ShowGlobalSignLogo": "false"

For the tag with the “ShowGlobalSignLogo” key, set the value to “True”.

To add signature policy information while performing signatures:

"SignaturePolicyURI": ""
"SignaturePolicyName": ""

1. For the tag with the “SignaturePolicyURI” key, set the value to a valid downloadable link of the signature policy document.

2. For the tag with the “SignaturePolicyURI” key, set the value to a name of a signature policy document with extension, which is placed under the default directory in the SigningHub deployment directory at the following path: [SigningHub Deployment Directory]\default\signaturepolicydocuments There is a workaround that needs to be done at the ADSS end for verification of EPES signatures, as ADSS is unable to download the document from the provided URI in the signature, due to which the policy document needs to be placed under the policy folder at the following path: [ADSS Installation Directory]/service/policy Moreover, the OID and path in the 'policy.properties' file must be added at the following path: [ADSS Installation Directory]/service Example: Sample-OID = D:/Deployments/ADSS-Server/service/policy/Sample-Policy-Document.pdf

To disable Swagger documentation:

"EnableSwaggerDocumentation": "false"

Set the value of the EnableSwaggerDocumentation key to false (default) or omit the key to disable Swagger documentation for security reasons. To enable Swagger documentation, set the value of this key to true.

To hide the edit dialogue upon dropping a field

This setting controls the behaviour of the edit dialogue when a field is placed onto a document. When set to true, the edit dialogue will not automatically appear after a field is dropped, allowing the user to continue placing fields without interruption. If set to false, the edit dialogue will be displayed each time a field is added, prompting the user to configure the field’s properties immediately.

To add signature policy information while performing the signature:

For the tag with the “SignaturePolicyOID” key, set the value to the signature policy OID according to the policy document.

To display an error if no RUT value is found in the user identity table:

For the tag with the “ValidateRUT” key, set the value to “True”, else the system will work as of today and will let the user sign the document.

To add the '00' IDD prefix (if not already present) in the mobile number:

For the tag with the “MODIFY_MOBILE_NUMBER_FOR_SAM” key, set the value “True” SigningHub works as of today by adding the '00' prefix (if not already present) in the mobile number before sending it to the ADSS Server's SAM.

If it's “False”, SigningHub will send the mobile number to the ADSS's SAM without any modifications.

To turn off the default certify policy for individual users:

For the tag with ''DefaultCertifyForIndividualUsers '' key, set the value 'True' and SigningHub will work as of today and turn on the certify policy by default for individual users. If it's "False", the SigningHub will turn off the certify policy.

To turn on Email Address Validation:

For the tag with "Validate_Email_For_Signing_Authentication" key, set the value "True" and SigningHub will enforce users to use the same email address for both login authentication and signing authentication. If it's "False", SigningHub will work as of today, and the users can use a different email address for login authentication and signing authentication.

To turn off the Auto-opening of the Edit Signature Field dialogue:

For the tag with "HideEditDialogOnFieldDropped" key, set the value "True" and SigningHub will turn off the Auto-opening Edit Signature Field dialogue window when the user performs a Signature field drag and drop. If it's "False", SigningHub will work as of today, and the Edit Signature Field dialogue window will open automatically.

To set the default Workflow Mode for individual users:

For the tag with "DefaultWorkflowForIndividualUsers" key, set the value of the workflow mode, SigningHub will set that workflow mode as a default for the individual users. If it's not present, then SigningHub will work as of today and set the workflow mode "ONLY_OTHERS". There are three types of workflow modes supported in the application. Possible values are "ONLY_ME", "ME_AND_OTHERS" and "ONLY_OTHERS".

To set the time zone that is used when sending verification time to the ADSS Server's Verification Service:

For the tag with "ADSS_SERVER_TIMEZONE" key, set the value of the time zone. SigningHub will use that time zone when sending verification time to the ADSS Server's Verification Service. If it's not present, it sends the verification time in the UTC time zone. There are three types of time zones supported in the application. Possible values are "GMT+06", "GMT+03" and "GMT+02".

To perform an XAdES Extended signature for an XML document:

For the tag with "XADES_SIGNATURE_TYPE" key, set the value "ES-X-L", SigningHub will perform an XAdES Extended signature for backwards compatibility with ADSS Server version 6.9 or lesser. If it's not present, then SigningHub will work as of today and perform the "XAdES-Baseline-LTA" ETSI-compliant signatures.

To enable user validation for OIDC authentication:

When ValidateOidcUserEmailAndNationalId is set to true:

• The system will enforce the following validations during authentication:

  • The combination of the email address and the national ID of the authenticated user must match the combination of the email address and the national ID present in SigninHub.

  • The format BID:{USER_NATIONAL_ID} will be passed as login_hint in the authorisation request only if the Login Hint is enabled with the BID value in the OIDC connector.

When ValidateOidcUserEmailAndNationalId is set to false or the key is not present:

• The system will continue to operate under the existing conditions as it does today, without enforcing the specified validations.

To use HashiCorp KeyVault:

For the tag with the “HASHI_CORP_UAMI_CLIENT_ID” key, specify the unique identifier for the client application integrating with the HashiCorp Key Vault connector.

For the tag with the “HASHI_CORP_LOGIN_URL” key, specify the URL where the HashiCorp Vault can be accessed for authentication and authorisation.

For the tag with the "HASHI_CORP_UAMI_URL" key, specify the URL endpoint associated with the User-Assigned Managed Identity (UAMI) within Azure Active Directory (AD). SigningHub uses this URL to authenticate and authorise the client application with HashiCorp Vault using the UAMI. Default value: https://management.core.windows.net/

For the tag with the “HASHI_CORP_UAMI_NAME” key, specify a unique identifier or label within Azure Active Directory (AD), used to identify and manage individual users or entities within the Azure AD framework, ensuring an organised and secure structure for user-related information and permissions.

For the tag with the “HASHI_CORP_NAMESPACE” key, specify the logical partition within HashiCorp Vault for organising and managing secrets.

For the tag with the “HASHI_CORP_VAULT_PATH” key, specify a pathway to a location within the HashiCorp Vault for storing and managing secrets and data.

For the tag with the “HASHI_CORP_SECRET_KEY” key, specify the key against which to get the value from the Key Vault.

For the tag with the “HASHI_CORP_SECRET_KEY_TYPE” key, possible values are password and connection string.

For the above tags, add the relevant details of the HashiCorp KeyVault to integrate SigningHub with HashiCorp KeyVault to securely access sensitive information, such as secrets stored within HashiCorp KeyVault. If it's empty, then SigningHub will work without the HashiCorp KeyVault integration.

To validate the allowed audience of JWT:

Set the value of the ValidateAudience key to false (default) to ignore audience validation. To enforce audience validation against the allowed audience of JWT, set the value of this key to true.

To enable Kerberos authentication:

Make the following change in the “web.config” file for the SigningHub Web API.

For Kerberos authentication, uncomment the location tag above. SigningHub will work as of today and does not allow Kerberos authentication when the location tag is commented out.

To use the SigningHub administrator API:

Make the following change in the “web.config” file for the SigningHub Web API.

For SigningHub Admin API usage, uncomment the location tag above. SigningHub will work as of today and is not allowed to use the SigningHub Web APIs when the location tag is commented out.

To enable TLS/SSL authentication:

Make the following change in the “web.config” file for the SigningHub Web API.

For the TLS/SSL authentication, uncomment the above location tag. SigningHub will work as of today and does not allow TLS/SSL authentication when the location tag is commented out.

To specify the language file path:

The path for language resource files must be specified using the LanguageFilePath configuration in appsettings.Production.json. This setting defines the directory from which SigningHub loads language files.

To configure default settings:

The default resource paths for SigningHub must be specified using the 'Default Settings' configuration in appsettings.Production.json. This section defines the directories from which SigningHub loads various resources, such as email templates, country and timezone data, logos, fonts, appearances, document templates, and common language files.