Configure Application Request Routing for local signing

When you need to sign using local smartcards or USB Tokens, then ADSS Signing Server Go>Sign Service is required. Application Request Routing (ARR) is used as alternative of AJP Connector on Proxy Server. Application Request Routing is a feature of IIS that enables you to control Internet traffic using a proxy server.

Consult the following points to configure Application Request Routing services.

Prerequisites

To set up a forward proxy server using ARR, you must have the following:

• IIS 7.0 or above on Windows 2008 (any SKU) or newer with Tracing role service installed for IIS.

• Microsoft Application Request Routing Version 3 and dependent modules

• Minimum of one worker server with working sites and applications.

Install ARR

If Application Request Routing Version 3 has not been installed, it is available for download from “https://www.microsoft.com/en-us/download/confirmation.aspx?id=47333”

Install URL rewrite

Install the URL Rewrite module for IIS through the Server Manager. For more information, see Installing IIS 8.5 on Windows Server 2012 R2.

Enable ARR as a forward proxy

1. To enable ARR as a proxy and to create a URL Rewrite rule to enable ARR as a forward proxy, proceed as follows:

2. Open Internet Information Services (IIS) Manager.

3. In the Connections pane, select the server.

4. In the server pane, double-click Application Request Routing Cache.

1. In the Actions pane, click Server Proxy Settings.

1. On the Application Request Routing page, select Enable proxy.

1. In the Actions pane, click Apply. This enables ARR as a proxy at the server level.

Configure website on IIS

1. To start the process of turning ARR into a forward proxy, click on the server node in the Connections pane.

2. In the server pane, double-click Sites.

3. Right-click on the Sites and choose the 'Add Website…' option.

1. Add Website. This table details the options:

1. Click OK to create the website

Configure rule for ADSS Go>Sign service

1. In the Sites pane, click on the site adss.gosign.service

2. Double-click URL Rewrite to add a rule for ADSS Go>Sign Service.

1. In the Actions pane, click Add Rule(s).

1. In the Add Rule dialogue box, double-click Blank Rule.

1. In the Edit Inbound Rule dialog box, enter "ADSS GoSign Service" for Name. In the Match URL area, enter the following:

   1. Using: Regular Expression

   2. Pattern: (.*)

1. Scroll down to the Conditions area of the Edit Inbound Rule dialogue box, and then click Add….

1. In the Add Condition dialogue box, select or enter the following:

   1. Condition Input: {CACHE_URL}

   2. Check if input string: Matches the Pattern

   3. Pattern: ^(https?)://

   4. Enable the Ignore Case

1. Scroll down to the Action area of the Edit Inbound Rule dialogue box, and then enter the following:

   1. Action Type: Rewrite

   2. Rewrite URL: https://192.168.3.45:8778/(R:1) for https or http://192.168.3.45:8777/(R:1) for http services

The table details the options:

Configure Go>Sign service address in ADSS server

1. Go to the ADSS Server Console Panel

2. Set the Go>Sign Address “https://adss.gosign.service” in Go >Sign Service >Server Manager>Go>Sign Service Settings

Configure Go>Sign service address in SigningHub

1. Go to the SigninHub Administrator panel

2. Set the Go>Sign Address “https://adss.gosign.service/” in Configurations>Connectors> Go>Sign Service Address