SealSign SQS installation and configuration

[email protected]

elevenpaths.com

SealSign SQS (Signature Queue Services)

installation and configuration

ElevenPaths, radical and disruptive innovation in security solutions

SealSign SQS (Signature Queue Services) installation and configuration guide

V 3.2 – October 2016

2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 2 of 15

Table of content

Table of content ............................................................................................................. 2

Introduction ................................................................................................................ 3

SealSign SQS installation requirements ....................................................................... 4

2.1 SQS module Server Requirements............................................................................................ 4

2.2 Virtual Printer module Requirements ...................................................................................... 4

2.3 SQS module Clients Requirements ........................................................................................... 4

Installing and Configuring the SealSign SQS module ..................................................... 6

3.1 Installing and Configuring the SQS server ................................................................................ 6

3.1.1 Installing the SQS Server ............................................................................................................ 6

3.1.2 Configuring the SQS server ......................................................................................................... 7

3.2 Installing and Configuring the Virtual Printer module .............................................................. 8

3.2.1 Installing the Virtual Printer module .......................................................................................... 8

3.2.2 Configuring the Virtual Printer ................................................................................................. 10

3.2.3 Creating new signature printers ............................................................................................... 10

3.3 Installing and Configuring the Client module ......................................................................... 10

3.3.1 Installing the Client module for the Windows Platform ........................................................... 10

3.3.2 Configuring the client module for the Windows platform ....................................................... 11

3.3.3 Installing the Client module for Android .................................................................................. 11

3.3.4 Configuring the client module for the Android platform ......................................................... 11

Installation troubleshooting ....................................................................................... 12

4.1 Error 80070005 ....................................................................................................................... 12

4.2 Error 80040154 ....................................................................................................................... 13

Resources .................................................................................................................. 14




Introduction

SealSign SQS (Signature Queue Services) is a module for managing biometric signature job queues. Its purpose is to simply queue documents that will be biometrically signed in order to subsequently sign them without the need for modifying the existing applications. To do so, along with the signature queues web service you can create a print virtual queue on Windows platforms so that any document sent to this queue is converted to pdf and queued in the SQS services for its later signature. Currently, there are agents for the Windows platform and Android devices to sign the documents queued in SQS.

Image 01: SealSign SQS modules.

The virtual print and signature queues solution consists of the following modules:

SQS module (Signature Queue Services): This is the web service that manages signature job queues. Services provided by this module are used by the virtual printer module as well as by agents for Windows and Android. On the other hand, SQS uses SealSign BSS web services to perform the inclusion process of handwritten signature of documents.

Virtual Printer module: With this module you can create one or more virtual printers on the Windows platform. Through the virtual printer, you can queue signature jobs without having to modify the existing applications.

Client module: This is the client application that signs jobs queued in SQS. With it you can capture handwritten signatures using Wacom tablets in Windows environments or using Android tablets

Texts as well as images used in this guide are based on a Microsoft Windows 2012 operating system, although any system administrator can install the product on other versions.




SealSign SQS installation requirements

2.1 SQS module Server Requirements

SealSign SQS architecture is based on the services provided by the SealSign DSS handwritten signature platform. Therefore, it is mandatory to have the DSS Service (electronic signature) and DSS Web (administration and configuration) modules to use the product. Installation of these modules is explained in the "SealSign BSS - Installation Guide".

The following requirements are necessary for installing and using SQS:

Microsoft Windows Operating System (server operating system recommended).

.NET Framework 3.5 SP1.

IIS 6 (IIS 7 recommended).

SQL Server or Oracle database manager.

Proper configuration of the application server role and web server role (IIS).

In the "SealSign DSS - Installation Guide" you can find all the details on these installation requirements, including configurations of the application server role and web server role.

Since the functioning of the SQS module is conditioned by the SealSign BSS module, two different scenarios may take place:

All 3 modules are installed on the same machine. This is the most common scenario and, in this case, installation of the DSS Service and DSS Web modules is recommended. The installation of said modules requires highly important pre-configurations that are detailed in the previous guide. As the present guide explains, the BSS module will be installed after installing these other modules.

Modules are on different machines. It may be the case that the DSS modules are on one machine and the BSS module is on a different one. In such case, both machines must meet the pre-requirements mentioned in the previous guide, and have the appropriate configuration in the application server role and web server role.

2.2 Virtual Printer module Requirements

With the virtual printer module you can create one or more virtual printers associated with the Windows print queues service.

The following requirements are necessary for installing the virtual printer and the SQS modules:

Microsoft Windows Operating System.


A server with the SQS server module accessible from the computer.

2.3 SQS module Clients Requirements

The module provides functionality through web services, therefore the only requirement essential for being a potential SealSign SQS client is to dispose an application that can consume web services, regardless of the operating system in which is running.

http://es.slideshare.net/elevenpaths/sealsign-bss-installation-and-configuration

http://es.slideshare.net/elevenpaths/sealsign-dss-installation-and-configuration




In any event, as previously discussed, there are two generic client applications that allow the exploitation of the jobs queued in the SQS server.

The following requirements are necessary for the client application in Windows:

Microsoft Windows Operating System (server operating system recommended).


In the case of the client application on Android tablets, Android 4.2 version or higher is required.




Installing and Configuring the SealSign SQS module

3.1 Installing and Configuring the SQS server

3.1.1 Installing the SQS Server The module is installed with the help of a wizard, as is the case with many Microsoft Windows programs.

During installation, you must choose from the list of available websites the one in which you wish to install the digital signature service SealSign DSS, the virtual directory name and the application Application Pool that was configured in the IIS (in this case, SealSignAppPool).

Image 02: Configuration during the SQS module installation.

After the installation, it has been added as just another program to the program list in the Control Panel, and it will be displayed in the IIS as a web application.




Image 03: Module already integrated as a web application in IIS

3.1.2 Configuring the SQS server This configuration is performed in the connectionStrings.config configuration file. You can find this file in the SealSignSQSService directory of the website where the product was installed. This file includes the connection string to the database created earlier in SQL Server (SealSignDSS):

<connectionStrings>

<add name="SealSignDSSConnectionString"

connectionString="Data Source=localhost;

Initial Catalog=SealSignDSS;

Trusted_Connection=Yes;

persist security info=False;

TrustServerCertificate=True" />

</connectionStrings>

If the database used is SQL Server, you just need to modify the above shown parameters to adapt them to the settings previously configured in the database. You can get information on creating connection strings in SQL Server on this website.

If the database is Oracle, you need to modify the following parameters:

You have to change the value of the FactoryProvider key and set it to System.Data.OracleClient in the web.config file, located in the same directory where the connectionStrings.config file is.

You also have to configure the connection string to access Oracle in the connectionStrings tag. You can get information on creating connection strings in Oracle on this website.

http://msdn.microsoft.com/en-us/library/ms254500.aspx

http://docs.oracle.com/html/E10927_01/featConnecting.htm#i1006259




You have to change the connectionString attribute in the add tag, and set it with the following format: Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=XXX)(HOST=XXX)(PORT=XXX)) (CONNECT_DATA=(SID=XXX)));User Id=user id;Password=password;

A connection example could be as follows:

web.config file:

...

<appSettings>

<add key="FactoryProvider" value="System.Data.OracleClient" />

...

</appSettings>

...

connectionStrings.config file:

<connectionStrings>

<add name="SealSignDSSConnectionString"

connectionString="Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)

(HOST=172.54.110.112)(PORT=1521))(CONNECT_DATA=(SID=orcl)));

User Id=SealSignDSS; Password=1234546;” />

</connectionStrings>

3.2 Installing and Configuring the Virtual Printer module

3.2.1 Installing the Virtual Printer module Installation of the signature virtual printer module is performed with the help of a wizard. During the installation, the wizard displays three windows in which you need to set a number of parameters.

In the first window you can configure the name of the virtual printer that you are creating:

Image 04: Configuring the Virtual Printer name.




In the second window you can configure the connection to the SQS web service parameters:

Image 05: Configuring the connection to the SQS server parameters.

In the third window you can configure two valid parameters for advanced scenarios:

The user account to which the signature's job is assigned in samAccountName format (domain\account). With this configuration, signing jobs always belong to a single user regardless of who sent them to the print queue. Thus, scenarios in which there are several computers or users generating documentation, and signatures come from a single computer or user are enabled. The job owner is by default the user who conducts the document printing.

The name of the SQS queue to which the virtual printer will be connected. With this configuration you can have multiple virtual printers leaving jobs in the same signature queue. The default queue name is the same as that of the printer.

Image 06: Configuring other parameters.




3.2.2 Configuring the Virtual Printer All parameters specified during installation are stored in the SealSignVirtualPrinter.exe.config configuration file. You can find this file in the %program files%\SMART ACCESS S.L\SealSign Virtual Printer directory of the computer in question.

If it is necessary to modify any of the parameters set during installation, you can carry out this change by modifying the contents of that file and restarting the Windows print queues service.

3.2.3 Creating new signature printers Once the software of the SealSign signature virtual printer is installed, you can add new virtual printers (apart from the one created during installation) to cover, for example, scenarios in which printers are installed on a print server and shared through a network.

To create a new printer signature, a link called SealSign New Virtual Printer Wizard will appear in the startup menu. When you execute it, the following window will be displayed:

Image 07: Creating signature printers.

You can specify the name of the new printer, as well as the sole owner parameters and the name of the SQS signature jobs queue, as explained in the virtual printer module installation section.

3.3 Installing and Configuring the Client module

3.3.1 Installing the Client module for the Windows Platform Client installation is also conducted with the help of a wizard and does not require any configuration during installation.




Image 08: Installation of the SQS client completed.

3.3.2 Configuring the client module for the Windows platform

3.3.3 Installing the Client module for Android An APK is provided for the installation on Android devices. In order to install this module, you need to activate the Unknown sources option located under the Device Administration section of the Security menu in Android.

3.3.4 Configuring the client module for the Android platform You can install the client module directly through the graphical interface. You can get information on configuring the client module for Android on the application's User Guide.




Installation troubleshooting

The electronic signature services installation process includes SealSign DSS's own error monitoring and tracking system. Therefore any errors, warnings and information messages are registered in its own application Log integrated into Microsoft Windows. Since the SQS server module is integrated as a SealSign DSS add-in, this module's errors will be included in the SealSign DSS log.

On the other hand, as is the case with the server part, the client module creates a customized log on each computer with the name of Key Control.

Therefore, in case of identifying any problems in the services, we recommend checking the SealSign DSS log in the server and the Key Control log in the client computers.

Image 09: Microsoft Windows Event Viewer

The most common problems that can take place during the SealSign DSS installation are caused by licensing, and their identifier is 3011.

In the “SealSign Monitoring Guide” all the details on how to monitor the health of the platform and see the potential errors that can take place during its use are included.

4.1 Error 80070005

This error generally occurs when the user used to configure the Application Pool does not have permissions to operate the license management component. Said component is registered on the machine during the installation process. This is the message displayed:

An error has ocurred obtaining license information: Retrieving the COM class factory for component with CLSID {554A6D3B-2FEF-4C2F-B34C-AF6185EB2759} failed due to the following error: 80070005. at SealSignDSSLibrary.SealSignDSSLicense.InitializeLicense(String licenseFile)

In order to give activation permissions to the Application Pool user you can use the DCOMCNFG.EXE tool and look for the LicProtector Server component:

http://es.slideshare.net/elevenpaths/http:/es.slideshare.net/elevenpaths/sealsign-monitoring-guide-include-dss-bss-ckc-y-dsr?related=1sealsign-monitoring-guide-include-dss-bss-ckc-y-dsr




Image 10: DCOMCNFG.EXE tool

When clicking on the right button you access these item’s properties. There you will find the Security tab, from which you will be able to grant permissions to the user of the Application Pool.

Image 11: Permission.

4.2 Error 80040154

This error generally occurs in 64-bit environments when the activation configuration of the license management component has been modified or deleted. Said component is registered on the machine during the installation process. This is the message displayed

An error has ocurred obtaining license information:

Retrieving the COM class factory for component with CLSID {554A6D3B-2FEF-4C2F-B34C-AF6185EB2759} failed due to the following error: 80040154. at SealSignDSSLibrary.SealSignDSSLicense.InitializeLicense(String licenseFile)

To recreate the component's activation configuration, execute the DllSurrogate.reg file containing the installation modules.




Resources

For information about the different SealSign services available, please go to this address:

https://www.elevenpaths.com/technology/sealsign/index.html

Also, on the ElevenPaths blog you can find interesting articles and innovations regarding this product.

You can find more information about Eleven Paths products on YouTube, on Vimeo and on Slideshare.

http://blog.elevenpaths.com/

https://www.youtube.com/user/ElevenPaths

http://vimeo.com/elevenpaths

http://www.slideshare.net/elevenpaths/




The information disclosed in this document is the property of Telefónica Digital España, S.L.U. (“TDE”) and/or any other entity within Telefónica Group and/or its licensors. TDE and/or any Telefonica Group entity or TDE’S licensors reserve all patent, copyright and other proprietary rights to this document, including all design, manufacturing, reproduction, use and sales rights thereto, except to the extent said rights are expressly granted to others. The information in this document is subject to change at any time, without notice.

Neither the whole nor any part of the information contained herein may be copied, distributed, adapted or reproduced in any material form except with the prior written consent of TDE.

This document is intended only to assist the reader in the use of the product or service described in the document. In consideration of receipt of this document, the recipient agrees to use such information for its own use and not for other use.

TDE shall not be liable for any loss or damage arising out from the use of the any information in this document or any error or omission in such information or any incorrect use of the product or service. The use of the product or service described in this document are regulated in accordance with the terms and conditions accepted by the reader.

TDE and its trademarks (or any other trademarks owned by Telefonica Group) are registered service marks.

PUBLICATION:

October 2016

At ElevenPaths we have our own way of thinking when we talk about security. Led by Chema Alonso, we are a team of experts who are passionate about their work, who are eager to redefine the industry and have great experience and knowledge about the security sector.

Security threats in technology evolve at an increasingly quicker and relentless pace. Thus, since June 2013, we have become a startup company within Telefónica aimed at working in an agile and dynamic way, transforming the concept of security and, consequently, staying a step ahead of our attackers.

Our head office is in Spain, but we can also be found in the UK, the USA, Brazil, Argentina and Colombia.

IF YOU WISH TO KNOW MORE ABOUT US, PLEASE CONTACT US AT:

elevenpaths.com Blog.elevenpaths.com @ElevenPaths Facebook.com/ElevenPaths YouTube.com/ElevenPaths

Technology

SealSign SQS installation and configuration