Configure the License Server

Overview

You configure the License Server using a file named spring-context.xml, located in the conf folder.

The configuration file and security properties are mandatory. The License Server will not start if there is no configuration file or if the security properties are undefined.

Configure SSL/TLS

The License Server communicates with the clients using the HTTP protocol. You must configure whether SSL/TLS is enabled for the communications.

Enable SSL/TLS

To enable SSL/TLS, define the Security Properties in a com.semarchy.xdi.license.server.plugin.ssl.impl.DesignerSslPlugin bean node as shown below:

Example 1. Security properties definition - Enable SSL/TLS

<beans ...>
 <...>
 <bean class="com.semarchy.xdi.license.server.plugin.ssl.impl.DesignerSslPlugin">
  <property name="enableSsl" value="true"></property>
  <property name="keyStoreType" value="JKS"></property>
  <property name="keyStore" value="path_to_keystore/keystore.jks"></property>
  <property name="keyStorePassword" value="keystore_password"></property>
  <property name="keyAlias" value="key_alias"></property>
  <property name="keyPassword" value="key_password"></property>
 </bean>
 <...>
</beans>

Table 1. Security Properties
Parameter	Description
`enableSsl`	This parameter is mandatory. It allows to enable or disable SSL/TLS.
`keyStoreType`	Java keystore type, such as `JKS`.
`keyStore`	The relative or absolute path to the Java keystore containing the certificate used to secure the endpoints.
`keyStorePassword`	Password of the keystore file.
`keyAlias`	Alias of the key in the keystore.
`keyPassword`	Password of the key.

If you enable SSL/TLS and configure it with a self-signed certificate, you must provide this certificate to Semarchy xDI Designer. Otherwise, the Semarchy xDI Designer will refuse to connect the license server because the certificate is self-signed.

Designer versions prior to 20.4.0 did not allow using a custom certificate. If you are connecting to the License Server with these versions, contact the support team who will assist you to configure the License Server with a legacy certificate.

You can define additional SSL/TLS settings in the com.semarchy.xdi.license.server.plugin.tls.impl.DesignerTlsPlugin bean node.

Example 2. Additional SSL/TLS settings

<beans ...>
 <...>
 <bean class="com.semarchy.xdi.license.server.plugin.tls.impl.DesignerTlsPlugin">
  <property name="includeProtocols">
   <array value-type="java.lang.String">
    <!--<value>TLSv1.2</value>-->
   </array>
  </property>
  <!-- excludeProtocols: list of TLS protocols to refuse to use -->
  <property name="excludeProtocols">
   <array value-type="java.lang.String">
    <!--<value>TLSv1</value>-->
    <!--<value>TLSv1.1</value>-->
    <!--<value>TLSv1.2</value>-->
   </array>
  </property>
 </bean>
 <...>
</beans>

Disable SSL/TLS

If you disable SSL/TLS in the license server, make sure that it is accessible only via an SSL/TLS secured layer, such as a proxy, load-balancer, or a similar application. This is mandatory asSemarchy xDI Designer only accepts connecting with SSL/TLS.

To disable SSL/TLS, define the following com.semarchy.xdi.license.server.plugin.ssl.impl.DesignerSslPlugin bean node.

Example 3. Security properties definition - Disable SSL/TLS

<beans ...>
 <...>
 <bean class="com.semarchy.xdi.license.server.plugin.ssl.impl.DesignerSslPlugin">
  <property name="enableSsl" value="false"></property>
 </bean>
 <...>
</beans>