Fix #97: Update Enrollment Server documentation

wultra · Nov 10, 2021 · c6be583 · c6be583
1 parent 7e6fe0e
commit c6be583
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 9 deletions.
diff --git a/docs/Deploying-Enrollment-Server.md b/docs/Deploying-Enrollment-Server.md
@@ -2,27 +2,35 @@
 
 This chapter explains how to deploy Enrollment Server.
 
+<-- begin box warning -->
+The enrollment server component will need to be customized in case you need to customize the activation process. The customization is described in the tutorial [Implementing the Server-Side for Authentication in Mobile Banking Apps (SCA)](https://developers.wultra.com/products/mobile-token/2021-05/tutorials/Authentication-in-Mobile-Apps/Server-Side-Tutorial#deploying-the-enrollment-server).
+<-- end -->
+
 ## Downloading Enrollment Server
 
 You can download the latest `enrollment-server.war` from the [Enrollment Server releases page](https://github.com/wultra/enrollment-server/releases).
 
 ## Configuring Enrollment Server
 
-The default implementation of an Enrollment Server has only one compulsory configuration parameter `powerauth.service.url` that configures the SOAP endpoint location of a PowerAuth Server. The default value for this property points to `localhost`:
+The default implementation of an Enrollment Server has only one compulsory configuration parameter `powerauth.service.url` that configures the REST service location of a PowerAuth Server. The default value for this property points to `localhost`:
 
 ```bash
-powerauth.service.url=http://localhost:8080/powerauth-java-server/soap
+powerauth.service.url=http://localhost:8080/powerauth-java-server/rest
 ```
 
-## Setting Up SOAP Service Credentials
+## Setting Up REST Service Credentials
 
-_(optional)_ In case Enrollment Server uses a [restricted access flag in the server configuration](https://github.com/wultra/powerauth-server/blob/develop/docs/Deploying-PowerAuth-Server.md#enabling-powerauth-server-security), you need to configure credentials for the Enrollment Server so that it can connect to the SOAP service:
+_(optional)_ In case PowerAuth Server uses a [restricted access flag in the server configuration](https://github.com/wultra/powerauth-server/blob/develop/docs/Deploying-PowerAuth-Server.md#enabling-powerauth-server-security), you need to configure credentials for the Enrollment Server so that it can connect to the REST service:
 
 ```sh
 powerauth.service.security.clientToken=
 powerauth.service.security.clientSecret=
 ```
 
+<-- begin box info -->
+The RESTful interface is secured using Basic HTTP Authentication (pre-emptive). The credentials are stored in the `pa_integration` table.
+<-- end -->
+
 ## Configuring Push Server
 
 The Enrollment Server also allows simple device registration to push notifications by calling PowerAuth Push Server API. While configuring this URL is technically optional, we recommend configuring the push server URL:
@@ -39,6 +47,18 @@ The default configuration works best with Apache Tomcat server running on defaul
 
 To deploy Enrollment Server to Apache Tomcat, simply copy the WAR file in your `webapps` folder or deploy it using the "Tomcat Web Application Manager" application (usually deployed on default Tomcat address `http://localhost:8080/manager`).
 
+## Deploying Enrollment Server Outside the Container
+
+You can also execute WAR file directly using the following command:
+
+```bash
+java -jar enrollment-server.war
+```
+
+<-- begin box warning -->
+You can overwrite the port using `-Dserver.port=8090` parameter to avoid port conflicts.
+<-- end -->
+
 ## Deploying Enrollment Server On JBoss / Wildfly
 
 Follow the extra instructions in chapter [Deploying Enrollment Server on JBoss / Wildfly](./Deploying-Wildfly.md).
diff --git a/docs/Deploying-Wildfly.md b/docs/Deploying-Wildfly.md
@@ -13,6 +13,11 @@ Enrollment Server contains the following configuration in `jboss-deployment-stru
 			<subsystem name="logging" />
 		</exclude-subsystems>
 
+		<resources>
+			<!-- use WAR provided Bouncy Castle -->
+			<resource-root path="WEB-INF/lib/bcprov-jdk15on-${BC_VERSION}.jar" use-physical-code-source="true"/>
+		</resources>
+
 		<dependencies>
 			<module name="com.wultra.powerauth.enrollment-server.conf" />
 		</dependencies>
@@ -81,7 +86,7 @@ Use the `logback.xml` file to configure logging, for example:
 The `application-ext.properties` file is used to override default configuration properties, for example:
 ```
 # PowerAuth Client configuration
-powerauth.service.url=http://[host]:[port]/powerauth-java-server/soap
+powerauth.service.url=http://[host]:[port]/powerauth-java-server/rest
 
 # PowerAuth Push Server configuration
 powerauth.push.service.url=http://[host]:[port]/powerauth-push-server
@@ -91,7 +96,4 @@ Enrollment Server Spring application uses the `ext` Spring profile which activat
 
 ### Bouncy Castle Installation
 
-The Bouncy Castle module for JBoss / Wildfly needs to be enabled as a global module for Enrollment Server.
-
-Follow the instructions in the [Installing Bouncy Castle](https://github.com/wultra/powerauth-server/blob/develop/docs/Installing-Bouncy-Castle.md) chapter of PowerAuth Server documentation. 
-Note that the instructions differ based on Java version and application server type.
+Since Enrollment Server in version `1.1.x`, installing the Bouncy Castle into Wildfy Server is no longer required. The latest version is bundled with the app and cryptographic primitives should work out of the box.