The AnyCAGateway REST Portal

Once the AnyCAGateway REST has been installed and the AnyCAPlugin implemented, you must configure the implementation in the AnyCAGateway REST portal by adding the CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA.(s), creating certificate profiles, mapping profiles to products, adding claims, and managing identity providers, if desired.

Working with the AnyCAGateway REST Portal

The AnyCAGateway REST portal helps you manage your gateway with the following functions:

  • Certificate Authorities—Manage AnyCAGateway REST CAs, including scanning, templateClosed A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. mapping, and third party CA login.

  • Certificate Profiles—Manage the name and key types for the profile which will map on the CA to the product IDs of your third-party CA. Together these will be imported as templates into Keyfactor Command.

  • Claims—Manage the certificates or OAuth claims which authenticate users to the AnyCAGateway REST and what permissions are associated with them.

  • Identity Providers—Manage any IDPs to use to authenticate to the AnyCAGateway REST.

Access the AnyCAGateway REST portal as determined by your configuration (see Install AnyCAGateway REST on Windows under IIS).

https://<FQDN>/<-VirtualDiectory> (by default -Virtual Directory is AnyGatewayREST.

For client certificate authentication, a certificate is selected upon login to the portal. You must have the certificate to the claim you wish to login to the portal with (see Claims). For OAuth authentication, the user will be directed to the appropriate authentication login page and then redirected to the AnyCAGateway REST portal.

Figure 639: Login Claim for Client Certificate Authentication

Tip:  If your environment uses OAuth as an identity provider and has more than one identity provider, you can specify the identity provider to use for authentication in the URL using an identity provider hint (where IDP_NAME is the authentication scheme of the selected identity provider):
https://AnyCAGatewayServerFQDN/AnyGatewayREST/Login/Signin?idpHint=IDP_NAME

You only need to specify the identity provider for identity providers that have not been configured as the default identity provider during install via the AnyCAGatewayInstall.ps1 script parameterClosed A parameter or argument is a value that is passed into a function in an application. DefaultIdentityProviderAuthScheme. It can also be updated in the Appsettings.json File post-installation.

The portal opens to the Certificate Authorities page which shows a grid of the list of CAs configured through the gateway. The browser tab name will show AnyCA Gateway as a shortened name of the AnyCAGateway REST.

Figure 640: AnyCAGateway REST Portal

Tip:  Many of the entry fields in the AnyCAGateway REST portal have helpful tool tips. Hover over the Indicator for more information about that field.

Figure 641: Tool Tip