...

Server configuration (settings.config)

Client configuration (anytime.setup.config)

Publish

When setting up Offline publication, the publication will create a database based on the settings in server.config. The publisher will create a database with the same version as the instance in the settings file.

...

<DefaultPdfJsReader>true</DefaultPdfJsReader>
<BrowserPdfReaderEnabled>true</BrowserPdfReaderEnabled>

Synchronization

<OfflineViewSynchronizationEnabled>true</OfflineViewSynchronizationEnabled>

Synchronization settings with credentials

...

<AuthenticationProvider>
  <AssertNullAuthenticationProvider>
    <UserName>Unknown</UserName>
    <Groups>
      <string>Synchronize</string>
    </Groups>
  </AssertNullAuthenticationProvider>
</AuthenticationProvider>

Synchronization Authentication

Since the Synchronize API is in version 2, it now relies entirely on authentication tokens to authorize clients. In this case, JSON Web Tokens are used since it is a popular and well-adopted standard.

Version 2 also comes with the possibility to use X509 certificates for authentication. But, regardless whether basic authentication or certificate-based authentication is used, the underlying security layer relies on JSON Web Tokens.

1. Server setup: JSON Web Token

On the server, the JSON Web Token settings need to be configured. This is achieved in the settings.config file, and the following snippet needs to be added:

<!-- File: settings.config -->
<OfflineSynchronizationSettings>
  <JsonWebTokenSettings>
    <Issuer>SigAnySync</Issuer>
    <Audience>SigAnyClient</Audience>
    <DurationInMinutes>15</DurationInMinutes>
    <Secret>YOUR_SECRET_HERE</Secret>
  </JsonWebTokenSettings>
</OfflineSynchronizationSettings>

There are four important settings in <JsonWebTokenSettings>:

• Issuer: The name for the entity which is responsible for issuing and validating tokens (unique name, ex: hostname)

• Audience: Name of the entity by which the token is intended to be used. (unique name, ex: hostname)

• DurationInMinutes: How long a token is considered valid. After it has expired, the client will need to authenticate again. This is done seamlessly in the background and requires no user interaction.

• Secret: A Base64 randomly generated string. A length of 128 bytes is recommended. Make sure this is kept secret!

2. Server setup: Certificate-based authentication

In case certificate-based authentication is intended to be used on the synchronization server, you will have to set up the server so that it is able to validate user certificates.

To do so, the server must add the Root Certificate Authority responsible for issuing user certificates to its list of trusted authorities:

1. Download the certificate of the Root CA. Either check with your certificate provider or get the service URLs from the user certificate.

2. Install the Root CA on the server. You will likely be asked where to install the certificate, make sure to choose Local Machine and NOT Current User (Reason: IIS has its own current user and will not see the certificate if installed in the user store). For the location, pick “Trusted Root Certificate Authorities”.

3. Double check that you got the right certificate and that you installed it at the right location

3. Client setup: Certificate-based authentication

The client does not need to be configured when it comes to JSON Web Tokens, but it needs to be configured if certificate-based authentication is intended to be used.

To do so, please add the following settings in anytime.setup.config:

<!-- File: anytime.setup.config -->
<CertificateEnabled>true</CertificateEnabled>
<CertificateStoreName>My</CertificateStoreName>
<CertificateStoreLocation>CurrentUser</CertificateStoreLocation>
<CertificateIssuer>YOUR_ISSUER_HERE</CertificateIssuer>

Let’s go over the four different settings:

• CertificateEnabled: If true, the configured certificate will be used for authentication, otherwise, it will use the default basic authentication method (username/password)

• CertificateStoreName: Specific value used to find the certificate on the user’s machine. If it’s a personal certificate, then the store name will be “My”.

• CertificateStoreLocation: This is also used to find the certificate. In case of a user certificate, the location will be “CurrentUser”.

• CertificateIssuer: The Certificate Authority (CA) responsible for issuing the certificate.

Silent Installation

For customers who do not wish to do any kind of customization when installing, it is possible to skip the installation mode popup by adding the following setting in anytime.setup.config:

<!-- File: anytime.setup.config -->
<SilentInstall>true</SilentInstall>

Windows programs list registration

It is possible to customize how the Offline Client appears in the Windows programs list. This can be achieved by configuring the <ProgramEntryDefinition> setting in anytime.setup.config. Below is an example of how it looks like for KLA:

<!-- File: anytime.setup.config -->
<ProgramEntryDefinition>
	<Id>KLA_VFI</Id>
	<DisplayName>KLA VFI 2.0</DisplayName>
	<Publisher>Signifikant</Publisher>
	<DisplayVersion>2.0</DisplayVersion>
	<InstallLocation>C:\ProgramData\Signifikant\Assert AnyTime</InstallLocation>
	<UrlInfoAbout>https://signifikant.se</UrlInfoAbout>
	<UninstallString>"C:\ProgramData\Signifikant\Assert AnyTime\AssertAnyTime.Uninstall.exe"</UninstallString>
</ProgramEntryDefinition>

Customization

When an offline publication is created, Manager will look in this folder to fetch the customizations to use in the offline installation package that is created by the offline publication process.

C:\ProgramData\Signifikant\Assert\AnyTime\Components\Customize

...

Customization

When an offline publication is created, Manager will look in this folder to fetch the customizations to use in the offline installation package that is created by the offline publication process.

C:\ProgramData\Signifikant\Assert\AnyTime\Components\Customize

Currently, Assert Anytime customizations will have to be configured by Signifikant.

Profile

For versions 5.2 and earlier, Offline profile is read from the C:\ProgramData\Signifikant\Assert AnyTime\WWWRoot\App_Datafolder.

In version 5.3 and later, Offline web viewer will read profile information from site subfolders: C:\ProgramData\Signifikant\Assert AnyTime\WWWRoot\App_Data\<<site>>. The site folder is created at Offline installation time, when folders in the Data-folder is copied from installation media to the target computer. Each subfolder creates an Offline site, and each site gets a profile from the profile master folder: C:\ProgramData\Signifikant\Assert AnyTime\Profile. The profile is copied anew each time Offline is started, a site is seleced in Offline toolbar, or when a new site name is introduced by renaming synchronize target site name in active synchronize publication.

The Profile master folder is created in Offline deploy package, a part of AssertServer deploy package, and is kept on the editor server until the Offline application publication is run.

Build process
  Create AssertServer deploy including Customize module, Offline application and Offline Profile
    Contains Offline deploy package, including the customize and profile packages
      Is copied to Offline publication target area when Offline client is published
        Is installed at a target; an end user computer, with or without data
          Profile folder is applied before a site is target by Offline client

Related articles