Gateway Service

The Gateway Service provides a transfer layer between front-end Corda Enterprise Network Manager (CENM) interfaces, and the Auth Service that underpins authentication and authorisation in CENM.

Once installed and configured, users can connect with the Gateway Service via the CENM CLI Tool to manage CENM service tasks. Administrators can use the Gateway Service address plus /admin to access the (CENM User Admin Tool)[user-admin] via a web browser.

You can install the Gateway Service by installing the Gateway Service JAR file:

java -jar gateway-service.jar -f config.conf

When you configure the Gateway Service, you need to:

  1. Specify the endpoint where the Auth Service is exposed - this must match the IP or host name of the machine/VM/container and the port that is configured in the Auth Service config file.

  2. Specify the SSL configuration for connecting to the Auth Service. You can do this using the PKI tool.

  3. Your authentication credentials, as specified in your Auth Service configuration.

  4. Your Zone Service address.

You can create a configuration file as shown in the sample, and then add this to your CENM services using the command line commands below.

# Configuration dependent on the Auth Service install
auth {
    # This is the endpoint where the Auth Service is exposed, should be the IP or host name of
    # the machine/VM/container and the port that was configured in the Auth Service conf file
    serverUrl = "https://auth-service:8081/"
    # SSL config for connecting to the Auth Service
    # Should be the same trust store that is used when configuring the Auth Service
    # Generally generated by the PKI Tool
    sslConfig = {
        trustStore = "/usr/gateway/certificates/corda-ssl-trust-store.jks"
        trustStorePassword = "trustpass"
    }
    # Client credentials that were configured in the Auth Service conf file like so:
    # clientConfig = {
    #   clients = [
    #       {
    #           clientId = "gateway1"
    #           clientSecret = "secret1"
    #           scopes = [
    #               "accounts:admin"
    #           ]
    #           audience = [
    #               "zone",
    #               "network-map",
    #               "identity-manager"
    #           ]
    #       }
    #   ]
    clientCredentials = {
        clientId = "gateway1"
        clientSecret = "secret1"
    }
}

# CENM zone-service address
cenm {
    zoneHost: "zone-service"
    # Admin listener port of the Zone Service
    zonePort: 5063
}

# port to bind to (defaults to 8080)
server {
    port = 8080
}

Name of the distribution: gateway-service.jar

Command line arguments:

  • -v, --verbose - If set, prints logging to the console as well as to a file.
  • --logging-level= - Enable logging at this level and higher. Defaults to INFO. Possible values: OFF, INFO, WARN, TRACE, DEBUG, ERROR, ALL
  • -f, --config-file= --config-obfuscation-passphrase[=] - The passphrase used in the key derivation function when generating an AES key
  • --config-obfuscation-seed[=] - The seed used in the key derivation function to create a salt
  • -h, --help
  • -V, --version

Was this page helpful?

Thanks for your feedback!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

We're sorry this page wasn't helpful. Let us know how we can make it better!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Create an issue

Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.