The Create Endpoint workflow starts if the CertificateManager determines it needs to create a new Endpoint. This update is always part of another workflow. It is shown in Figure 20. The boxes with blue text indicate Method calls.
Figure 20 – PushManagement Create Endpoint Workflow
The steps of the workflow are described in Table 25.
Table 25 – PushManagement Create Endpoint Workflow Steps
|
Step |
Description |
|
Initial Conditions |
The workflow is triggered when an administrator decides that a new Endpoint needs to be created and instructs the CertificateManager to create it. The CertificateManager needs to have a DiscoveryUrl for the Server and should already trust at least one existing Certificate. It also needs the NodeId of the ApplicationConfigurationType instance being updated or the ApplicationUri for the Application being updated. This is either the well-known ServerConfiguration Object or one of the ApplicationConfigurationType instances in the ManagedApplications Folder. The CertificateManager needs credentials that will have access to the SecurityAdmin Role on the Server. |
|
Connect |
This is described in Table 22. |
|
Read Current Configuration |
The current configuration needs to be read from the ConfigurationFile Object which is a component of the ApplicationConfiguration instance. The ConfigurationVersion is needed when updating the configuration. Existing SecuritySettings, UserTokenSettings and CertificateGroups may be used by the new Endpoint. The current configuration is extended with new records as required. When updating the configuration a list of UpdateTargets is needed. Only records referenced by the UpdateTargets are processed. |
|
New CertificateGroup Required? |
Checks if a new CertificateGroup is required. |
|
Add CertificateGroup |
A new CertificateGroup is added to the configuration. An UpdateTarget with UpdateType=INSERT is created for the new CertificateGroup. The Path is ‘CertificateGroups.[n]’ where n is the index in the list of CertificateGroups currently in the configuration. The Name of the new record can be any value which is unique within the configuration and the CertificateGroups Object on the ApplicationConfiguration instance. It is used to create the BrowseName for the new CertificateGroup Object. |
|
New CertificateType Required? |
Checks if a new CertificateType is required. |
|
Add CertificateType to CertificateGroup |
A new CertificateType is added to a CertificateGroups. If the CertificateGroup already exists, an UpdateTarget with UpdateType=REPLACE is created for the CertificateGroup. The Path is ‘CertificateGroups.[n]’ where n is the index in the list of CertificateGroups currently in the configuration. No additional UpdateTarget is needed if the CertificateGroup is a new CertificateGroup added in the previous step. |
|
New UserToken Required? |
Checks if a new UserToken is required. |
|
Add UserTokenSettings to Configuration |
A new UserTokenSettings is added to the configuration. An UpdateTarget with UpdateType= INSERT is created. The Path is ‘UserTokenSettings.[n]’ where n is the index in the list of UserTokenSettings currently in the configuration. A new IssuedTokenType may also require a new AuthorizationServices record to be created as well. The Name of the new record can be any value which is unique within the configuration. It is not saved by the Server. |
|
Add SecuritySettings to Configuration |
A new SecuritySettings is added to the configuration. An UpdateTarget with UpdateType= INSERT is created. The Path is ‘SecuritySettings.[n]’ where n is the index in the list of SecuritySettings currently in the configuration. The Name of the new record can be any value which is unique within the configuration. It is not saved by the Server. |
|
Add Endpoint to Configuration |
A new Endpoint is added to the configuration. If the ApplicationConfiguration instance represents a Server then the Endpoint is an instance of ServerEndpointDataType and added to the ServerEndpoints list in the configuration. If the ApplicationConfiguration instance represents a Client then the Endpoint is an instance of EndpointDataType and added to the ClientEndpoints list in the configuration. An UpdateTarget with UpdateType= INSERT is created. The Path is ‘ServerEndpoints.[n]’ or ‘ClientEndpoints.[n]’ where n is the index in the appropriate list currently in the configuration. The Name of the new record can be any value which is unique within the configuration. It is not saved by the Server. |
|
Update Configuration Workflow |
The update configuration is uploaded to the Server. It is described in 7.7.6. |
|
Update Configuration Workflow |
The update configuration is uploaded to the Server. After this step completes the CertificateManager disconnects from the Server. It is described in 7.7.6. |
|
Update Certificates Workflow |
Once new CertificateGroups and CertificateTypes are added to the configuration it is possible to use the Update Certificates workflow to populate the TrustLists and issue Certificates. If this step is skipped, any Endpoints that reference the CertificateGroups missing Certificates will not be enabled. An Endpoint that has a valid Certificate but an empty TrustList will exist but no connections will be possible. The TOFU mode used during Application Setup (see G.2) only applies when a Server is configured for the first time. It is described in 7.7.2. |