Versions Compared

Version Old Version 28 New Version 29
Changes made by

Armando Carratala

Armando Carratala

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel1
indentcircle


Alison Wizard is a web assistant that facilitates the deployment of Alison Desktop on the end users stations, determines if all the necessary components are correctly installed and to suggest installation or update if necessary.

It detects the minimum conditions under which it should be performed and suggests the necessary corrective steps.

Among the tasks performed we can mention:

  • Execute the download of its components
  • Facilitate the correct installation of the components
  • Validate its correct installation by signing a test transaction (if the user has a certificate)


Alison Desktop is used to generate the key pair, certificate installation, and digital signature operations for the following browser: Internet Explorer, Microsoft Edge, Firefox, Chrome, Opera, Safari.

Alison Desktop can recognize certificates installed in various secure repositories like Microsoft CSP, Firefox NSS, PKCS # 11 devices, Smartcards, eTokens, and multiple platforms (Windows, Mac OS, Linux).

Advantages and benefits

  • Alison Wizard simplifies the download of the required components to operate and enable them on the browser properly.
  • Users will have the same user experience, no matter which browser is using.
  • End-user can test the correct installation of the certificate, even check if the certificate is valid or revoked.

Related Product

Alison Desktop

You can obtain the current version of Alison Desktop from ACME Alison Wizard site.

For developers, go to the Alison Desktop documentation.

Alison SDK js

Alison SDK allows a developer to integrate Alison Desktop in its pages in an easier way. Go to the Alison SDK documentation.

Debbie

Debbie is used to validate certificates and signatures.


Functionality


Step 1: Detect Alison-Desktop

This is Alison Wizard's first step. The target is to verify if Alison Desktop is installed on the end-user machine.

If not detected, downloads the appropriate installer for the operating system in use. End-user has to install it and run Alison-Desktop to allow Alison Wizard to continue.

A new icon will appear on the tray to access additional features.


Step 2: Integrate

Verify the correct communication between the browser and Alison Desktop. If necessary, the process will prompt the end-user to install additional components.

If communication between the browser in use and Alison Desktop is enabled, Alison Wizard will jump to the third step.

Integration is shared between different browsers, like Internet Explorer and Chrome, but it's recommended to run the wizard on each browser that the end-user has. Alison Wizard is a diagnostic tool that facilitates end-user error detection and suggests a solution.


Step 3: Test user certificate

Once that all the Alison components are installed on the end-user machine, Wizard allows end-user to validate the correct operation of Alison Desktop through a test signature operation.

It requires at least one certificate installed on some of the enabled Keystore repositories.

If no certificate is detected, the end-user will see a notice.



Installation


CertiSur distribute distributes Alison Wizard from Docker Hub (https://hub.docker.com/).

Download Docker image

In order to download the images, the user must be registered in the aforesaid platform. Contact CertiSur to request access, and inform the Docker Hub profile to grant access to the docker image.

Step 1- Login using a Docker Hub account


Code Block
languagebash
themeDJango
titleLogin Docker Hub
# docker login -u <docker hub account>
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded


Info
titleInform your docker hub account

You have to inform your docker hub account in order to authorize to download the package. Send an email to support@certisur.com.


Note
titleSecurity warning

It is possible to save the user’s credentials so as to login safely following the steps on this link(https://docs.docker.com/engine/reference/commandline/login/#credentials-store).

Step 2- Pulling an image from Docker


Code Block
languagebash
themeDJango
titleDownloading image
# docker pull certisursa/wizard:latest

latest: Pulling from certisursa/wizard
a02a4930cb5d: Pull complete
b5ffff9dbcda: Pull complete
...
7e5f58de12ac: Pull complete
Digest: sha256:332ee89371399b7c6235465beb00fbd2071868fecee33fc14d04b87ba99b265d
Status: Downloaded newer image for certisursa/wizard:latest
docker.io/certisursa/wizard:latest

Step 3- Run Alison Wizard docker image


Code Block
languagebash
themeDJango
titleRun Alison Wizard
# docker run -d \
-it \
-p 8080:8080 \
--name wizard \
--mount type=bind,source="$(pwd)"/config/tenants, \
      target=/opt/jboss/config/tenants \ 
      certisursa/wizard:latest


Info
titleAlison Wizard default configuration

Alison Wizard docker image includes an ACME tenant inside. You must overwrite that definition to include your own company or project tenants.

In case you want to modify the default configuration, go to step 5 to download a template of a different configuration. You can copy its content to your local machine and make the changes to:

  • replace the default logo with your image (clientLogo.jpg),
  • adjust the .css
  • define filters for the certificates.

At the moment of running the image, follow the instructions of Step 3 

Step 4- Test Alison wizard

Open your browser pointing to localhost:8080 (or the port defined by you) to access the URL where you published your Alison Wizard installation. You'll see the following image.

If you can see this image means that you have Alison Wizard running into your docker container.
Image Modified

Wizard Configuration

Alison Wizard docker image includes an ACME tenant inside. You must overwrite that definition to include your own company or project tenants.

Environment Variables

Configure the following variables to customize your tenants and platforms.

KeyDescriptionValue exampleENABLED_TENANTSList of enabled tenants separated by a comma.acme, looneyWIZARD_SECRET_KEY_BASE

Internal encryption key. It's a random 128 hexadecimal characters long key.

Create your own key and replace it.

95820b3cea66376d0...95820BASE_INSTALLERS_PATHURL where Alison Desktop installers for Windows, Mac, and Linux are published. Depending on your configuration, this URL can be internal or external.https://download.yousite.com/installers.
Inside of this directory you have to create a subforder for each product version as it is described below.DEBBIE_BASE_URLURL  where Debbie service will be listening. Debbie is used to test and validate certificates.https://debbie-site:4443
You don't need to expose this site to internet, just need to be accessed by Alison Wizard.ENABLED_BROWSERSList of enabled browsers supported by the wizard.ie>=8,chrome,firefox,opera, edge,safariENABLED_PLATFORMSList of enabled platforms supported by the wizard.windows, mac,Linux

Volumes

The following volumes must be mounted on the Docker image to overwrite the variables of each defined tenant.

Source (host)Path (container)Description/home/opera/docker/wizard/tenants/opt/jboss/config/tenantstenant configuration folder/home/opera/docker/wizard/logs/opt/jboss/logslogs folder

Running Custom Tenant

After configuring your own tenant, launch a new docker image with the new configuration.

Code Block
languagebash
themeDJango
titleRun Alison Wizard
# docker run -d \
-it \
-p 8080:8080 \
--name wizard \
--mount type=bind,source="$(pwd)"/config/tenants, target=/opt/jboss/config/tenants \
-e ENABLED_TENANTS=acme \
-e BASE_INSTALLERS_PATH=https://<wizard_url>/installers \
-e DEBBIE_BASE_URL=https://<debbie_url:port>/ \
-e WIZARD_SECRET_KEY_BASE=a95820b3cea66376d06bf3...9a86f5c4b741e6e187cb7085aaee \
certisursa/wizard:latest

License

Alison Wizard comes preinstalled with a universal license valid for up to 1 year.

To obtain a full license, contact CertiSur team (support@certisur.com) and inform the domain list (from all environments: development, staging, production) where the container will be published.

CertiSur will return a definitive license covering all the domains informed with a 3 years validity.

The license file must be included in each tenant configuration folder.

Plugins

These optional components may be installed on some browsers (Firefox, Chrome, Internet Explorer) to allow a different communication between the browser and Alison Desktop.

Plugins must be enabled by domain, similar to license.

Warning
titleInternet Explorer 11

In the particular case of Internet Explorer, you will download an ActiveX component, that will require administrator privileges to be installed.

Tenant Configuration

Each tenant has its own configuration, and every Alison Wizard docker instance can manage one or several tenants. 

The configuration file allows defining all the behavior of the Wizard for each tenant. It is easy to make changes in the operation of the application. It requires to reload the Alison Wizard container image to apply any change made on these files.

The following files define tenant configuration and must be customized or replaces.



FileDescriptionDefault Valuealison-config.json

This is the main configuration file. It defines keystores, providers, filters, and plugins.

It also defines minimal and suggested Alison-Desktop version.

background_world_map.png
background_world_map_ie.png

Background images. It can be replaced.custom.cssCSS style of main buttons, banner, and color. You can modify this .css file in order to reflect the font type or colors defined by your organizationACME colorsclientLogo.jpgLogo image.ACME logoalison-license-desktop.json

This file includes a license for the enabled domains.
This file must be replaced by a definitive license file, that can extend new domains and expiration date.

1-year validity licensealison-authtoken-desktop.jsonDefines the authentication token used by Alison-Desktop to manage the session.

Create a new Tenant

The best way to create a new tenant is to copy ACME tenant configuration distributed on the last version of Docker Image, modify its name and apply changes on each related file.

Warning
titleExtend enabled tenants

After copying and configuring the new Tenant, the new name must be included in the ENABLED_TENANTS variable and restart the container.

Principal variables that you can modify to custom your tenant:

Sample custom configuration

The following example will set up a new tenant for Alison Wizard. You can download the files in the following link looney-demo.tgz.

Custom configuration directories

Code Block
languagebash
themeDJango
titleSample Configuration Directories
├── debbie │   ├── config │   │   ├── certstore │   │   │   ├── CertiSur.root.ClassB.G1.pilot.509.cer │   │   │   └── CertiSur.shared.ClassB.G1.pilot.509.cer │   │   ├── debbie.json │   │   ├── debbielog.properties │   │   └── policies │   │   └── looney.policy.json │   ├── logs │   └── repository ├── docker-compose.yml └── wizard ├── alison-sdk ├── logs └── tenants ├── looney │   ├── config │   │   ├── alison-config.json │   │   ├── authtoken-desktop.json │   │   └── license-desktop.json │   ├── images │   │   ├── background_world_map.png

Add Custom Tenant


After you have Alison Wizard running on your own container, you can add a custom tenant following the next steps:

Step 5- Download a custom example (looney)

Download the files from the following link looney-demo.tgz

Code Block
languagebash
themeDJango
titleSample Configuration Directories
collapsetrue
├── debbie
│   ├── config
│   │   ├── certstore
│   │   │   ├── CertiSur.root.ClassB.G1.pilot.509.cer
│   │   │   └── CertiSur.shared.ClassB.G1.pilot.509.cer
│   │   ├── debbie.json
│   │   ├── debbielog.properties
│   │   └── policies
│   │       └── looney.policy.json
│   ├── logs
│   └── repository
├── docker-compose.yml
└── wizard
    ├── alison-sdk
    ├── logs
    └── tenants
        ├── looney
        │   ├── config
        │   │   ├── alison-config.json
        │   │   ├── authtoken-desktop.json
        │   │   └── license-desktop.json
        │   ├── images
        │   │   ├── background_world_map.png
        │   │   └── clientLogo.jpg
        │   └── stylesheets
        │       └── custom.css
        └── versiones.yml

Step 6- Define environment variables and mount external volumes

Define following variables to your docker instance:


VariableValue
ENABLED_TENANTSlooney
WIZARD_SECRET_KEY_BASE95820b3cea66376d006bf3ca3adf48287c1fc671e81c5956f8cd56aaffc4ac707673872d3d8561e14d851dea4c685a9874329a86f5c4b741e6e187cb70895820
BASE_INSTALLERS_PATHhttps://s3.amazonaws.com/downloads.certisur.net/installers


Configure your docker-compose file to mount the following volumes.

External directoryContainer directory
./wizard/tenants/opt/jboss/config/tenants
./wizard/logs/opt/jboss/logs


Note: ./wizard/tenants external directory is the directory included into the example tenant config file (looney-demo.tgz) that you downloaded and stored in your local computer.


Info
titleNote

For more details about Alison Wizard configuration varables, see next section Wizard Configuration.

Step 7- Configure docker_compose.yml and restart the container

Use the previous variables and volume mappings to define the new configuration, in this example as a docker_compose.yml file.

Code Block
languagegroovy
themeDJango
titledocker-compose.yml
version: '3'

services:

  wizard:
    image: certisursa/wizard:latest
    environment:
      ENABLED_TENANTS: looney
      WIZARD_SECRET_KEY_BASE: 95820b3cea66376d006bf3ca3adf48287c1fc671e81c5956f8cd56aaffc4ac707673872d3d8561e14d851dea4c685a9874329a86f5c4b741e6e187cb70895820
      BASE_INSTALLERS_PATH: https://s3.amazonaws.com/downloads.certisur.net/installers
    volumes:
      - "./wizard/tenants:/opt/jboss/config/tenants"
      - "./wizard/logs:/opt/jboss/logs"
    ports:
      - 8082:8080


Launch the container from a shell

Code Block
languagebash
themeDJango
> docker-compose --verbose -f docker-compose.yml up -d

Open your browser pointing to localhost:8082 (or the port defined by you) to access the URL where you published your Alison Wizard installation. You'll see the following image.

If you can see this image means that you have Alison Wizard running into your docker container.

Image Added


Note
titleCertificate Validation

Up to here, you can change look&feel likes logos, styles, from the front-end. Your customer can download the desktop application, install it and test that is integrated to the browser.

To complete installation you can add a validation module (Debbie) to test your customer's certificates.



Add Validation

After you have Alison Wizard running on your own container, you can add a custom validation for your customer's certificates following the next steps:

Step 7- Download Debbie module

Debbie is a validation module 

Code Block
languagebash
themeDJango
titleDownloading image
# docker pull certisursa/wizard:latest

latest: Pulling from certisursa/wizard
a02a4930cb5d: Pull complete
b5ffff9dbcda: Pull complete
...
7e5f58de12ac: Pull complete
Digest: sha256:332ee89371399b7c6235465beb00fbd2071868fecee33fc14d04b87ba99b265d
Status: Downloaded newer image for certisursa/wizard:latest
docker.io/certisursa/wizard:latest

Step - Download a custom example (looney)

Download the files from the following link looney-demo.tgz

Code Block
languagebash
themeDJango
titleSample Configuration Directories
collapsetrue
├── debbie
│   ├── config
│   │   ├── certstore
│   │   │   ├── CertiSur.root.ClassB.G1.pilot.509.cer
│   │   │   └── CertiSur.shared.ClassB.G1.pilot.509.cer
│   │   ├── debbie.json
│   │   ├── debbielog.properties
│   │   └── policies
│   │       └── looney.policy.json
│   ├── logs
│   └── repository
├── docker-compose.yml
└── wizard
    ├── alison-sdk
    ├── logs
    └── tenants
        ├── looney
        │   ├── config
        │   │   └──├── clientLogoalison-config.jpgjson
        │   └── stylesheets│   ├── authtoken-desktop.json
        │   │   └── license-desktop.json
        │   ├── images
    └── custom.css
        └── versiones.yml
Docker compose file 
    │   │   ├── background_world_map.png
        │   │   └── clientLogo.jpg
        │   └── stylesheets
        │       └── custom.css
        └── versiones.yml

Step 6- Define environment variables and mount external volumes

Define following variables to your docker instance:


VariableValue
ENABLED_TENANTSlooney
WIZARD_SECRET_KEY_BASE95820b3cea66376d006bf3ca3adf48287c1fc671e81c5956f8cd56aaffc4ac707673872d3d8561e14d851dea4c685a9874329a86f5c4b741e6e187cb70895820
BASE_INSTALLERS_PATHhttps://s3.amazonaws.com/downloads.certisur.net/installers


Configure your docker-compose file to mount the following volumes.

External directoryContainer directory
./wizard/tenants/opt/jboss/config/tenants
./wizard/logs/opt/jboss/logs


Note: ./wizard/tenants external directory is the directory included into the example tenant config file (looney-demo.tgz) that you downloaded and stored in your local computer.


Info
titleNote

For more details about Alison Wizard configuration varables, see next section Wizard Configuration.

Step 7- Restart the container


Use the previous variables and volume mappings to define the new configuration, in this example as a docker_compose.yml file.

Code Block
languagegroovy
themeDJango
titledocker-compose.yml
version: '3'

services:

  wizard:
    image: certisursa/wizard:latest
    environment:
      ENABLED_TENANTS: looney
      WIZARD_SECRET_KEY_BASE: 95820b3cea66376d006bf3ca3adf48287c1fc671e81c5956f8cd56aaffc4ac707673872d3d8561e14d851dea4c685a9874329a86f5c4b741e6e187cb70895820
      BASE_INSTALLERS_PATH: https://s3.amazonaws.com/downloads.certisur.net/installers
    volumes:
      - "./wizard/tenants:/opt/jboss/config/tenants"
      - "./wizard/logs:/opt/jboss/logs"
    ports:
      - 8082:8080

  debbie:
    image: certisursa/debbie:v2.2.9a
    environment:
      checkMACAddress: disabled
    volumes:
      - "./debbie/config:/app/config"
      - "./debbie/repository:/app/repository"
      - "./debbie/logs:/app/log"
    ports:
      - 8081:8080


Launch the container from a shell

Code Block
languagebash
themeDJango
> docker-compose --verbose -f docker-compose.yml up -d


Open your browser pointing to localhost:8082 (or the port defined by you) to access the URL where you published your Alison Wizard installation. You'll see the following image.

If you can see this image means that you have Alison Wizard running into your docker container.

Image Added


Open your browser pointing to localhost:8081 (or the port defined by you) to access the URL where you published your Debbie installation. You'll see the following image.

If you can see this image means that you have Debbie running into your docker container.

Image Added




Wizard Configuration


Alison Wizard docker image includes an ACME tenant inside. You must overwrite that definition to include your own company or project tenants.

Environment Variables

Configure the following variables to customize your tenants and platforms.


KeyDescriptionValue example
ENABLED_TENANTSList of enabled tenants separated by a comma.acme, looney
WIZARD_SECRET_KEY_BASE

Internal encryption key. It's a random 128 hexadecimal characters long key.

Create your own key and replace it.

95820b3cea66376d0...95820
BASE_INSTALLERS_PATHURL where Alison Desktop installers for Windows, Mac, and Linux are published. Depending on your configuration, this URL can be internal or external.https://download.yousite.com/installers.

Inside of this directory you have to create a subforder for each product version as it is described below.
DEBBIE_BASE_URLURL  where Debbie service will be listening. Debbie is used to test and validate certificates.https://debbie-site:4443

You don't need to expose this site to internet, just need to be accessed by Alison Wizard.
ENABLED_BROWSERSList of enabled browsers supported by the wizard.ie>=8,chrome,firefox,opera, edge,safari
ENABLED_PLATFORMSList of enabled platforms supported by the wizard.windows, mac, Linux


Volumes

The following volumes must be mounted on the Docker image to overwrite the variables of each defined tenant.

Source (host)Path (container)Description
/home/opera/docker/wizard/tenants/opt/jboss/config/tenantstenant configuration folder
/home/opera/docker/wizard/logs/opt/jboss/logslogs folder


Running Custom Tenant

After configuring your own tenant, launch a new docker image with the new configuration.

# docker stop digicert_debbie_1 # docker stop digicert_wizard_1
Code Block
Code Block
languagebash
themeDJango
languagebash
themeDJango
titleDocker compose file
version: '3'

services:

  wizard:
    image: certisursa/wizard:latest
    environment:
      ENABLED_TENANTS: looney
      WIZARD_SECRET_KEY_BASE: 95820b3cea66376d006bf3ca3adf48287c1fc671e81c5956f8cd56aaffc4ac707673872d3d8561e14d851dea4c685a9874329a86f5c4b741e6e187cb70895820
      BASE_INSTALLERS_PATH: https://s3.amazonaws.com/downloads.certisur.net/installers   
      DEBBIE_BASE_URL: http://192.168.1.61:8081
      ENABLED_BROWSERS: chrome,firefox,edge,safari
      ENABLED_PLATFORMS: windows,mac,linux
    volumes:
      - "./wizard/tenants:/opt/jboss/config/tenants"
      - "./wizard/logs:/opt/jboss/logs"
    ports:
      - 8082:8080

  debbie:
    image: certisursa/debbie:v2.2.9a
    environment:
      checkMACAddress: disabled
    volumes:
      - "./debbie/config:/app/config"
      - "./debbie/repository:/app/repository"
      - "./debbie/logs:/app/log"
    ports:
      - 8081:8080

Working with the demo

1 - Deploy and run

To deploy this configuration you must execute the following in a shell window.

Code Block
languagebash
themeDJango
# docker-compose --verbose -f docker-compose.yml up -d
2- Verify 
Go to http://localhost:8081/looney/healthcheck to verify that Debbie is running with "looney" tenant configured.

Image Removed

Go to http://localhost:8082/looney to verify that Alison Wizard is running with "looney" tenant configured.

Image Removed

3- Stop the containers

To stop the demo you must execute the following in a shell window.

Run Alison Wizard
# docker run -d \
-it \
-p 8080:8080 \
--name wizard \
--mount type=bind,source="$(pwd)"/config/tenants, target=/opt/jboss/config/tenants \
-e ENABLED_TENANTS=acme \
-e BASE_INSTALLERS_PATH=https://<wizard_url>/installers \
-e DEBBIE_BASE_URL=https://<debbie_url:port>/ \
-e WIZARD_SECRET_KEY_BASE=a95820b3cea66376d06bf3...9a86f5c4b741e6e187cb7085aaee \
certisursa/wizard:latest


License

Alison Wizard comes preinstalled with a universal license valid for up to 1 year.

To obtain a full license, contact CertiSur team (support@certisur.com) and inform the domain list (from all environments: development, staging, production) where the container will be published.

CertiSur will return a definitive license covering all the domains informed with a 3 years validity.

The license file must be included in each tenant configuration folder.


Plugins

These optional components may be installed on some browsers (Firefox, Chrome, Internet Explorer) to allow a different communication between the browser and Alison Desktop.

Plugins must be enabled by domain, similar to license.

Warning
titleInternet Explorer 11

In the particular case of Internet Explorer, you will download an ActiveX component, that will require administrator privileges to be installed.



Tenant Configuration


Each tenant has its own configuration, and every Alison Wizard docker instance can manage one or several tenants. 

The configuration file allows defining all the behavior of the Wizard for each tenant. It is easy to make changes in the operation of the application. It requires to reload the Alison Wizard container image to apply any change made on these files.

The following files define tenant configuration and must be customized or replaces.

FileDescriptionDefault Value
alison-config.json

This is the main configuration file. It defines keystores, providers, filters, and plugins.

It also defines minimal and suggested Alison-Desktop version.


background_world_map.png
background_world_map_ie.png

Background images. It can be replaced.
custom.cssCSS style of main buttons, banner, and color. You can modify this .css file in order to reflect the font type or colors defined by your organizationACME colors
clientLogo.jpgLogo image.ACME logo
alison-license-desktop.json

This file includes a license for the enabled domains.
This file must be replaced by a definitive license file, that can extend new domains and expiration date.

1-year validity license
alison-authtoken-desktop.jsonDefines the authentication token used by Alison-Desktop to manage the session.


Create a new Tenant

The best way to create a new tenant is to copy ACME tenant configuration distributed on the last version of Docker Image, modify its name and apply changes on each related file.

Warning
titleExtend enabled tenants

After copying and configuring the new Tenant, the new name must be included in the ENABLED_TENANTS variable and restart the container.


Principal variables that you can modify to custom your tenant: