1. No category

Federated Identity Service (FIS)

Federated Identity Service (FIS)
User Guide
Version 1.7
Exostar, LLC
Jan 25, 2016
FIS User Guide
Table of Contents
FIS Overview ......................................................................................................................................... 1
FIS System Requirements ..................................................................................................................... 1
Required Browser Settings .................................................................................................................... 1
Downloading Certificates / Installing ActiveX ......................................................................................... 5
Backing Up FIS Certificates ................................................................................................................... 6
Troubleshooting ..................................................................................................................................... 9
Copyright ©2009 Exostar LLC. All rights reserved
i
FIS User Guide
FIS Overview
Exostar’s Federated Identity Service (FIS) is a fully-managed public key infrastructure (PKI) service for the
issuance and maintenance of digital certificates. In order to provide this functionality, a client-side software
component is required to generate certificate requests and install certificates on a client machine (PC). This
client-side component is delivered to the client machine in the form of a Microsoft ActiveX control. To support the
certificate issuance functionality, this Exostar-signed, ActiveX-component must be downloaded and installed on
each client PC that will be used to obtain certificates. To verify authenticity, the ActiveX component is signed
using the Exostar code-signing certificate.
This guide has been created to help users verify or modify their browser settings so the ActiveX control can be
properly installed and required certificates can be downloaded. This document contains a step-by-step guide for
required browser settings, installing ActiveX, and backing up (exporting) your digital certificate. Additional
information about FIS can be found by visiting: http://www.myexostar.com/myexostarAll.aspx?id=818. For
information on how to request FIS certificates, refer to the Requesting Access to FIS section of the MAG User
guide.
FIS System Requirements



WINDOWS VISTA (SP 2.0), Windows 7, and Windows 8 supported
Internet Explorer 7, 8, 9, 10, 11 supported
Permissions to enable ActiveX controls and plug-ins
Required Browser Settings
1. Adding Exostar as a Trusted Internet Site (Required)
Step
Action
1
Launch Internet Explorer
2
From the Menu Bar, select Tools > Internet Options. The Internet Option page is displayed which allows
Internet Explorer settings to be viewed and modified.
3
Select the Security tab and then select the Trusted Sites web content zone by clicking on it as shown
below:
4
Click the Sites button.
Copyright ©2009 Exostar LLC. All rights reserved
Page 1
FIS User Guide
Step
5
6
Action
The Trusted Site page is displayed. This allows the entry of a trusted site. In the Add this Web site to the
zone edit box, type: https://*.exostar.com. Click the Add button.
When finished, click the OK or Close to return to the Internet Options Menu. Note: If this website has been
previously added, you may receive a message indicating it is already in the Trusted Site Zone.
2. Security Settings for ActiveX (Required)
Step
Action
1
From the Internet Options page > Security tab, select the Custom level for Security Level for this Zone – see
below:
2
Verify that the following Security Settings – Trusted Sites Zone are set as follows:
3
ActiveX Controls and Plug-in Settings
Value
Allow previously unused ActiveX controls to run without prompt
Enable
Automatic prompting for ActiveX controls
Enable
Binary and Script behaviors
Enable
Download Signed ActiveX controls
Enable
Run ActiveX controls and plug-ins
Enable
Script ActiveX controls and plug-ins
Enable
Note: Settings
will take effect
after you restart
Internet Explorer
Once settings are changed, click OK twice to save. Modifications will take effect after you restart Internet
Explorer
Copyright ©2009 Exostar LLC. All rights reserved
Page 2
FIS User Guide
3. Miscellaneous Settings: Popup Blocker (Required)
Step
Action
1
From the Internet Options page -> Security tab, select the Custom level for Security Level for this Zone –
see below:
2
Verify that the following Security Settings – Trusted Sites Zone are set as follows:
Miscellaneous Settings
Use Popup Blocker
Value
Disable
The ‘Use Popup Blocker’ setting will disable popup blocking for all web sites in the Trusted Internet zone.
2A
Alternatively, popup blocking can be disabled specifically for the Exostar web site by adding the Exostar
website to the list of sites not blocked by the popup blocker functionality in Internet Explorer.
1.
2.
3.
4.
5.
3
Launch Internet Explorer
Go to Tools > Popup Blocker > Pop-Up
Blocker Settings
Add https://*.exostar.com in the
Exception text box and click Add
The site will appear in the Allowed Sites
list
Click Close to complete.
Once settings are changed, click OK twice to save. Modifications will take effect after you restart Internet
Explorer
Copyright ©2009 Exostar LLC. All rights reserved
Page 3
FIS User Guide
Miscellaneous Settings: Enable Prompt for Certificate (Highly Recommended)
By default, Internet Explorer does not prompt to send a certificate if only one certificate is present. If a
valid certificate matches site requirements, it is automatically sent. This can be useful for those users
who prefer authentication to be transparent. However, users who have expired or invalid certificates on
their machine may be presented with a “page cannot be displayed” error. In order to resolve this error,
this should be set to enable the prompt.
Step
Action
1
From the Internet Options page > Security tab, select the Custom level for Security Level for this Zone – see
below:
2
Verify that the following Security Settings – Trusted Sites Zone are set to the following:
Miscellaneous Settings
Value
Don't prompt for client certificates when no certificates or only
one certificate is present
3
Disable
Once settings are changed, click OK twice to save. Modifications will take effect after you restart Internet
Explorer.
IMPORTANT: Some configurations may require this setting to be enabled in all three Security Zones (Trusted
Sites, Local Intranet and Internet). Also, some Internet Explorer updates may overrite these settings when
applied. In the event this happens, this setting will need to be re-enabled.
4. Security Settings: TLS 1.0 (ForumPass Restricted Profile Users Only)
Transport Layer Security (TLS) protocol can be enabled in Internet Explorer and is required only for
ForumPass 4 – Restricted Profile Users. TLS protocol allows client/server applications to communicate
across a network in a way designated to prevent eavesdropping, tampering, and message forgery. TLS
provides endpoint authentication and communications confidentiality over the internet using cryptography.
Step
Action
1
Launch Internet Explorer
2
From the Menu Bar, select Tools > Internet Options. The Internet Option page is displayed which allows
Internet Explorer settings to be viewed and modified.
Step
Copyright ©2009 Exostar LLC. All rights reserved
Action
Page 4
FIS User Guide
3
Select the Advanced tab and scroll down to the Security section. Check the “Use TLS 1.0” setting as shown
below:
4
To save settings, click Apply and OK. The modifications will take effect after you restart Internet Explorer.
Downloading Certificates / Installing ActiveX
This is a quick reference for downloading the certificates. For detailed information on pre-requisites and
downloading your MLOA Software and Hardware certificates, refer to the Manage Certificates section
of the MAG User Guide. If your organization does not allow the download of the ActiveX Control to your
machine, your IT Security Administrator can download the available MSI for your machine’s
configuration here.
Step
Action
1
After the User completes the certificate request process through the Managed Access Gateway (MAG), and
has been electronically notified by Exostar to retrieve their certificate, the User is now able to download
certificate(s).
Note: Medium Level of Assurance (MLOA) Software Digital Certificates can only be issues upon completion
of in-person proofing and Exostar approval. Basic Level of Assurance does not require in-person proofing.
2
User logs into MAG and navigates to My Account > Manage Certificates > Download Certificates and is
prompted for a Passcode:
Passcode for MLOA certificates
will be provided by the proofing
agent as part of the in-person
proofing process.
Passcode for BLOA certificates
will be provided via email upon
approval from Exostar.
IMPORTANT: You must refer to the Manage Certificates section of the MAG user guide for detailed
information on all FIS software and hardware certificates, including hardware tokens:
http://www.myexostar.com/WorkArea/showcontent.aspx?id=912
3
If the required browser settings are enabled, the User will be prompted to complete the download process
without issue. Once the certificate(s) are successfully downloaded, they are available for immediate use.
Upon completion of the certificate(s) download, it is recommend that the user perform an immediate back up
(instructions are provided later in this document).
Copyright ©2009 Exostar LLC. All rights reserved
Page 5
FIS User Guide
IF YOU DID NOT RECEIVE AN ERROR MESSAGE OR INFORMATION BAR WARNING, YOU HAVE
SUCCESSFULLY INSTALLED YOUR DIGITAL CERTIFICATE AND CAN PROCEED TO BACK UP YOUR
CERTIFICATE. OTHERWISE, PLEASE CONTINUE WITH STEP 4.
Step
Action
4
If browser settings were not enabled, and the user has permissions to install ActiveX, the user may receive the
following message below the browser tool bar and information pop-up dialogue box:
5
Click Close on the Information bar warning. Right-click on the Information Bar and select Install ActiveX
Control…
6
You will be prompted with an Internet Explorer Security Warning asking if you want to install this software.
Click Install to install ActiveX:
Note: You may be prompted again with a 2nd Internet
Security Warning (Exostar website is in the trusted
zone; the download signed ActiveX controls setting for
this zone is set to prompt you). Click on Install to cause
the ActiveX control to download and install
7
You will be prompted by Internet Explorer asking if you want to allow software such as ActiveX Controls and
plug-ins to run. Click Yes to allow the ActiveX control to run:
8
Once complete, you will be able to download certificates.
Backing Up FIS Certificates (BLOA and MLOA SW only)
It is important to back up your FIS Certificate(s). If you do not have a backup and your certificate(s) becomes
corrupt or lost, you will need to re-apply for the certificate. For Medium Level of Assurance (MLOA) certificate(s),
this will involve in-person proofing and could involve additional expense. It is also recommended to back up your
MLOA certificate(s) prior to enabling strong private key protection.
1. Exporting the Digital Certificate (Required)
Step
Action
1
Launch Internet Explorer
2
From the Menu Bar, select Tools > Internet Options. The Internet Option page is displayed which allows
Explorer settings to be viewed and modified.
Copyright ©2009 Exostar LLC. All rights reserved
Page 6
FIS User Guide
Step
Action
3
Select the Content tab and click on Certificates and go to the Personal tab
4
Select the certificate you wish to back up and click Export. This will launch the Certificate Export Wizard.
Click Next to start the export.
Note: You will want to back up (Export) all three MLOA certificates: Signature, Encryption, and
Identity. You will need to repeat the steps for each certificate. For authentication, the Identity
Certificate is most commonly used (i.e., access to portals, ForumPass, etc.). For more information
about MLOA certificates, please visit: http://www.myexostar.com/myexostarAll.aspx?id=938
5
Select Yes to export the private key, and then click Next. For Personal Information Exchange, select Include
all certificates for certificate path if possible AND Enable strong protection options (as shown below),
and then click Next.
Copyright ©2009 Exostar LLC. All rights reserved
Page 7
FIS User Guide
Step
6
Action
Apply a Password to the certificate and click Next.
VERY IMPORTANT: you must remember this
password. It will be used during the certificate
import process. If your password is forgotten,
you will not be able to restore your
certificate(s).
7
Click Browse to identify a location to store your certificate and click Next.
For security reasons, it is important that
you maintain control of your digital
certificate at all times. Please ensure it is
saved to a safe location. If lost or corrupt,
you will need to re-apply for a new
certificate(s).
8
Once you have determined a safe location to store your certificate, you will need to name the file. The File
Name should indicate your name (First and Last) as well as what type of certificate it is. After completing your
File Name, verify the file type is Personal Information Exchange *.pfx and click Save.
Copyright ©2009 Exostar LLC. All rights reserved
Page 8
FIS User Guide
Step
Action
VERY IMPORTANT: File Name should include your
first and last name, as well as the certificate type:
First Name Last Name (Certificate Type).pfx
Example: Ryan Wick (Identity).pfx
9
The Certificate Export Wizard will present the file name and path you have selected for storing your certificate.
Once you have confirmed it is correct, click Next. The Certificate Export Wizard is now complete. Click
Finish.
10
You will receive indication that the certificate export was successful. Click OK.
If using MLOA certificates, you will need to repeat these steps to backup (export)
all related certificates. If you are utilizing ForumPass, you may want to consider
uploading your exported certificates to a document library in your MySite.
11
For information on importing the certificates, refer to the FIS Certificate Export Import Guide for details:
http://www.myexostar.com/WorkArea/showcontent.aspx?id=1038
For additional information about FIS Certificates, Frequently Asked Questions, and documentation on how to
restore (import) certificates, or setting certificate security levels to ‘high’, please visit:
http://www.myexostar.com/myexostarAll.aspx?id=938
You can also contact Exostar Customer Service at:
http://www.myexostar.com/contactSupport.aspx
Troubleshooting
For troubleshooting common errors, please visit our website:
http://www.myexostar.com/myexostarAll.aspx?id=938 or contact Exostar Customer Service:
http://www.myexostar.com/contactSupport.aspx
Copyright ©2009 Exostar LLC. All rights reserved
Page 9

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz