Gateway Service

The Gateway Service provides a transfer layer between front-end Corda Enterprise Network Manager (CENM) interfaces, and the Auth Service that underpins authentication and authorisation in CENM.

Once installed and configured, users can connect with the Gateway Service via the CENM CLI Tool to manage CENM service tasks. Administrators can use the Gateway Service address plus /admin to access the (CENM User Admin Tool)[user-admin] via a web browser.

Install the gateway Gateway service

You can install the Gateway Service by installing the Gateway Service .jar file:

java -jar gateway-service.jar -f config.conf

Configure the Gateway Service

When you configure the Gateway Service, you need to:

  1. Specify the endpoint where the Auth service is exposed - this must match the IP or host name of the machine/VM/container and the port that is configured in the Auth Service config file.

  2. Specify the SSL configuration for connecting to the Auth service. You can do this using the PKI tool.

  3. Your authentication credentials, as specified in your Auth Service configuration.

  4. Your Zone Service address.

You can create a configuration file as shown in the sample, and then add this to your CENM services using the command line commands below.

# Configuration dependent on the Auth service install
auth {
    # This is the endpoint where the auth service is exposed, should be the IP or host name of
    # the machine/VM/container and the port that was configured in the auth service conf file
    serverUrl = "https://auth-service:8081/"
    # SSL config for connecting to the auth service
    # Should be the same trust store that is used when configuring the auth service
    # Generally generated by the PKI Tool
    sslConfig = {
        trustStore = "/usr/gateway/certificates/corda-ssl-trust-store.jks"
        trustStorePassword = "trustpass"
    # Client credentials that were configured in the auth service conf file like so:
    # clientConfig = {
    #   clients = [
    #       {
    #           clientId = "gateway1"
    #           clientSecret = "secret1"
    #           scopes = [
    #               "accounts:admin"
    #           ]
    #           audience = [
    #               "zone",
    #               "network-map",
    #               "identity-manager"
    #           ]
    #       }
    #   ]
    clientCredentials = {
        clientId = "gateway1"
        clientSecret = "secret1"

# CENM zone-service address
cenm {
    zoneHost: "zone-service"
    # Admin listener port of the zone service
    zonePort: 5063

# port to bind to (defaults to 8080)
server {
    port = 8080

Manage Gateway Service configuration

Name of the distribution: gateway-service.jar

Command line arguments:

  • -v, --verbose - If set, prints logging to the console as well as to a file.
  • --logging-level= - Enable logging at this level and higher. Defaults to INFO. Possible values: OFF, INFO, WARN, TRACE, DEBUG, ERROR, ALL
  • -f, --config-file= --config-obfuscation-passphrase[=] - The passphrase used in the key derivation function when generating an AES key
  • --config-obfuscation-seed[=] - The seed used in the key derivation function to create a salt
  • -h, --help
  • -V, --version