Skip to main content
Version: 6.14

Service Communication Settings

The Patriot Data Service hosts an internal service api, which is used by the Patriot desktop client and task services.

Updating Settings

Patriot settings can be updated in different ways for each component

important

The settings must be aligned on all components for communication to work cleanly. A mismatch in port settings, encryption, or other key settings can prevent task services and/or clients from connecting to the data service.

Data Service

Settings can be managed from either:

Clients

On the Patriot desktop client login window, open the settings drop-down on the login page to view and edit service settings. Be sure to save the settings before logging in.

Task Services

Settings can be managed from either:

Server Port

The Host Port controls the TCP Port that the Data Service listens on, for incoming connections. It must match the Server Port used by task services / workstations.

Encryption

Patriot supports HTTPS encryption of the service communication api, to prevent eavesdropping.

You will require a valid TLS certificate that is trusted by all clients and task services. Install this into the Local Computer/Personal certificate store on the data service server. Then, use the Patriot Utilities program to enable Use HTTPS and select the HTTPS certificate. If configuring manually, copy the certificate thumbprint, and place in the configuration file.

Restart the data service for the changes to take effect.

In the client and task service configuration, enable Use Encryption to match.

info

The Utilities Program can generate a self-signed certificate for you if needed.

Task Service Validation

Patriot can be configured to whitelist the task services that are able to connect. When enabled, unknown Task Services are blocked.

On the Data Service, use the Patriot Utilities program WCF Setup tool to enable Api Key Validation, and generate an Api Key for each task service.

Update the Patriot Task Service configuration to enter the matching Api Key.

Restart the Task services to apply the changes. Restarting the Data Service is not required.

note

No configuration changes are required on the client, as operators authenticate using their username/password

Disabling Legacy Authentication Methods

The WcfApi AllowInsecureLoginMethods option can be disabled to improve security, if these login methods are not being used.

This disables the following login methods:

Restarting the Data Service is not required when changing this setting.