Service Communication Settings
The Patriot Data Service hosts an internal service api, which is used by the Patriot desktop client and task services.
Updating Settings
Patriot settings can be updated in different ways for each component
The settings must be aligned on all components for communication to work cleanly. A mismatch in port settings, encryption, or other key settings can prevent task services and/or clients from connecting to the data service.
Data Service
Settings can be managed from either:
- The Patriot Utilities program, via System > System Settings > WCF Setup (Recommended)
- The Patriot Configurator
- Manually editing the Configuration Files
Clients
On the Patriot desktop client login window, open the settings drop-down on the login page to view and edit service settings. Be sure to save the settings before logging in.
Task Services
Settings can be managed from either:
- The Patriot Configurator
- Manually editing the Configuration File
Server Port
The Host Port controls the TCP Port that the Data Service listens on, for incoming connections. It must match the Server Port used by task services / workstations.
Encryption
Patriot supports HTTPS encryption of the service communication api, to prevent eavesdropping.
You will require a valid TLS certificate that is trusted by all clients and task services. Install this into the Local Computer/Personal certificate store on the data service server. Then, use the Patriot Utilities program to enable Use HTTPS and select the HTTPS certificate. If configuring manually, copy the certificate thumbprint, and place in the configuration file.
Restart the data service for the changes to take effect.
In the client and task service configuration, enable Use Encryption to match.
The Utilities Program can generate a self-signed certificate for you if needed.
Task Service Validation
Patriot can be configured to whitelist the task services that are able to connect. When enabled, unknown Task Services are blocked.
On the Data Service, use the Patriot Utilities program WCF Setup tool to enable Api Key Validation, and generate an Api Key for each task service.
Update the Patriot Task Service configuration to enter the matching Api Key.
Restart the Task services to apply the changes. Restarting the Data Service is not required.
No configuration changes are required on the client, as operators authenticate using their username/password
Disabling Legacy Authentication Methods
The WcfApi AllowInsecureLoginMethods option can be disabled to improve security, if these login methods are not being used.
This disables the following login methods:
Restarting the Data Service is not required when changing this setting.