Configure services via Service Configuration

This chapter covers the configuration process for services that are part of Tricentis Tosca Server features.

Modify service settings

You can modify your service settings. However, Tricentis recommends that you do not.

The default value for the secret key ClientSecret of each service is <to be generated>. After starting the Tricentis Service Configuration, the ClientSecret is automatically generated. It is associated with your ClientId.

You can access it through the appsettings.json file. By default, this file is located at each services’ directory at C:\Program Files (x86)\TRICENTIS\Tosca Server\.

Each service uses the same ClientSecret in each appsettings.json file of all services.

Access Tricentis Service Configuration

Tricentis Service Configuration opens automatically if you have selected to open the settings page in the final screen of the Tosca Server installation.

To start Service Configuration manually, access the Tosca Server Landing Page and click on Settings.

You can only configure services on the machine on which you've installed the services. You can't access Service Configuration from another machine.

Specify admin access

To configure services, you need admin access rights.

If you started Tricentis Service Configuration as a non-admin user, Tricentis Service Configuration starts with the User Account Control (UAC) window.

To enable admin mode, click Yes.

Configure services with Tricentis Service Configuration

To configure the services, follow the steps below:

  1. In Tricentis Service Configuration, click the tab of the service that you want to configure.

  2. Populate the configuration property fields. For information on which properties you have to configure for which service, see the following sections:

  3. Repeat the steps above for all services that you want to configure. Tricentis Service Configuration marks all updated service tabs with an asterisk.

  4. Click Save. This saves all changes; you don't have to save each service individually.

    You can't save if you have entered an invalid property value. Tricentis Service Configuration displays an orange exclamation mark on the service tab with the invalid property value.

  5. Click OK to confirm the restart of all Tricentis Services.

If a service can't restart, you can check your log files by clicking on View Logs next to the service.

Configure Tosca Gateway Service

The Tosca Gateway, which includes the Tosca Server Landing Page, allows you to access all server features through a single web interface.

For the Tosca Gateway, configure the following settings:

Property

Description

Port

Enter the port used to address Tosca Gateway.

Binding

Specify whether you want to use an HTTP or HTTPS binding.

Skip certificate revocation check*

Specify whether you want to make the certificate revocation check optional.

Hostname

Enter the name of the host with which you connect to the service. The default host name is localhost.

Ensure you enter a valid hostname according to RFC 1123 regulations. To do so, verify that it complies with the following criteria:

  • It contains only A-Z, a-z, 0-9, -.

  • The hostname doesn't start with -.

If you specify a token signing certificate, the host name is automatically updated to the common name (CN) according to the certificate's subject name property. If necessary, you can still change the host name. All you have to do is to click into the Hostname property field and enter the name of the host.

If you use a proxy server and don't use the default host name localhost, you have to perform one of the following actions:

  • Disable your computer's proxy settings.

  • Set the NO_PROXY environment variable, for instance in the Windows Registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment. To bypass the proxy for certain domains, set the NO_PROXY environment variable to a comma-separated list of domain names. Each domain name must start with a . character. Don't use the * character in the domain name.

Certificate Thumbprint*

Enter the thumbprint for the SSL certificate.

Certificate Location*

Select the location of the SSL certificate.

Certificate Store*

Select the store in which the SSL certificate is located.

Allowed Origins

Use this property to only allow incoming requests from specified origins. You can specify allowed origins as follows:

  • * to accept every origin.

  • <origin> to specify a single origin.

  • <origin>;<origin> to specify multiple origins, separated by ;. For example http://tricentis.com;http://my.website.com.

*You only need to configure this if you use an HTTPS binding.

Configure Tricentis Project Service

The Tricentis Project Service stores information about projects, such as database connection string and project name, in a central location.

For Tricentis Project Service, configure the following properties:

Property

Description

Port

Enter the port used to address Tricentis Project Service. The default port is 5003.

Configure Tricentis Authentication Service

To use the server-based Tricentis User Administration, you must configure Tricentis Authentication Service and Tricentis Mail Configuration.

For Tricentis Authentication Service, configure the following properties:

Property

Description

Port

Enter the port used to address Tricentis Authentication Service. The default port is 5000.

Certificate Thumbprint (Token Signatures)

Enter the thumbprint for the token signing certificate. For more information, see chapter "Token sign certificate".

Certificate Location (Token Signatures)

Select the location of the token signing certificate.

Certificate Store (Token Signatures)

Select the store in which the token signing certificate is located.

User Storage Database

The default SQLite database path is %PROGRAMDATA%\TRICENTIS\IdentityManagement\UserStore.db.

You can specify a different database in one of the following ways:

  • Enter a different SQLite database path.

  • Select a MSSQL or PostgresSQL database from the drop-down menu and enter the corresponding path.

If you change the database, your data is not migrated automatically. You need to perform the migration manually.

Configuration Database

The default SQLite database path is %PROGRAMDATA%\TRICENTIS\IdentityManagement\ConfigurationStore.db.

You can specify a different database in one of the following ways:

  • Enter a different SQLite database path.

  • Select a MSSQL or PostgresSQL database from the drop-down menu and enter the corresponding path.

If you change the database, your data is not migrated automatically. You need to perform the migration manually.

Operational Database

The default SQLite database path is %PROGRAMDATA%\TRICENTIS\IdentityManagement\OperationalStore.db.

You can specify a different database in one of the following ways:

  • Enter a different SQLite database path.

  • Select a MSSQL or PostgresSQL database from the drop-down menu and enter the corresponding path.

If you change the database, your data is not migrated automatically. You need to perform the migration manually.

Regex for custom password policy

Define a custom password policy for locally created users with a regular expression.

The default value for the regular expression is .{8,}. This means that the password must contain at least 8 characters.

If you want to use your own regular expression, you can change the default value.

Maximum number of failed login attempts before account is locked

Define the number of failed login attempts before an account is locked. The default value is 5.

Account lockout duration in hours

Define the number of hours a locked-out account remains locked out before it is unlocked. The default value is 0.

Number of unique passwords before re-use

Specify the number of unique passwords a user must use before reusing an old password. The default value is 10.

Password expiration period (days)

Specify the number of days a password can be used before it expires and has to be changed. The default value is 0 days, meaning that the password is valid indefinitely. If you don't change the password within the specified expiration period, your account will be locked.

Audit

Enable Audit

To enable audit logs that track user activity in Tricentis User Administration, enable the Enable Audit checkbox. The checkbox is disabled by default.

File

File path for Audit logs

If you enable the property Audit, you can log the user activity to an audit log file. To do so, specify the path to the directory where you want to save audit log files. The default file path for audit logs is %PROGRAMDATA%\TRICENTIS\Audit\AuthenticationService\AuthenticationService_Audit_.csv.

Splunk

Full endpoint

If you enable the property Audit, you can log the user activity into the Splunk logging platform. To do so, specify the endpoint address of Splunk. For example: http://localhost:6000/splunk.

For more information about Splunk, see the Splunk documentation.

Event Collector Token (ECT)

Specify the token used to authenticate the event data.

If the password expiration period expires, you have to reset your password and additionally configure the mail settings.

Note that you cannot use the default Admin user to reset the password, as it does not have a valid email address. Ensure that you set up an alternative admin account before you configure this property.

Audit file content

If you have enabled audits, the following events are captured in the audit log file:

  • User Events (regular users and admin users):

Category

Events

Managing users

Log-in/Log-out, locked-out user, failed log-ins, create a new personal access token for an existing user, delete an existing personal access token, reset password, update user (change password, rename user)

  • Administrator Events (admin users):

Category

Events

Managing users

Register user, invite user, activate user, deactivate user, remove user

Manage Groups

Create group, delete group, add group to group, add user to group, update group

Manage Connections

Create a new LDAP connection, delete LDAP connection, update LDAP connection

Settings

Enable SSO, update SSO connection (metadata file, address, set name)

Configure Tosca Administration Console

The Tosca Administration Console enables you to migrate your Tricentis Tosca projects.

For Tosca Administration Console, configure the following properties:

Property

Description

Administration Console Port

Enter the port to access the Tosca Administration Console. The default port is 5010.

Migration Service Port

Enter the port to access the Tricentis Migration Service of the Tosca Administration Console. The default port is 5011.

Configure Tricentis File Service

Tricentis File Service stores execution logs and common repository attachments.

You can only configure this service in the Tricentis Service Configuration if you have enabled it in the Windows Services app (see step 2 in the Tosca Server setup overview).

For Tricentis File Service, configure the following properties:

Property

Description

Storage Directory Path

Specify the path to the directory where you want to store the files.

Port

Enter the port used to address Tricentis File Service. The default port is 5005.

Log Path

Specify the path to the directory where you want to save the log files.

Log Level

Specify the level of logging to write in the log files: Error messages, Modifications, All service communication.

Enable Authorization

If you enable this feature, Tricentis File Service checks in Tricentis User Administration whether a user has the necessary rights to access the project. This feature is not connected to SSL security settings in any way.

Note: the user authorization check is only available in Tricentis Server Repository workspaces.

Auto-removal section.

The auto-removal settings apply to all projects where you have turned on auto-removal. You can't specify different settings for different projects.

Automatically remove execution log data that's older than a certain number of days

Turn the toggle on or off to enable or disable auto-removal.

Maximum log data age in days

Tricentis File Service takes the current date-time stamp, subtracts 90 days, and removes all execution logs that are older than the result. If you want to set a different time frame, enter a new number of days.

Run frequency

Tricentis File Service checks every hour whether there are files that are old enough to be removed. If you want the service to run more or less often, enter a new interval in the format DD:HH:MM:SS.

Maximum number of logs that should be processed per run

Tricentis File Service processes a maximum of 1,500 logs per run. If there are more logs to remove, Tricentis File Service removes those extra logs in the next run. To process more or fewer logs, enter a new number.

Maximum time allowed to progress logs

Tricentis File Service runs the task for a maximum of two minutes. If it can't remove all logs within that time frame, it removes the extra logs in the next run. To give Tricentis File Service more or less time to process logs, enter a new time frame in the format DD:HH:MM:SS.

Configure Automation Object Service

The Automation Object Service (AOS) is a central element of the distribution architecture if you use Distributed Execution with AOS or Tosca in the cloud.

You can configure the following properties in the Automation Object Service tab:

Property

Description

Assigned Workspaces section

Workspace Folder

Select the root folder that contains the workspaces you want to assign to the Automation Object Service. By default, you can find the workspace root folder in %TRICENTIS_PROJECTS%Tosca_Workspaces.

If you don't have any workspace available on your Tosca Server machine, you can create the AOS workspace.

Maximum Parallel Workspaces

Specify the maximum number of workspaces that the Automation Object Service can work with in parallel. The default value is 10.

Repository Type

Select the repository type you use:

  • DB2

  • MS SQL

  • Oracle

  • SQLite

  • Tricentis Server Repository

Project Root Name

Enter the project root name of the AOS project.

Workspace Name

Enter the name of the AOS workspace.

Credentials Source

Specify where you keep the user credentials for the AOS workspace user. Select one of the following values from the drop-down menu:

  • Local, if you want to enter the credentials directly into the Agent configuration.

  • HashiCorp Key vault, if you want to use the credentials that you store in your HashiCorp key vault.

Username

Enter the user name to access the workspace:

  • If your Credentials Source is Local, enter the username into the field.

  • If your Credentials Source is HashiCorp Key vault, enter the path to the username in your key vault: <path to the secret>[<field>]. For instance, kv/dex/aos_workspace[username].

Note: if you use the repository type Tricentis Server Repository, you need to specify the client ID of your API access token instead of the user name.

Password

Enter the password of the AOS workspace user. Depending on your Credentials Source, enter the password directly or enter the path to the password in your key vault.

Note: if you use the repository type Tricentis Server Repository, you need to specify the client secret of your API access token instead of the password.

Execution Environments section

Distributed Execution

Use the toggle to enable or disable Distributed Execution as one of the execution environments for the Automation Object Service.

The following Distributed Execution settings are only available if the switch is On.

Distribution Server Address

Specify the address of the Tosca Distribution Server. The default address is http://localhost:5007.

Distribution Server Call Timeout (ms)

Specify the timeout of retrieving the test results from the Tosca Distribution Server. The default timeout is 30,000 ms.

If this timeout expires and there is no response from the Tosca Distribution Server, the Automation Object Service abandons the request and logs an error.

Elastic Execution Grid

The settings below only apply if you want to integrate Tricentis Tosca with Tosca in the cloud via Automation Object Service. Elastic Execution Grid is the execution service of Tosca in the cloud.

Elastic Execution Grid

Use the toggle to enable or disable Tosca in the cloud as one of the execution environments for the Automation Object Service.

The following Tosca in the cloud settings are only available if the switch is On.

Elastic Execution Grid URL

Enter https://<network address of your cloud instance>/<space name>.

Replace <space name> with one of the following:

  • If you created a Space for your cloud instance, enter the name of the Space.

  • If you didn't create a Space, enter default.

For instance, https://examplecompany.my.tricentis.com/default.

Client ID

This field contains the Client ID of your cloud authorization. It's prefilled; you don't need to change the value.

  • If your Credentials Source is Local, enter the Client ID into the field.

  • If your Credentials Source is HashiCorp Key vault, enter the path to the Client ID in your key vault: <path to the secret>[<field>]. For instance, kv/e2g/integration[clientId].

Client Secret

Enter the Client Secret of the Okta application Tosca Server (see chapter "Set up the integration via Automation Object Service").

Depending on your Credentials Source, enter the Client Secret directly or enter the path to the Client Secret in your key vault.

HTTPS Settings (optional) section

Port

Enter the port used to address the Automation Object Service. The default port is 5006.

Logging (optional) section

Log Path

Specify the complete path of the log file, including file name and extension.

Log Level

Select the log level of the AOS log:

  • Error messages

  • Modifications

  • All service communication

You must update the Consul and Ocelot configuration files if you perform any changes to the default port or endpoint address of the AOS. The sections below explain in detail where to find these files and how to update the relevant properties.

Update the Consul configuration file

Update the following property values in the Consul configuration file of the service. This file is located at C:\Program Files (x86)\TRICENTIS\Tosca Server\Gateway\Consul\config\AutomationObjectService.json:

Property

Description

port

Enter the port used to address the AOS.

http

Enter the complete address, including port, used by the AOS: <http or https>://<name of host>:<port>

Update the Ocelot configuration file

To update the Ocelot configuration file of the AOS, follow the steps below:

  1. Open the ocelot.json file which is located at C:\Program Files (x86)\TRICENTIS\Tosca Server\Gateway.

  2. Search for two elements with the ServiceId value ToscaAutomationObjectService.

  3. Update the values of the following properties in these elements:

Property

Description

DownstreamScheme

Enter either http or https depending on the binding you chose.

Port

Enter the AOS port.

Apply the changes

Restart the following services to apply the changes: 

  • Tricentis.ToscaAutomationObjectService

  • Tricentis.GatewayService

  • ConsulService

Configure Tricentis Test Data Service

For Tricentis Test Data Service, configure the following properties:

Property

Description

Port

Enter the port used to address TricentisTest Data Service. The default port is 5001.

Enable Authentication

Select the Enable Authentication check box to activate authentication for the Test Data Service via TricentisUser Administration.

Enable Diagnostics

Select the Enable Diagnostics check box to send anonymous usage data to Tricentis.

Configure Tricentis Mail Configuration

Once you have configured Tricentis Authentication Service, configure the SMTP (Simple Mail Transfer Protocol) server to send emails from the TricentisUser Administration.

For Tricentis Mail Configuration, configure the following properties:

Property

Description

SMTP Mail Server Address

Specify your SMTP mail server address.

Port

Enter the associated SMTP Host Port. The default port is 587.

Username

Specify the username of the SMTP server.

Password

Specify the password.

Sender Name

Specify the name of the sender.

Sender Email

Specify the email address to send emails from.

Send test email to

Specify the email address that you want to send a test email to and click Test.

Configure Tricentis Notification Service

Tricentis Notification Service is the data interface between Tricentis Tosca and other applications. It is a vital component if you integrate Tricentis Tosca with qTest or SAP Solution Manager.

You can only configure this service in the Tricentis Service Configuration if you have enabled it in the Windows Services app (see step 2 in the Tosca Server setup overview).

For Tricentis Notification Service, configure the following properties:

Property

Description

Port

Default port used by Notification Service behind the Gateway proxy. You can specify a different port if needed.

Enable Authorization

If you enable this feature, Notification Service checks in TricentisUser Administration whether a user has the necessary rights to access the project. This feature is not connected to SSL security settings in any way.

Note: the user authorization check is only available in Tricentis Server Repository workspaces.

Database section

Database Connection String

Enter a valid connection string to your Notification Service database.

Logging section

Log Path

Enter the path to the directory where you want to save the log files.

Log Level

Define the log level: Error messages, Modifications, or All service communication.

SAP Solution Manager Integration section (optional)

Enabled

Select the check box to enable the SAP Solution Manager integration.

qTest Integration section (optional)

Enabled

Select the check box to enable the qTest integration.

qTest URL

Enter the URL to your qTest instance.

API Key

Enter your qTest API key.

To get the API key, open qTest and click Download qTest Resources. Go to the Integration with Tosca section and copy the API token.

Configure Tosca License Administration

Tosca License Administration allows you to monitor and manage one or more on-premise license servers.

For Tosca License Administration, configure the following property:

Property

Description

Port

Enter the port used to address Tosca License Administration. The default port is 5030.

What's next

If you have specified an HTTPS binding for the Tricentis Tosca Server, make the necessary modifications as described in see chapter "Use Tosca Server with an HTTPS binding".