This document provides a full comprehensive guide for goAML Web. It is divided into 4 main chapters. The first chapter explains the administration side of the application and is tailored for IT staff responsible for configuring and maintaining the software. The second chapter is tailored for Reporting Entity, Stakeholders and FIU Analysts dealing with compliance. The last two chapters are to be used as a reference guide and troubleshooting common scenarios.

1.1. Features

Module	Feature	Attributes
Registration	Reporting Entity	Schema configurations, Initial User, Group email, Reporting User, Delegation, change requests, Approval Workflow
	Stakeholder
	Supervisory Body
	Individual User
User Administration	Users	New users, approvals, new entities, approvals, entity user hierarchy, change requests, roles, delegations, supervisory bodies, user details, disabling/enabling status, passwords
	Roles
	Permissions
	Change Requests
Settings	Configurations	Site wide variables, metadata after cleanup, image sizes, language flags, menu items, logged in main page, logged out main page, errors and tracking, logs
	Appearance and Content
	Cleanup
	3rd Party Portal
	Email templates
	language
	Diagnostics
Reporting	Web Reports	Zip archives, attachments, file size limits, report workflow, rejections, drafts, preview, auto-populated fields, reporting persons, reusable objects, generated numbers, dropdowns
	XML Uploads
	B2B Uploads
	Validator
Statistics	Reports Statistics	Exporting and browser support, grouping, sorting, date filter, big data treatment, graphs, pivot summary charts
	Transaction Statistics
	Entity Statistics
	User Statistics
	Registration Statistics
Message Board	Notifications	Message attributes, cleanup, archiving, size limits, attachments
	Messages
	Announcements

2. Registration

2.1 Initial Setup

When the web application is initially set up, there are only two entries in the r_entity table. This table stores the current information for the registered entities. These two ‘entities’ are actual system specific entities that should never be deleted. Similarly, their agency business types (FIU and IND) should never be deactivated from the client.

The two predefined entries in the r_entity table are:

All the FIU users belong to the Financial Intelligence Unit (FIU). The REID is always 1 and these users carry out administrative actions on the web. It is possible for FIU users to send reports, although this should be limited to testing environments only.

The Individuals Reporting Entity is the ‘holding’ entity for all users that register as Individuals. A user must be associated with an entity due to the security model restrictions and this system entity ensures that. In the example given above the REID for the Individuals Reporting Entity is 2 however it can also be another number. The id for the Individuals Reporting Entity must be the same as the value in the cad_indv_re_id column of the c_application_defaults table.

2.2 Registration Forms and the Schema

The registration forms for Entities and Persons are mapped to associated parts of the schema. The schema is edited in the client and pushed to the web.

NOTE : Refer to the client documentation on how to edit the schema and refresh the configurations on the web.

In the web database, the schema is held in the cad_xsd_latest of the c_application_defaults table.

The individual fields in the forms are generated from nodes in the schema, and they are mapped to it. So for example the incorporation_state element

<xs:element minOccurs=”0″ name=”incorporation_state”>

<xs:simpleType>

<xs:restriction base=”xs:string”>

<xs:maxLength value=”255″ />

</xs:restriction>

</xs:simpleType>

</xs:element>

Produces the following text field which is not mandatory and has a max length of 255 characters

If the element is updated to the following

<xs:element name=”incorporation_state”>

<xs:simpleType>

<xs:restriction base=”xs:string”>

<xs:maxLength value=”10″ />

</xs:restriction>

</xs:simpleType>

</xs:element>

Then the field will be generated as being a mandatory field (because there is no minOccurs=”0”) and will require a maximum length of 10 characters.

The example below the field is generated, with example error messages as the form is filled out.

Note: * symbol denotes that the field is now mandatory.

The schema can be customized to set whether a field is mandatory or not as well as minimum and maximum lengths, enumerations, regular expressions and cardinality restrictions for collections (for example ensuring that a minimum of two addresses are provided or at least one telephone number) There are some fields which are system fields and must always be mandatory. For detailed information on how to customize the schema, please refer to Standard XML Reporting

Instructions and Specifications – goAMLSchema v4.0.2 – AS20180224.docx

The table below shows which points in the schema map to which registration form.

Registration Form	Node in the schema where form begins
Reporting Entity	<xs:complexType name=”t_entity_registration_RE”>
Stakeholder	<xs:complexType name=”t_entity_registration_SH”>
Supervisory Body	<xs:complexType name=”t_entity_registration_SUP”>
Person	<xs:complexType name=”t_person_registration”>

Details of the Registration and Report Forms are now covered in a separate document goAML Web New Registration and Report Forms.docx

2.3 Creating Delegates

It is possible to associate two reporting entities so that one can report on behalf of the other. This is called Delegation.

The Delegating Reporting Entity is the entity that allows another organization to submit reports on their behalf. The reports do not have to be submitted by the other organization; users for the Delegating Entity can still log in and submit reports.

The Delegated Reporting Entity (or Delegate) is the entity that has been given the authority of another to submit their reports. A delegated reporting entity can read and send messages on behalf of the delegating entity via the message board and manage its users.

To create a delegation relationship between two entities that are already registered in the application, log in as the RE Admin of the entity that will be Delegating

Select My GoAML -> My Org Details

The details of the organization will be shown in the Registering Organization form

The Delegate Organization ID field is initially disabled and empty.
Selecting the Change Delegation checkbox will open a prompt

Click OK
The checkbox is selected and the Delegate Organization ID field is enabled.
Enter the value for the Delegate

Click Submit Request at the bottom of the form. This will create a change request that needs to be finalized. Once the change request is finalized, the delegation will be created.

Once a delegation has been created between two reporting entities, the behavior of the login process is augmented for the Delegated Reporting Entity.

If you login as the user of a Delegated Entity, you will be presented with an option to change which Entity you are logged in as.

A drop down box is displayed with the reporting entity’s name and all of the Delegating entities that you have delegated to the current entity.

If you select one of the other delegating reporting entities and then click login, you will be logged in as that Entity for the duration of the session until you log out.
The top right of the web app shows the username in brackets and the entity that they are logged in for in bold.
In the example below, the user edco for reporting entity ED Casino selected a delegating entity When you fill out a web report the Reporting Entity ID, which is sent with the report is determined by which entity you are logged in as. You can only read and send messages for the entity that you are logged in as.

If you navigate to another page in the application without selecting an entity from the dropdown box, you will stay logged in as their entity for the duration of the session.

2.3.1 Creating a delegating entity without an Admin user

It is possible to create an Entity without an associated administrator user for the purposes of delegating reporting, for example, a business may have several subsidiaries for which it needs a separate reporting entity (and REID) but only one reporting officer.

Click on Create New Delegating Organization button at the bottom of the page in the Active Organizations grid
It will load a registration for an entity that, when submitted and finalized, will create an entity that is automatically delegating to the entity which the user is currently logged in as.

If the user is logged in as a Reporting Entity, the delegate organisation created will be a Reporting Entity too. If the user is logged in as a Stakeholder, the delegate organisation created will be a Stakeholder. If the user is logged in as an FIU, they will have the option of creating a Stakeholder or a Reporting Entity delegate.

3. Log in and Selecting or Changing RE for session.

From the home page the user selects the Log in button

This brings up the login dialog where the user enters their credentials and the presses login.

If Two Factor Authentication is enabled then the use will then be required to enter their second factor authentication. For more details on 2FA please see the separate document goAML Web Two Factor Authentication.docx

If there are delegating entities to this user’s organisation, they will be shown a Reporting Entity selection screen before they login to determine which reporting entity will be used for this session.

When the user is logged in, if there are other reporting entities delegating to this user, it is possible to switch between them without having to log out

Selecting the Switch Organisation link in the image above will take the user to the Switch Organisation selection screen shown below. From here they can change the reporting entity that is being used for this session.

4. Change Requests – (moved)

Please refer to goAML Web New Registration and Report Forms document for Change Requests Documentation.

3.3. Translations of Change Request Type, States and Permissions

The translations of the Change Request Types, States and Permissions are not held in the look up tables but are standard translations held in the t_message_translation table, which are updated in the same manner as the other web translations. Always remember to restart IIS before any changes in the Web can take effect.

Entity Permissions

The translation codes for the Entity Change Requests are in the form

Roles_Permission_Entity_Change_Request_permission_<<permission_code>>

Where <<permission_code>> is the code used for the permission as described in the Entity Change Request permissions table.

Person Permissions

The translation codes for the Person Change Requests are in the form

Roles_Permission_Person_Change_Request_permission_<<permission_code>>

Where <<permission_code>> is the code used for the permission as described in the User Change Request permissions table.

Change Request Types

Change Request Type	Translation Code
New Entity	Registration_EntityCRType2
Existing Entity	Registration_EntityCRType3
New Entity with Delegation Request	Registration_EntityCRType5
Existing Entity Delegation Modification	Registration_EntityCRType6
New User	Registration_PersonCRType2
Existing User	Registration_PersonCRType3
Enable Disable Entity	Registration_EntityCRType4
Enable Disable User	Registration_PersonCRType4
Admin User of New Entity	Registration_PersonCRType-88

Entity Change Request States

Change Request State	Translation Code
Recalled	Registration_EntityCRState0
Waiting for Supervisory Body to Verify	Registration_EntityCRState1
Rejected	Registration_EntityCRState-1
Failed External Validation	Registration_EntityCRState11
Waiting for Supervisory Body to Approve	Registration_EntityCRState2
Drafted	Registration_EntityCRState-2
Waiting for FIU to Verify	Registration_EntityCRState3
Waiting for FIU to Approve	Registration_EntityCRState4
Approved by FIU	Registration_EntityCRState5
Activated	Registration_EntityCRState7
Not Exists	Registration_EntityCRState-99

Person Change Request States

Change Request State	Translation Code
Recalled	Registration_PersonCRState0
Waiting for RE Admin to Verify	Registration_PersonCRState1
Rejected	Registration_PersonCRState-1
Failed External Validation	Registration_PersonCRState11
Waiting for RE Admin to Approve	Registration_PersonCRState2
Drafted	Registration_PersonCRState-2
Waiting for Supervisory Body to Verify	Registration_PersonCRState3
Waiting for Supervisory Body to Approve	Registration_PersonCRState4
Waiting for FIU to Verify	Registration_PersonCRState5
Waiting for FIU to Approve	Registration_PersonCRState6
Approved by FIU	Registration_PersonCRState7
Admin User of New Organization	Registration_PersonCRState-88
Activated	Registration_PersonCRState9
Not Exists	Registration_PersonCRState-99

3. Managing Users and Entities

On a clean installation, only one user that exists in the system can log in. This is the user goaml and this user contains all of the permissions that are available in the web application. The password for this user should be changed after installation.

The security model of the web application uses roles and permissions to determine what pages the current logged in user is able to see, what data they can see and what actions they can perform.

Permissions are assigned to Roles with the Role Management Grid

Roles are assigned to Users with the User-Role Management Grid

Caveat: The naming conventions used in the data model differ somewhat to what is seen in the web application for example a ‘permission’ in the web app is referred to as a ‘role’ in the DB and a ‘role’ in the web app is referred to a ‘role group’ in the DB, please refer to the following table if querying the database with respect to roles and permissions.

Web Application Concept

Associated Web Database tables

Permission

● aspnet_Roles list of permissions

● t_role_roles_groups_assoc which permissions are in which roles

● t_role_roles_ren_type_assoc which permissions can be used with which entity types

Role

● t_role_groups list of roles

● t_role_users_in_groups_assoc which users are in which roles

3.2 Role Management

The Role Management page is accessed via Admin > Role Management. The role management permission is required to view the page.

The Role Management page allows the creation, update and deletion of roles that are used in the web application.

There are two main tabs Roles for Org or User Type and Roles for a specific Org or User. Only the FIU users are allowed to edit the roles for an Org or User Type.

3.2.1 Roles for Org or User Type

This tab is used to manage roles that are associated with an organization type or a user type. This means that a role can be created, which will be available to all organizations or individuals of that type. It does not mean that all the users are assigned the roles; it just means that they are available to them.

The web application has a fixed set of system roles for each type that are required and automatically assigned to new users. The roles should never be deleted from the system. The table below shows how these roles are automatically applied, however they can be given to other users provided the role association is valid for the user and the entity type.

System Role	Organization or Individual Type	Who the role is automatically assigned to
FIU admin	FIU	The initial goaml user, or if the there is no FIU admin in the system, the first FIU user that is created.
FIU user	FIU	Users that are created for the FIU
RE admin	RE	The user that is registered at the time of a Reporting Entity registration
RE user	RE	Users that are created for a Reporting Entity
individual	IND	Users that are registered as individuals.
sup body admin	SUP	The user that is registered at the time of a Supervisory Body registration
sup body user	SUP	Users that are created for a Supervisory Body
stake holder admin	SH	The user that is registered at the time of a Stake Holder registration
stake holder user	SH	Users that are created for a Stake Holder

3.2.2 Add a new role to an organization type

To create a new role for a specific organization type, select the entity type from the drop down box, e.g. Reporting Entity (RE)

Select Add a new role for this type

A dialog box confirming that a role is created for Reporting Entity (RE) type appears

Type the name of the new role and click Create Role

The role will now appear on the list of Roles available for: Reporting Entity (RE) and it will be available for applying to users of all organizations that are type RE (i.e. Reporting Entity)

To add permissions to a role, select the checkboxes next to the required permission in the Permissions for: <<role name>> and then select Save

3.2.3 Add a new role for a specific organization

To create a new role for a specific organization, select the entity type from the drop down box ( in this example Ab Casino)
Add a new role for this entity

Add a name for this role and click Create Role

The role will now appear in the list of Roles available for: Ab Casino
The list of Universal Roles will also be shown, this is a list of roles that are also available to the entity based on its type, and in this case, the type is RE so all the roles for Reporting Entities are displayed too.

3.2.4 Delete a Role

To delete a role, you simply select the role as described above and click the Delete button that is available in the permissions pane.

It is not possible to delete a role if there are users associated with it. It is necessary to remove all the role associations (see User-Role Management) before deleting a role.

3.3 User-Role Management

The User-Role Management page is accessed via Admin > User-Role Management. The user management permission is required to view the page.

The User-Role Management page allows management of the mapping between users and roles

To manage the roles that a user has, open the page and select the Entity from the dropdown list ( in this example Ab Casino is selected and all the users of this entity are shown in the first panel titled Users for: Ab Casino)

When selecting a user, all the roles available will be listed in the center panel Roles for: <<username>>.
They will be split into two lists, the first is all the roles for the specific entity ‘Roles for RE’ and then all the universal roles for that entity type ‘Universal Roles’

To add and remove roles simply check and uncheck the roles in the list and click save.

The permissions list on the right will show all the permissions that are granted to the user depending on what roles the user has. This list is disabled as it is for information only so that it is clear what permissions the user has been given. (the checkboxes cannot be edited)

3.4 Permissions Definitions

The following table provides descriptions of what each of the permissions allows the user to do. The User Change Request and Organization Change Request permissions are part of the change management workflow and descriptions of these are provided in the Change Requests section.

Permission	Description
Reports
enter web reports	Allow the user to fill out a web report form Shows the Web reports menu item. Allows saving of web reports at API. Shows the Save button in the Web Reports Form.
submit web reports	Allow a user to submit a web report form. Shows the Web reports menu item. Allows submitting of web reports at the API, Shows the submit button in Web Reports Form. Users with just this permission can still open draft reports and change them before submitting them. But the changes cannot be saved as Draft report.
upload XML reports	Allow a user to upload XML reports and ZIPs Shows the XML Upload menu item. Allows the upload of XML/ZIP reports.
view all RE reports	Allow a user to view the reports for their RE and for the delegating RE’s. Without this permission the user can only view reports that they have created or if they are the last ones to update the report.
FIU Manage All Reports	Allow a user to view all reports in the DB
My GoAML
Allow log in as delegate	Allow the user to log in as a delegating RE. This permission also means that the reports for the delegating RE’s will be shown in the Reports Grid
View My Org Details	View the details of the users RE under Admin > My Org Details
View My User Details	View the details of the user under Admin > My User Details The permission Person Change Request submit change is also required for this menu item.
view message board	Allow the user to view and use the message board
Statistics
Reporting Statistics	View the reporting statistics page under Admin > Statistics
Reports	View the Reports grid
Reports by Agency and Date	View the charts of Reports pivoted by Agency and Date
Reports by Entity and Type	View the charts of Reports pivoted by Entity and Type
Reports by Entity and Date	View the charts of Reports pivoted by Entity and Date
Reports by Status and Date	View the charts of Reports pivoted by Status and Date
Transactions	View the Transactions grid
Transactions by Entity	View the Transactions by Entity
Transactions by Type	View the Transactions by Report Type
Entity Requests	View the Entity Requests grid
Delegation Structure	View a grid showing a list of Delegate Entities with their respective Delegating Entities in the details.
Entity Registration Statistics	View the Entity Registrations grid
New Entities by Type and Date	View the charts of New Entities pivoted by Agency Type and Date
User Requests	View the User Requests grid
New Users by Entity and Date	View the charts of New Users pivoted by Entity and Date
User Registration Statistics	View the User Registration grid
Admin
Role Management	View and perform actions on the Admin > Role Management page
User Management	View and perform actions on the Admin > User Management page
Security Cleanup	Deprecated. Admin > Site Customization is used instead.
Site Customization	View and perform actions on the Admin > Settings page
Manage Organization Change Requests	View and perform actions on the Admin > Org Request Management page
Manage User Change Requests	View and perform actions on the Admin > User Request Management page
edit Supervisory Bodies Associations	View and perform actions on the Supervisory Body mapping grid that is accessible from Admin > Active Organizations.
Create delegation	Allow the creation of the new delegating organization with the Create New Delegating Organization button from Admin > Active Organizations
Can Create change Requests for my Users	From the Admin > User Request Management page, allow creation of a Delegating Entity.
Release Notes	Deprecated.
Entity Change Requests	Refer to the section Organization Change Request Permissions
Person Change Requests	Refer to the section User Change Request Permissions

3.5 Active Users Grid

The Active Users Grid shows all the user registrations that have been through the registration workflow and approved by the FIU ([Activated])

As in the image below, the grid also shows users that are in status Deactivated. This is not the same as either Recalled or Rejected. For a user to be deactivated, the registration should first be finalized bringing the user to an activated state. That means that a deactivated user was at some point able to log in.

Depending on the permissions of the user, several actions can be performed on each user.

Active User Action	Icon	Description
New Change Request		This opens a new dialog to allow the update and submission of a user’s details. The change request must be finalized for the update to be persisted. The new form opens in a new browser window that may be prevented by pop-up blockers. Ensure that pop ups are allowed for the goAML application.
Preview		This opens a new form to view a user’s details. This will be the most recently approved change request for that user. The new form opens in a new browser window that may be prevented by pop-up blockers. Ensure that pop ups are allowed for the goAML application.
Disable / Enable		This deactivates or activates a user to prevent or allow them to log in and use the goAMLWeb application. If an account is deactivated, an error is shown when the user tries to log in.
Reset Password		This will reset the password for the current user. This creates a new random password and emails it to the user. For details on passwords, see the Passwords section

3.6 Active Organizations Grid

The Active Organizations Grid shows all the organization registrations that have been through the registration workflow and approved by the FIU ([Active])

As in the image below, the grid also shows organizations that are in status Deactivated. This is not the same as either Recalled or Rejected. For an organization to be deactivated, the registration should first have been finalized bringing the organization to an Activate state. That means that a Deactivated organization was at some point able to submit reports.

Depending on your permissions, there are several actions that you can perform on each organization as well as create new organizations and map the supervisory body types.

Active Organization Action	Icon	Description
New Change Request		This opens a new dialog to allow the update and submission of organizations’ details. The change request should be finalized for the update to be persisted. The new form opens in a new browser window that may be prevented by pop-up blockers. Ensure that pop ups are allowed for the goAML application.
Preview		This opens a new form to view organization details. This will be the most recently approved change request for that organization The new form is opened in a new browser window that may be prevented by pop-up blockers. Ensure that pop ups are allowed for the goAML application.
Disable / Enable		This deactivates or activates an organization to prevent or allow all of the associated users to log in and use the goAMLWeb application. If an organization is deactivated, an error is shown when one of the users of that, organization tries to log in.

3.6.1 Create new Delegating Organization

Select the button in the Active Organizations grid to create a new delegating organistion (or if you are logged in as FIU you can create a new Supervisory Body delegating organisation by pressing the button )
It will open a form to allow the submission of a new entity request that, if finalized, will create a new Entity that is delegating to the current logged in Entity.

Note: The advantage of this is that is it not necessary to create another reporting admin. This also means that the newly created Entity does not and will not contain any users.

3.6.2 Supervisory Body Business Type Mapping

Select the button in the Active Organizations grid
It opens the supervisory body business type-mapping grid.

This allows to select which organization will be the supervisory body for each agency type (agency type refers to the types of both Reporting Entities and Stake Holders)

The default supervisory body is the FIU this means that if there are no changes to the default mappings, the ‘supervisory body’ will be the FIU in the workflow and so once the FIU approves the change request it will be finalized.

To change a mapping for a row, select the edit icon on the left hand side, then select the organization that you want to be the supervisory body for that agency type

Select the save icon (or cancel to return without making any changes)

3.7 Passwords

The password that is associated with a user account can be changed, recovered and expired.

3.7.1 Change password

You can change your password at any time directly in the web application, providing you know your existing password.

Go to Admin > Change Password
Enter your existing password and the new password in the New Password and Confirm New Password input boxes respectively.

3.7.2 Forgot Password and Reset Password

In order to reset a forgotten password either the user can request a link from the login screen:

Click the Forgot Password button on the login screen.
Fill out the username and email address for the account you wish to reset the password for and click submit

Or, the FIU can initiate a password reset

In the Admin > Active Users grid, Select a user and click
An email is sent to the user in the same way as

Once the password reset has been initiated by one of the methods above, the following occurs:

An email similar to the one below is sent to the user.

The link will take the user to the following screen where they must supply their username, email and new password.
Select Change Password for the changes to take effect.

Note: If the user cannot recall their username or email address associated with their account, they must contact the FIU.

3.7.3 Password Expiry

This is a setting in the Site Configuration tab of the Settings page.

The number of days until a user’s password expires. A value of 0 means the passwords never expires

The default value for this setting is 0, which means that your password never expires.

If this setting is set to a positive integer, e.g. 180. When you log in, and if it has been more than 180 days from the last time that you changed your password then you will be redirected to the Change Password screen

3.7.4 Manually Change the Password in the Database

The password can also be manually set in the database. First find the UserId which is the primary key for the user in the ASP.Net membership framework in the web DB by running the following query replacing [username] with the username

select UserId from aspnet_Membership join aspnet_Users

on aspnet_Membership.UserId = aspnet_Users.UserId

where UserName = ‘[username]’

Now update the password with a clear text password, and set the password format to 0

update aspnet_Membership set Password = ‘[cleartextpassword]’, PasswordFormat = 0 where UserId = ‘[UserIdFromPreviousQuery]’

IMPORTANT! When the user logs in the clear text password and salt will be overwritten with a securely hashed value and the PasswordFormat will be set to 2. The password will remain in clear text until the next log in so this method of password rest should only be used when the other options to reset the password are not possible. Also the user should change their password after log in.

3.7.5 Password Requirements

The password requirements are defined in the schema in the t_person_registration type, minlength, maxlength can be used to determine the allowed lengths of the password, and the pattern element can be used to determine the regular expression to validate the password requriments

Example regex patterns:

Minimum – 1 digit, 1 non-alphanumeric character, 1 uppercase

<xs:pattern value=”^.*(?=.*\d)(?=.*[^a-zA-Z0-9])(?=.*[A-Z]).*$” />

Minimum – 1 digit, 1 non-alphanumeric character, 1 uppercase, 1 lowercase

<xs:pattern value=”^.*(?=.*\d)(?=.*[^a-zA-Z0-9])(?=.*[A-Z])(?=.*[a-z]).*$” />

Minimum – 1 digit, 1 uppercase, 1 lowercase, and 1 character in -+!#%&?*,.@£${}=_§

<xs:pattern value=”^.*(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).(?=.*[-+!#%&?*,.@£${}=_§]).*$” />

& is used instead of & when inserting into the DB

Caveat: The min and max lengths used for the password should also be the same as those used in the membership provider in the web.config file. Please check the element <add name=”MySqlMembershipProvider… and check the attributes such as minRequiredPasswordLength

3.7.6 Maximum Invalid Password Attempts

The user can be locked out for a specific amount of time after a specific number of failed password attempts by using adding the following attributes to the membership element in the web.config

Attibute	Description
maxInvalidPasswordAttempts	The number of invalid password attempts before the user is locked out
passwordAttemptWindow	The duration for how long the user is locked out, before they can try again.

Please refer to the MSDN documentation for more information:

https://docs.microsoft.com/en-us/dotnet/api/system.web.security.membership.maxinvalidpasswordattempts?view=netframework-4.7.2

4. Reporting

Transaction Reports and Activity Reports are XML documents that conform to the current goAML schema that are uploaded, validated and transferred to the goAML client via the goAML Web application. These XML documents can be submitted in three ways;

Web Report, This is where the user manually keys in the data into an online form that is then converted to XML before being uploaded and queued for validation.
XML Upload This is where the user has created the XML documents themselves and directly uploads them individually or grouped together as part of a zip file.
B2B This is the same as the XML upload; however, the files are uploaded via a web service. For more details on this, please refer to the B2B section.

4.2 Web Reports – (moved)

Please refer to goAML Web New Registration and Report Forms document for Web Reporting Documentation.

4.2.1 Report Type Configuration

There are several web report configurations that are done in the goAML

Client.

These are accessed via the client menu Management > Report Configurations.

After making, any changes remember to push the configuration to the web database and restart IIS before changes take effect.

The following table describes the web related report configurations that are done in the client.

These settings only affect how the web report is rendered; it does not affect XML Uploads or define rules for what reports are accepted.

Report Configuration	Description
Available on Web	This must be selected for the report to be available in for use in the web report.
Show reason/action	If this is selected the reason and action fields will be shown in the main form for this report type. This functionality has been replaced by the Report Form Configurator. Please see the associated documentation
Show to R.E.	If this is not selected the report type will not be available to organizations of type RE (Reporting Entity) This functionality has been replaced by the Report Form Configurator. Please see the associated documentation
Show to S.H.	If this is not selected the report type will not be available to organizations of type SH(Stake Holder) This functionality has been replaced by the Report Form Configurator. Please see the associated documentation
Is Activity Report	If a report is set as an activity report then the Activity section in the form is visible
Is Transaction Report	If a report is set as a transaction report then the Transaction section is visible.
Force Bi-Party	If the report type is set to Force Bi-Party then the MultiParty option for Transaction Type will not be available and the user must populate the To Party and From Party sections to complete the Transaction.

4.3 XML Report Validator

The XML report Validator is accessed via the main menu New Reports > XML Report Validator

This allows the user to verify their XML reports prior to upload. Simply paste the XML into the text area and click

Any errors will be shown on the right of the text area and are from the Microsoft XML schema validation code, so the output will be in English unless the server and .Net environment that IIS is using is configured otherwise. It is possible to hide this menu item altogether via the setting Show_XML_Report_Validator in the Site configuration tab of the settings page.

The images below show examples of successful and unsuccessful validation.

4.4 XML and ZIP Upload (moved)

Please refer to goAML Web New Registration and Report Forms document for XML and ZIP Upload Documentation.

4.5 Report Grids (moved)

Please refer to goAML Web New Registration and Report Forms document for Report Grids Documentation.

5. XML Web Service

The XML Web Service is a windows service that performs key functions on the goAMLWeb Database.

The primary function is to validate uploaded reports (Manual, XML and B2B) against the schema to confirm that they are ready to be transferred to the client. The secondary function is to ‘clean’ reports and messages that have expired as determined by the cleanup settings. Cleaning is the process of removing sensitive data, such as the report data or message body, while leaving the metadata, which may be under legal requirements for auditing or as evidence of the report’s existence.

The XML Service also pushes all the emails from the t_mails_pending table. If the service is not running then emails will not be sent to the goAML Mail SQL Server email profile.

5.2 Configuration

The XML Web service is configured in two main places. The .config file that is in the same directory when the service is installed and the cleanup settings tab in the Admin > Settings page in the Web application.

5.2.1 Config file settings

The following settings are made in the .config file in the folder where the service is installed. This file is typically called goAMLWebXMLService.exe.config

Config setting	Description
Connection String	There can be multiple connection strings for one service pointing at different goAML Web databases. Ensure the name attribute is unique for each one.
maxXMLFileSize	This is the maximum file size in bytes that the service will process. If the file is larger than this, it will fail validation.
maxXMLFilesPerZipFile	This is the maximum number of XML files that a zip file can contain, if there are more than this it will fail validation.
CultureToUse	This culture is used for the translations of the service. It must be one of the cultures configured in the ref_cultures table.
RowsPerRequest	This is the number of new rows that will be requested each cycle of this service. The default is 1000.
DelayWaitTime	The wait time in milliseconds if no new reports are found for any of the connection strings otherwise the service will continue to run as long as the current time is within the running hours.
StartTimeHour and EndTimeHour	The service will only run between these hours
CleanupTime	The time the cleanup process is run every day in 24 hr format HH:mm
SendReportValidatedEmailToUser	Boolean, whether to send an email confirming report submission and validation for each upload to the submitting user.
SendReportFailedEmailToUser	Boolean, whether to send an email confirming report validation failure for each upload to the submitting user
SendReportValidatedEmailToFIU	Boolean, whether to send an email confirming report submission and validation for each upload to the FIU admin.
SendReportFailedEmailToFIU	Boolean, whether to send an email confirming report validation failure for each upload to the FIU admin.

5.2.2 Cleanup settings

The cleanup settings tab of the Admin > Settings page in the web application contains the following settings:

If checked, the summary emails of cleaned reports and messages are not sent to the Reporting Entities

The summary email contains information about reports and messages that will cleaned within a certain number of days. The number of days is set in this number box. Selecting the checkbox will mean than the warning information will not be included in the summary.

The number box sets the number of days after a report is created and not yet submitted before it is cleaned. (status K)

If the checkbox is, selected reports in status K will not be cleaned.

The number box sets the number of days after a report is submitted and accepted, or failed on invalid structure, before it is cleaned. (status A, P, N)

If the checkbox is selected reports in status A, P or N will not be cleaned.

The number box sets the number of days after a report is submitted and rejected, or waiting to be reverted, before it is cleaned. (status F, R)

If the checkbox is selected reports in status F or R will not be cleaned.

The number box sets the number of days after a report is reverted before it is cleaned. (status 1, O)

If the checkbox is, selected reports in status 1 or O will not be cleaned.

The message cleanup settings are defined in a table at the bottom of the cleanup settings page. There is a row for each message type. The Days before Cleanup column either is set to Do not delete messages of this type which means that messages of that type will not be cleaned (as in row 1 above) or an integer, which means than messages of that type will be cleaned to that many days after the message was received into, or sent from, the web database (as in row 3 above).

To change the number of days, click edit and enter the number of days required and then select update.

To make sure a message type is not deleted, select Do Not Delete for that row.

5.2.3 Event logs

The XML Web Service logs information as it runs in the Windows Event Viewer under Applications and Services Logs > goAMLWebXMLServiceLog

The following information is logged:

Event description	Event Type
When the service starts and stops	INFO
When a specific file is being processed	INFO
Time taken to select, update and delete reports, messages and attachments (for performance analysis)	INFO
Total Reports Cleaned	SUCCESS
Total Messages Cleaned	SUCCESS
Error cleaning Reports	ERROR
Error cleaning Messages	ERROR
Number of summary emails sent	INFO
Error sending emails	ERROR
Total Reports for Warning	SUCCESS
Total Messages for Warning	SUCCESS

5.3 Validation Process

The diagram below outlines the basic flow of the validation process of the XML Web Service. The validation process is only part of the whole report workflow. Please refer to the Report Workflow diagram.

5.4 Cleanup Process

The cleanup process cleans the reports and messages and then sends summary emails, if necessary to the Reporting Entities and FIU.

5.4.1 Report Cleaning

When a report is cleaned, the following occurs:

Associated attachments of the report are deleted
rfd_report_xml is set to null
rfd_file is set to null
rfd_report_json is set to null
is_archived is set to 1
rfd_status is set to one of the archived statuses

The new status that is set in rfd_status is dependent on the status. The table below shows the mapping:

Current Report Status	Report Status after Cleaning
K Not Submitted	6 archived – not submitted
A Approved; scheduled for processing	2 archived – accepted
P Processed	2 archived – accepted
N Failed Validation; Invalid Structure	3 archived – invalid structure
F Failed Validation	7 archived – waiting to be reverted
R Rejected	7 archived – waiting to be reverted
1 Reverted – Not submitted	4 archived – reverted not submitted
O Reverted	5 archived – reverted original copy

5.4.2 Message Cleaning

When a message is cleaned, the following occurs:

Associated attachments of the message are deleted

tmb_msg_text is set to the cleaned message, the cleaned message is provided by the translation WEBSERVICE_cleaned_messageboard_message_substitution

tmb_msg_status is set to ‘ARCHI’

6. Message Board

The message board allows the user to send and receive messages from the FIU.

You can launch the Message Board from the Main Menu.

Note: Communication is only with the FIU; messages cannot be sent or received from other Reporting Entities or Organizations.

When the message board is open, you will only see messages for the reporting entity for which you are logged in

You will not see messages for any of the delegating entities,

To view and send messages for a delegating entity, you need to log in as that entity.

6.2 Messages and Folders

When a message is received or sent, it is associated with a folder. Folders are stored in the t_msg_board_folder

You can create folders for organizing messages, however, there are four system folders that are static and cannot be edited or deleted.

System Folder Name	Direction
inbox	Incoming [0]
draft	Outgoing [1]
sent	Outgoing [1]
archive	Both [null]

A message has a direction, either incoming (sent from the FIU) or outgoing (sent from the Reporting Entity).
Folders are also assigned a direction, either incoming, outgoing or archive. Only incoming messages can be put into incoming folders and only outgoing messages can be put into outgoing folders. Archive folders can contain all messages.

6.3 Message Board Size Limit

The message board size limit setting is defined by the system setting MessageBoardMaxSizeWarning, refers to section Administration – Site Configuration Tab for details on configure this setting.

The messages are stored in two tables in the database t_msg_board for messages that are in non-archive folders and t_msg_board_archive for messages that are in archive folders. The ‘size of the inbox’ that is displayed in the top right of the message board is only calculated against the size of the attachments for messages that are not archived. Once this limit is reached, it is not possible to send any messages, to reduce the size either delete unwanted messages or move them to an Archive folder.

6.4 Message Board Features

The message board is divided into four areas, Folders Pane, Actions Pane, Messages Grid and the Message Pane. These areas are referenced in the feature descriptions below.

6.4.1 Viewing Messages

Select a folder in the Folders Pane to load all the messages from that folder into the Messages Grid.

Select a row in the Messages Grid to load that message into the Message Pane.

If the message is part of a thread of messages between the FIU and the RE, all the messages from that thread will be shown in the messages pane, with all but the selected message collapsed.

You can expand and collapse the individual messages using the +/- icons in the top right corner of each message.

Messages with attachments are identified with a paperclip icon in the messages grid; the links to download the attachments appear in the Message Pane underneath the body of the message.

6.4.2 Sending and Replying

To send a new message, select the New button in the Actions Pane. This will open the Send Message dialog.

The fields Type, Subject and Message must be filled out before a message can be sent. The types available are those that have a value of 1 in the web_refresh column in the lk_msg_type table. This is configured in the client and pushed to the web.

Attachments can be added; select Browse… and then choose a file.

SelectUpload. Only attachments that are in the Upload Files area will be sent with the message.

Click Send to send the message. The message will appear in the Sent Folder

Click Cancel to discard the message. The message will not be saved.

Click Save as Draft to save the message into the Drafts Folder

To reply to a message, select the message that you want to reply to in the Messages Grid and select Reply from the Actions Pane. This will open the Send Message dialog again; however, this message will be included in the selected message thread, so that it will be visible in the list of messages when that thread is viewed again in the Message Pane.

When replying to a message, the message type is fixed; it is not possible to change the message type when replying.

6.4.3 Editing Folders

To organize and edit the folders for the message board of the Reporting Entity, select Edit Folders from the Action Pane.

The Folder dropdown box default is Add New… this means a new folder will be created.
Enter a name and click save to create the new folder.

The Direction is defaulted to Incoming this means that the new folder will only allow incoming messages to be stored in it. (refer to Messages and Folders section above)
To change to Outgoing or Archive select the appropriate radio button before saving. The folder will then appear under the respective node in the Folder menu.

Folders can also be used to automatically store certain types of messages. For example if there are many messages of type Report Fully Accepted being sent to the message board and you want to automatically have these moved into a separate folder, simply select the message type from the drop down list before saving.

It is possible to change the name, associated message type, or delete an existing folder. From the Folder dropdown, select the folder you wish to edit and then change the name or message type and then Save. Alternatively, select Delete to remove the folder completely.

Deleting a folder does not delete the messages that are inside. These are moved to the parent folder in the Folder Menu (i.e. Inbox, Sent or Archive)

It is not possible to edit the direction of an existing folder.

6.4.4 Move, Delete, Mark Messages

Moving, Deleting and Marking messages can be done on a single message or a selection of messages all at once.

To select multiple messages, select the boxes of the rows in the Messages Grid. The checkbox in the header row will select all the messages on that page, and the checkbox above the Messages grid in the Actions Pane will select all the messages in all the pages for that folder.

Once the message(s) are selected, the combo box in the Actions Pane will be populated with all the folders that this selection can move to. If both incoming and outgoing messages are selected then only the archive folders will be available.
To move the selection of messages, select the folder and then select Move To Folder from the Actions Pane

To delete the selection of messages, select Delete from the Actions Pane.

To mark messages as read or unread, use the buttons Mark as Read / Mark as Unread in the actions pane.

Messages can also be flagged. This is only done individually for each message and is done by toggling the flag icon in the message row,

6.4.5 Search Messages

Text search for the message board is available by selecting the Search button from the Actions Pane.

The value in Search Text will be searched in all of the non-archive and archive folders when the Search button in clicked. This can have performance implications for installations with very large message boards; it is advisable to use the Data range to minimize the impact on the server.

7. Statistics

The statistics page provides fixed reports and charts pertaining to reports and change requests that have been submitted to the system. The reports you can see is determined by the permissions you have (refer to Roles and Permissions section)

The statistics page is accessed via Admin > Statistics the image below shows the full list of reports.

The report list on the left hand side contains a list of Grid Reports (shown by ) and Chart Reports (shown by )

A Grid Report is a table of the actual data, A Chart report is where two or more attributes of the data are pivoted to produce a report that shows the relationship between these two attributes.

For the Chart Reports the pivot grid is shown in one tab and a graphical representation is shown in another.

For example, the Reports Grid shows the list of all the reports

Reports by Agency and Date Chart shows how many reports each Agency Type submits for each Month.

From the example below all of the Reporting Entities of type, BANK submitted 17 reports in March 2017.

Click on the Chart tab to view a graphical representation of the pivot grid
Using the mouse wheel, you can zoom in and out of the graph, as well as hold down the left mouse button to drag (pan) the chart left and right.

All Pivot Grids can be exported to Excel or PDF, and all Graphical Charts can be exported to PNG or PDF

Click on the filter tab user to change the date range of the report that you are currently viewing. The charts will only render if there are less than 1000 data points, so you may have to reduce the time span in order to have fewer data points provided in the report.

If more than 1000 data points are returned there will be an error message displayed at the top of the chart.

There are preset date ranges (e.g. Last 12 months, Last 30 days, This month etc.) or You can select the From and To date pickers to choose a custom date range. The date range boxes appear disabled until they are selected.

7.2 Report Definitions

Report Name	Description
Reports	A list of all the reports that are visible to the user
Reports by Agency and Date	How many reports were submitted by all the reporting entities of a particular entity type in each month?
Reports by Entity and Type	How many reports were submitted of a particular report type by each reporting entity?
Reports by Entity and Date	How many reports were submitted by each Reporting Entity in each month
Reports by Status and Date	How many reports that were submitted in each month, grouped by the current status that the reports are in.
Transactions	A list of all the reports that are visible to the user, with the transactions for each report
Transactions by Entity	The number of Accepted and Rejected transactions for each Reporting Entity in the specified date range.
Transactions by Type	The number of Accepted and Rejected transactions for each Report Type in the specified date range.
Entity Requests	A list of all the Entity Change Requests that are visible to the user.
Delegation Structure	A list of all reporting entities that have delegating entities. The total number of delegating entities is shown; expanding the row shows the list of the entities that are delegating to that organization.
Entity Registration Statistics	A list of Organizations that have registered during the defined dates
New Entities by Type and Date	The number of new entity registrations each month for each Entity Type.
User Requests	A list of all the User Change Requests that are visible to the user.
New Users by Entity and Date	The number of new user registration each month for entity

8. B2B

The B2B Demo page is the API description and documentation for the B2B services. These services allow users to build systems that can integrate with the goAML Web application to perform regular automated tasks such as submitting reports.

When logged in as the FIU navigate to Admin > B2B Demo

This page is available to all logged in users, however the link will only appear in the menu for the FIU users. To allow other reporting entities to see the page, simply make them aware of the link

B2B Demo page: <<my_goaml_url>>/B2BDemoF16

The image above shows the B2B Demo page. The Tabs at the top are the B2B groups, namely Authentication, OData, Reports and Messages

Once a B2B group is selected, the available services are listed in the Tabs on the side. For the example above, the Authentication group is selected, the services Get Token and Check Token are shown, and Get Token is selected.

When a service is selected, the main window provides the following information:

Name of the service
Description of what the service does
The URL endpoint where the service is located
The post data variables that can be included in the request, along with their associated types and restrictions
A description of the output.
Send Request enables the user to test the service by filling in the post data fields and sending the request to the service. The response will be shown in the area below the Send Request button.

Caveat: When using the B2B Demo, the requests are directly on the live database, so any changes made to the data will be persisted and reflected in the web application.

8.2 Open API

There is an OpenAPI (Swagger Specification) providing a machine readable interface to consume the B2B Services. This is available under Admin > OpenAPI

The images below show the listings of all the endpoints. The first image below gives an example of one of the endpoints GetFolders expanded to show the samples provided for the request and response.

It is not possible to test via the OpenAPI specification, this should be done using the B2B Demo page.

9. Administration

9.2 Language and Culture

The languages that the goAML Web application uses are defined in the database under the ref_cultures
This table is populated by a configuration ‘push’ from the client application.
To add a new culture or delete an existing culture, this must be first done in the client and then pushed to the web as described in the client user manual
After any culture, code is added or removed, or whenever any lookup or message translation is changed, the IIS service must be restarted for the changes to take effect in the application. The table below shows an example of the ref_cultures table in the web database. There are four culture codes configured de-DE, en, en-GB, nl-NL

For each culture code there is an associated set of translations for all of the labels and messages that appear on the site. This appears in the t_messages_translation table and the various lookup tables that are prefixed with lk_ (e.g. lk_msg_type)

One of the codes in the ref_cultures table must correspond to the default culture used by the web application. The default used is defined in two files;

In the config of the web application, the uiCulture and culture attributes of the globalization tag must be set.

In the exe.config of the XML service, the value for the key CultureToUse must be set

If the web.config values are not correct, the web site will not start and will show an error similar to the image below

If the default culture is deleted, these two files must be updated to use another culture code that is in the ref_cultures

For each culture code that appears in the ref_cultures table, there will be a corresponding flag icon in the top right of the web application. In the image below the culture that is selected is ‘en’

The flag icons are already available for all of the most common culture codes. However if there is one missing, an icon of the format .png must be placed in the following directory in the web application folder

<<goamlweb_root>>/css/goaml4/images/culturecodeflags/ab-CD.png

Where ab-CD is the culture code that has been added.

I11. If you select another culture by clicking on another flag, the page is reloaded with that culture and a cookie is saved in the browser to remember the user’s preference for next time.

The selected culture also determines the date and number formats that are shown in the application. The initial default language code used by goAMLWeb after installation is en, which is English (United States) this uses the date format month/day/year. To use the English format with date format day/month/year the culture en-GB needs to be added which is English (United Kingdom)

The site content, such as what is seen on the home page and in the email templates is not culture specific and so the same content is seen regardless of the culture that is currently selected by the user.

10.2 Settings Page

The settings page is where the configuration is done for all of the appearance, content and functionality of the application that is not set in the web.config or via a data push from the client (such as the translations and the schema)

The settings page is accessed from the main menu under Admin > Settings and is only available to users who have the Site Customization Following a new installation, the goaml user has this permission.

Note: After changing any setting it is advised to restart IIS before verifying the changes have taken effect, many of the settings and translations are cached in memory to reduce load on the database and will only be refreshed once the web application is restarted.

10.3 Site Configuration Tab

The Site Configuration tab contains a grid of all the settings that are in the t_sys_config table in the database.
These are key (code) value pairs each with a summary of what the setting is (which can be shown by clicking on the arrow in the left of the row) and a column describing the allowed values.

By selecting the Edit button on a row, you can change the value to any string; however, the system will not function correctly if the value is not consistent with the allowed values. For example if the allowed values are N or Y then only N or Y should be used (i.e. not 1, 0, true, false, yes or no).

Selecting Update will store the new value and Cancel will cancel the action.

The following table describes the function of each code. The description shown in the grid on the web is given in italics

Code

Description

AllowManagementOfDelegates

Allow the delegated Reporting Entity to manage the Users of their delegating entities.

If this value is set to “Y” then when a delegated Reporting Entity views the User Request Management or Active Users grid, they will see the users of the delegating organization too and will be able to perform all of the same operations on these users that they can for users of their own organization.

DefaultReportTypeCode

enumeration from column lk_code from lk_report_type

This value should be set to a report type code that is configured in the system. These can be found in the table lk_report_type and in the report_type enumeration in the schema.

This value will determine which report is initially loaded when the user starts to create a new web report

EnableNewRegistrationForms

Enable the New Registration and Change Request Forms

This enabled the New Registration and Change Request Forms that can be customised. Please refer to the goAML Web New Registration and Report Forms.docx for details

EnableNewWebForms

Enable the New Web Forms

This enabled the New Web Report Forms that can be customised. Please refer to the goAML Web New Registration and Report Forms.docx for details

ExternalApplicationURL

The full URL to the web application as seen by an external user, without the trailing slash: e.g. https://www.mydomain.com/goAMLWeb. If this setting is empty, the Forgot Password functionality will not be possible.

If this setting is empty a warning will be displayed on the home page.

EntityUserAutoMigration

This setting is no longer used.

ExternalDataCheck

Automatically calls a pre-defined external procedure to do a third-party check of new user/organization requests

If this is set to Y then the stored procedure sproc_registration_external_data_check is called whenever a new entity or new person registration is submitted.

This stored procedure receives the Entity or Person Change Request ID so that data associated with the request can best be tested against user specific logic and/or external data sets to automatically approve verify or reject a registration.

Details on how to use and augment the stored procedure are provided in the comments inside the existing sproc_registration_external_data_check in the web database.

file_upload_whiteList

a comma separated list of file extensions (including the “dot”) e.g. (“.png,.doc,.docx”)

This is the whitelist of files that are allowed to be uploaded to the web application. This list is checked at the following points:

When attaching a file to a web report.
When attaching a file to a new message in the message board.
When attaching a file to an XML upload.
In the XML service when extracting the attachments from a zip file from a file upload or B2B submission.

Adding an asterisk wildcard allows all file types within that archive. For example .docx* allows all document types in a .docx file.

Zip files are always allowed by the B2B endpoint regardless of whether .zip is in this list.

file_upload_public_whiteList

a comma separated list of file extensions (including the “dot”) e.g. (“.png,.doc,.docx”)

This is the whitelist of files that are allowed to be uploaded at registration. Adding an asterisk wildcard allows all file types within that archive. For example .docx* allows all document types in a .docx file.

GenerateRERegNumber

Generate RE/AI registration number on RE creation

If this value is set to Y then a registration number is automatically generated in the field ecr_tax_reg_num for the Entity change request, which is then mapped to the ren_tax_reg_num field in the r_entity table if the registration is approved.

In addition, this setting affects what is shown in the view. If it is set to Y then the following are shown:

The column Registration Number in the Organization Request Management grid
The column Registration Number in the Active Organizations grid
The registration number under the username and entity name in the header of the web application

The stored procedure that generates the custom number is sprocGetCustomNumber which is passed the following parameters

SPROC Parameter Name	Value
sCode	RE_REG
bGeneratedSeq	true
iSeq	The integer REID of the entity for which the registration number is being generated, e.g. 50020

HelpIsEnabled

whether the help icon is shown

If this value is set to Y then the help icon is shown in the main menu. If it is set to N then it is hidden. It is important to note that this is not a security setting. The url’s to the help pages will still be accessible.

LeaveUnsavedPageWarning

This setting is no longer used.

MenuNewRFI

This setting is no longer used.

MenuRFIHeader

This setting is no longer used.

MenuRFIList

This setting is no longer used.

MessageBoardMaxSizeWarning

the max size in megabytes that a RE is allowed to occupy with messages and attachments on the message board

This setting is the maximum number of megabytes that a Reporting Entity can use for storing attachments before they are unable to Send new messages. Once this limit is reached, they will get an error if they try to post a new message. Only attachments in non-archived folders are considered, so if a Reporting Entity needs to free up space but wants to keep messages and attachments they should move them to archive folders.

Incoming messages from the FIU are always allowed and will not be blocked even if the limit has been reached.

In the message board, the size of the attachments is given above the list of folders. It is shown in yellow if the total size of the attachments are over 75% of the limit and is shown in red if it is over 90%

PASSWORD_EXPIRY_DAYS

The number of days until a user’s password expires. A value of 0 means the passwords never expire

The default value for this setting is 0, which means that a user’s password never expires.

If this setting is set to a positive integer, e.g. 180. When a user logs in, if it has been more than 180 days from the last time, which user has changed their password then they will be redirected to the Change Password screen.

The date when the user last changed their password is stored in the LastPasswordChangedDate of the aspnet_Membership table.

Report_AutoPopulate_Location_With_RE_Address

auto populates the “location” node in a web report form with the address for the reporting entity

If this value is set to Y then when a user creates a new web report, the Location field, which contains a single address object, is populated with the address of the RE that is logged in. The user can still change this address for the report if necessary. If the user does change details of the address and saves the report without submitting it, these changes are persisted, i.e. they are not overwritten with the reporting entity address when the user reloads the report for editing or submitted later.

ReportAttachmentMaxSize

the maximum size for an uploaded attachment in bytes (Max 20MB! do not set higher than 20MB)

This setting is the limit of the number of bytes when uploading and file which is one of the following:

An attachment to a web report
An attachment to a message in the message board
An attachment to an XML report that is being uploaded
An attachment to a report inside a zip file that is being uploaded. Note that the limit of the size of the zip file that can be uploaded is configured in the WEB_XML_UPLOAD_MAX_SIZE setting.

It is important to note that there is an overall site setting in the web.config file called maxRequestLength which is the maximum HTTP request size in KB. This size should be greater than the value of this setting.

ReportAttachmentMaxCount

The maximum number of attachments that can be added to a report. This limit it used for both Manual Web Reports and XML Uploads

SchemaMandatoryFieldValidaiton_DefaultValue_ACTION

the default value for “report action” field if the report type hides this field on the page and the field is mandatory in the schema

This value is the default for what appears in the Action field in the web report. It can be useful if the field is hidden for a particular report type but is mandatory in the schema.

SchemaMandatoryFieldValidaiton_DefaultValue_REASON

the default value for “report reason” field if the report type hides this field on the page and the field is mandatory in the schema

This value is the default for what appears in the Reason field in the web report. It can be useful if the field is hidden for a particular report type but is mandatory in the schema.

ServerSideViewState

This setting is no longer used.

Show_Flags_For_Languages

Whether to show the custom flag images for the language selector or the ISO two letter code

Detemines whether to show country flags for the language selector or the standard two letter code in uppercase for the particular culture. For example cultures en-GB, en-US fr-CH would be displayed as EN | EN | FR

Show_Responsive_Home_Page

Whether to display the responsive landing page or the orginal landing page.

The responsive landing page contains 4 customisable areas and 3 customisable images which collpase neatly when being view on different size screens. This setting is on by default, it can be set to N to use the original landing page with the original single customisable content area.

ShowStakeholderRegistration

Whether to display the ‘Stakeholder’ registration in the home screen.

ShowSupervisoryBodyRegistration

Whether to display the ‘Supervisory Body’registration in the home screen.

ShowIndividualUserRegistration

Whether to display the ‘Individual User’ registration

If this value is set to Y then at the Person registration screen the user is able to check the box labelled Individual User that routes them to the individual user form, which is the same Person registration form but with the Organization ID disabled and pre-populated with the REID used for individuals.

If this value were set to N then the check box would be hidden. It is important to note that this is not a security setting. The checkbox would be hidden but the URL is still accessible.

Show_XML_Report_Validator

Whether to display ‘XML Report Validator’ in the ‘New Reports Menu’

If set to Y the menu item is shown, if set to N then it is not.

ValidationErrorsInEmail

whether actual validation errors are shown in (the possibly unencrypted) validation emails

If this value is set to Y if a report fails validation, the email that is sent to the RE/FIU will contain the errors that occurred that resulted in the validation failure.

An example of the email containing these errors is given below. Here the error is that the value ‘John Smith’ was used as the value for transmode_code in the report. Providing the errors can be very useful for resolving issues with creating reports, however they can include data from the reports, which might violate a security policy. The recommended method is to use the XML Validator to determine why a report is failing.

There was a problem processing document: “_Web_Report_ReportID_723-0-0.xml”, submitted by user: “edco” on 2/11/2018 4:34:36 PM. Document errors:

Error #: 1 Location: Line 39, Position 27

Description: The ‘transmode_code’ element is invalid – The value ‘John Smith’ is invalid according to its datatype ‘conduction_type’ – The Enumeration constraint failed.

Web_Email_OnOff

whether email is turned on for the webserver in this environment

If this value is set to N then emails will not be sent from the web. The t_mails_pending table will still have emails written to it and removed from it, so it will appear that emails are being sent if this table if monitored, but the stored procedure that sends the emails from this table (up_send_mails) is just deleting the contents of the table and not forwarding them to the goAML Mail mail profile that is configured on the SQL server instance.

If the value is set to Y then the emails are sent as normal.

WEB_XML_UPLOAD_MAX_SIZE

Maximum size in bytes for an uploaded report file

This setting is the maximum size in bytes for an uploaded report file. This setting is used as the maximum size for both XML and ZIP files in the XML Upload page.

It is not used for B2B submissions, which do not have an imposed limit.

WEB_XML_UPLOAD_DUPLICATE_BY_CONTENT

Prevents files being processed if they have the same content as any existing file. This is only checked in the XML Service where the XML’s are extracted.

WEB_XML_UPLOAD_DUPLICATE_MODE

0 – No checking. Any XML or ZIP files can be uploaded

1 – Files are checked at upload for duplicate name and size of files that have been uploaded by the Same RE

2 – Files are checked at upload for duplicate name and size and the individual XMLs are checked by content in the XML Validation Service for files that have been uploaded by the same RE

10.3.1 Site Appearance Tab

The following table provides the setting name, default value and description of all the settings in the Site Appearance tab.

Setting	Default Value	Description
Header Section	#ffffff	The color of the background of the <div> that is at the top of the page before the menu.
Menu Background	#428bca	The primary color of the main menu
Footer Section	#428bca	The background color of the footer
Top Left Image		The image shown in the top left of the page above the main menu. This is the usually the log of the FIU.
Bottom Left Image		The image shown in the bottom left of the footer.
Bottom Right Image		The image shown in the bottom right of the footer
Responsive Top Left Image		The top left image (main logo) that is used if the responsive home page is used Site configuration: Show_Responsive_Home_Page set to Y
Responsive Top Right Image		The top left image (secondary image) that is used if the responsive home page is used. This image disappears (hidden) when viewing on small devices such as mobile. Site configuration: Show_Responsive_Home_Page set to Y
Responsive Background Image		The background image of the main content that is used if the responsive home page is used. This image disappears (hidden) when viewing on small devices such as mobile. Site configuration: Show_Responsive_Home_Page set to Y
Bottom Left Link	http://www.unodc.org	The url that the Bottom Left Image links to.
Bottom Right Link	http://www.unodc.org	The url that the Bottom Right Image links to.
Validation Email Subject Prefix	FIU:	The prefix in the subject of the emails that are sent out from the XML service
Validation Email Body Prefix	empty string	The prefix of the body of the emails that are sent from the XML service
Validation Email Body Postfix	empty string	The postfix of the body of the emails that are sent from the XML service

10.3.2 Cleanup Tab

Details of the cleanup settings are described in the Web XML Service section.

10.3.3 3rd Party Portal Tab

The Third Party Portal settings are only to be used when the web application is configured to behind a portal or reverse proxy. This feature applies to countries that have an existing portal with its own registration and authentication mechanism. The registration form and authentication into the goAML web application is then done via information supplied in HTTP headers from the portal.

These features were designed and tested to work with IBM Tivoli Access Manager (TAM). However, the headers can be customized to work with other similar systems.

Auto Form Population

When this switch is set to ON the Auto Form Population is enabled.
The HTTP header input fields and the associated change/restore buttons will only be enabled when this switch is set to

With the Auto Form population activated the registration page will be displayed with the following fields disabled and populated providing that the values have been defined in the

Headers of the request from the 3rd Party Portal

– Login credentials: username and password “Encoded”

– First Name

– Last Name

– Email address

Below is an example of values that could be passed in the headers and the following image shows how the registration page would appear when loaded with these headers.

Header	value
_firstname	John
_lastname	Smith
_email	john_smith@goaml.com
Authorization	Basic am9obnNtaXRoOmpzMTIzNDU= (where am9obnNtaXRoOmpzMTIzNDU= is a base64 encoding of johnsmith:js12345 johnsmith is the username and js12345 is the password and they are concatenated with a colon.)

Basic Access Authentication

When the Basic Access Authentication switch is set to ON and the user navigates to the log in url <<site_root>>/Account/LogOn the web app will automatically authenticate the user that is given in the username and password that are provided in the Authorization header as described in the table above. This is a standard basic access authentication encoding.

If Basic Access Authentication is set of OFF and the user navigates to the login url then the following error will be shown.

An initial user is required to be registered in the system and assigned FIU privileges (FIU Admin role) before this feature is turned on.
The third party portal is responsible for maintaining the identity of the users and supplying goAML Web with the correct credentials, i.e. Person A can only register and login as Person A.

I 5..If the Basic Access authentication is turned on before registering the initial user it is possible to disable it by executing the following SQL script on the web database.

update web_settings set value = 0 where name = ‘BasicAccessAuthentication’

Disable password change and reset

When this switch is set to ON it is not possible for any user including the FIU admins, to change their password.

10.3.4 Site Content Tab

There are currently 5 editable content areas of the web application.
To change or add content for a particular area, select the area from the drop down list, edit this content in the HTML editor and then click save.
The reload button will fetch the current content from the database again, removing any unsaved changes.

The editable areas are:

Editable area name	Description
Logged Out Home Page Text	The HTML that is displayed on the home page if there is no user logged in (url: ~/Home)
Logged In Home Page Text	The HTML that is displayed on the home page if there is a user logged in (url: ~/Home)
Help Logged Out	The HTML that is displayed on the help page if there is no user logged in (url: ~/Home/Help)
Help Logged In	The HTML that is displayed on the help page if there is a user logged in (url: ~/Home/Help)
Change Password Page Text	The HTML that is displayed on the Change Password page above the form that is filled out to change the password. (url: ~/Account/ChangePassword)
Responsive Home Page Main	The HTML that is shown in the main banner over the background image on the home page if there is no user logged in and the site is configured to use the responsive home page (see site configuration tab)
Responsive Home Page Column One	The HTML that is shown in column one under the main banner of the home page if there is no user logged in and the site is configured to use the responsive home page (see site configuration tab)
Responsive Home Page Column Two	The HTML that is shown in column two under the main banner of the home page if there is no user logged in and the site is configured to use the responsive home page (see site configuration tab) responsive home page (see site configuration tab)
Responsive Home Page Column Three	The HTML that is shown in column three under the main banner of the home page if there is no user logged in and the site is configured to use the responsive home page (see site configuration tab)

10.3.4.1 Translating Site Content

The editiable areas in the grid above can translated. Indeed, they can store completely different HTML for each language. When clicking save, the content stored will be for the language that is currently selected. For example the image below shows saving the Responsive Home Page Main in the Finnish culture code.

So now the home page will show the HTML depending on which language is selected as shown below between the first image (English) and the second image (Finnish)

10.3.5 Email Templates Tab

The email templates are an upgrade on the simple text emails that were sent out for change request submissions, acceptance and rejections. To change an email template, select it from the drop down list, edit the content in the HTML editor and then click save.
The reload button will fetch the current content from the database again, removing any unsaved changes.

The enabled switch must be set to YES for the email template to be used, otherwise the default translation simple text email will be sent instead.

Disabling a template does not prevent the email from being sent.

The available email templates are described below. The translation code is the code in the t_messages_translation table that maps to the text that is used for the email

Email Template Code	Translation Code	Description
Entity_Change_Request_Email_Template_Acceptance	Registration_EmailMsg_txtEmailChgEntityCRAcceptance	The email that is sent out when a change request is accepted for an existing Entity
Entity_Change_Request_Email_Template_Rejection	Registration_EmailMsg_txtEmailChgEntityCRRejection	The email that is sent out when a change request for an existing Entity is rejected by the FIU
Entity_Change_Request_Email_Template_Rejection_NOTBYFIU	Registration_EmailMsg_txtEmailChgEntityCRRejection	The email that is sent out when a change request for an existing Entity is rejected by a user who is NOT FIU
Entity_Registration_Email_Template_Acceptance	Registration_EmailMsg_txtEmailNewEntityCRAcceptance	The email sent out when a new Entity registration has been accepted
Person_Registration_Email_Template_Submitted	Registration_RegistrationSubmittedEmailBodyPerson	The email sent out when a new Person registration has been submitted
Person_Registration_Email_Template_Rejection	Registration_EmailMsg_txtEmailNewPersonCRRejection1	The email sent out when a new Person registration has been changed
Person_Registration_Email_Template_Acceptance	Registration_EmailMsg_txtEmailNewPersonCRAcceptance1	The email sent out when a new Person registration has been accepted
Person_Change_Request_Email_Template_Rejection_NOTBYFIU	Registration_EmailMsg_txtEmailChgPersonCRRejection1	The email that is sent out when a change request for an existing Person is rejected by a user who is NOT FIU
Person_Change_Request_Email_Template_Rejection	Registration_EmailMsg_txtEmailChgPersonCRRejection1	The email that is sent out when a change request for an existing Person is rejected by the FIU
Person_Change_Request_Email_Template_Acceptance	Registration_EmailMsg_txtEmailChgPersonCRAcceptance	The email sent out when an existing Person registration has been accepted
Entity_Registration_Email_Template_Submitted	Registration_RegistrationSubmittedEmailBodyEntity	The email sent out when a new Entity registration has been submitted
Entity_Registration_Email_Template_Rejection	Registration_EmailMsg_txtEmailNewEntityCRRejection	The email sent out when a new Entity registration has been rejected

Template codes

Code	Description
Codes for Entity and Person emails
{REQUEST_REFERENCE_NUMBER}	The reference number given at registration
{TODAY_DATE}	Current date in short format
{REPORTING_ENTITY_ID}	RE ID used in the website
{REGISTRATION_DATE}	Date of registration
{REJECTION_REASON}	Reason for rejection
Entity Email Codes
{RE_ORG_NAME}	Name of Reporting Entity
{RE_ADMIN_USERCODE}	RE Admin Username
{RE_ADMIN_TITLE}	RE Admin Title
{RE_ADMIN_FIRST_NAME}	RE Admin first name
{RE_ADMIN_LAST_NAME}	RE Admin last name
{RE_ADMIN_USERCODE}	RE Admin username
{RE_ADMIN_OCCUPATION}	RE Admin occupation
{RE_ADMIN_EMAIL}	RE Admin email
{RE_FIRST_ADDRESS_LINE_ONE}	RE first line of address
{RE_FIRST_ADDRESS_TOWN}	RE address town
{RE_FIRST_ADDRESS_CITY}	RE address city
{RE_FIRST_ADDRESS_ZIP}	RE address ZIP
{RE_FIRST_ADDRESS_STATE}	RE address state
{RE_FIRST_ADDRESS_COUNTRY}	RE address country
{RE_ORG_BUSINESS_TYPE}	RE business/agency type
{RE_TAX_REG_NUMBER}	RE tax registration number
Person Email Codes
{PERSON_USERCODE}	Username
{PERSON_TITLE}	Person Title
{PERSON_FIRST_NAME}	Person first name
{PERSON_LAST_NAME}	Person last name
{PERSON_USERCODE}	Username of the Person
{PERSON_OCCUPATION}	Person occupation
{PERSON_EMAIL}	Person email
{PERSON_FIRST_ADDRESS_LINE_ONE}	Person first line of address
{PERSON_FIRST_ADDRESS_TOWN}	Person address town
{PERSON_FIRST_ADDRESS_CITY}	Person address city
{PERSON_FIRST_ADDRESS_ZIP}	Person address ZIP
{PERSON_FIRST_ADDRESS_STATE}	Person address state
{PERSON_FIRST_ADDRESS_COUNTRY}	Person address country

10.3.6 Translations Tab

This tab allows management of the translations of all the codes that appear in the web application, and also those used by the XML Validation service.

The grid has three main columns, Code (the translation code which is the look up code) Text (the default text that is used when a new culture is created) and Context (where the translation is primarily used – some translations may be used in more than one place where they refer to the same data or are semantically the same. The main columns can be filtered, the image below shows the table filtered to show all of the translations that appear in the Entity Registration form, by using the filter RegistrationEntity in the Context filter.

To change a translation, select the arrow on the row to open the possible translations for that code. There will be an entry for each culture that is configured on the system. Change the value of the text for the specific culture and select Save Changes. The image below shows the transaltion of Entity_Incorporation_Country for en-GB being changed.

Any changes made should be reflected in the system immediately.

If there has been a new culture added or deleted by the client and then pushed to the web then IIS will need to be started to accommodate this.

10.3.6.1 Exporting and Importing Translations

From the translations tab it is possible to export and import the translations for editing offline or for sharing language packs between installations.

The exported file will contain a tab for each culture, each row will contain a value for culture code, message code and translation. It is the values in the rows for all tabs that are added to the database when the file is imported, so all translations could be put into one tab if preferred.

An example of an export is given below.

When importing a translations file, any row that matches an existing culture code/message code pair will be overwritten with the new translation, so it is important that a backup is taken before this is done.

Report Code	Code Name	Description
–	UNKNOWN
1	Reverted – Not submitted
2	archived – accepted
3	archived – invalid structure
4	archived – reverted not submitted
5	archived – reverted original copy
6	archived – not submitted
7	archived – waiting to be reverted
8	Approved; scheduled for processing
A	Failed Integration
B	Failed filtering
C	Failed Transformation
D	Failed Loading
E	Failed Validation
F	Success
G	Archived
H	Report Integration in progress
I	Processing
J	Not submitted
K	Loaded; pending filtering
L	Filtered; pending approval
M	Failed Validation; Invalid Structure – ENG
N	Reverted
O	Processed
P	Marked For Rejection
Q	Rejected
R	Submitted; scheduled for validation
S	Transferred
T	Uploaded
U	Validated; scheduled for loading
V	Report Transfer in progress
X	Transferred From Web
Y	XML Bulk Loading in progress
Z	Unexpected Error

11. Troubleshooting

Most of the errors that occur in the goAMLWeb application are after an initial install or upgrade and are usually related to data or configuration. The following sections should help resolve the most common issues.

1.1 Hosting HTTPS and HTTP deployments on the same domain

If there are two goAMLWeb installations (e.g. Production and Test) on the same domain and one is using HTTPS and the other HTTP, once the Session cookie is set in the browser for the HTTPS site it will not be possible to log in to the HTTP site with the same browser. This is because since version 4.4.05.0 the session cookie has the secure attribute set for HTTPS connections and it is set at the domain level, so it will not work for HTTP once it is set for HTTPS.

It is possible to switch between using the two deployments by deleting the cookies for the domain before going to the next site, or by using a sandboxed (incognito) browser for one of the sites.

1.2 Diagnostics

If the system is not behaving as expected, or there are error messages being produced, the first thing to check is the Diagnostics page.
This checks the data integrity and will highlight any common issues with details on how to rectify the problem,

The diagnostics page is only available to the FIU users and is accessed via Admin > Diagnostics.

The page will load and there maybe a few seconds wait while all the checks are done.

Once the page loads if there are any areas in red (as shown below) these should be rectified immediately.

Please follow the instructions provided for each error and remember to take system backups before making any changes. Always remember to restart IIS after any system changes to allow the cache to refresh.

If you need clarification on the instructions or have, some concerns with what is required to fix the error, please contact goSupport providing as much information as possible.

Warnings are shown in yellow (image below) – these do not need to be corrected but highlight data or configuration that is not recommended or that may cause ambiguity.

1.3 Error Logs

Logs pertaining to common or ‘expected’ errors which are usually a result of an issue with the system configuration are written to the application log file. This is in the root of the application on the server in the folder Logs.

A new log file is created for each day, with the file name log_<<yyyymmdd>>.txt

If there are no errors, no log will be written for that day.

The following line in the web.config file configures the location of the log files.

To have the logs written to a different location, change the value attribute to the full path for where the logs should be written. For example: c:\my_goaml_logs\log_.txt

1.3.1 Errors to the FIU admin

Errors that are not handled specifically, are managed by a global ‘handler’ in the web application that catches the error and sends a message to the FIU admin email address.

The user will see an error screen that displays an error ID that they can use to reference when they contact the administrators.

The FIU admin email is set in the cad_admin_email column of the c_application_defaults

Error emails that are sent to the FIU admin account have the subject (where <<error_id>> is the error ID given to the user.

goAMLWeb error – ID <<error_id>>

This can be used to create a rule to forward these messages to a separate folder so that they do not get lost.

The error emails contain the following:

Website version
Database error if applicable
User
Browser
Url requested that resulted in the error
System Error message
Stacktrace

This information is very important for debugging and so it is imperative that the FIU admin and email profile are set up correctly and working.

1.4 Capturing Browser Errors

Sometimes the error may be raised in the browser before it gets to the server. With modern browsers, there is a variety of tools to view the error information, usually by pressing the F12 key to bring up the developer console.

The examples below are using the Chrome There are two places to look for error information. The console and the network.

The console shows any javascript errors that are raised in the current page. To view these press F12 and then select Any javascript errors will be highlighted in red.

Select the Network tab to show the requests made from the browser to the server. Requests with errors will be highlighted in red. Select the error request and the request information will be shown under the Headers, Preview and Response

Most of the useful information will be in the Headers and Response tabs.

1.5 Performance & Security Considerations

1.5.1 Hardware

To have the goAML Web application working correctly it is vital that the IIS server and database are at least the minimum recommended specifications, particularly for memory and CPU speed. Please contact the goAML Project Management team to verify that your infrastructure meets the current requirements.

The application will work on a virtual machine; however, it is imperative that the underlying infrastructure has enough resources to support what has been allocated to the Web and Database servers as well as any other virtual machines that are on the environment.

Memory should always be dedicated to the machines, if the system resources show a high percentage of RAM use this can result in memory paging which will have a significant impact on the performance of the application or even prevent it running all together.

1.5.2 Connection String

It is recommended to use Integrated Security in the connection strings. This means that the username and password is not provided in the connection string. Instead the user that the Application Pool or Process is configured to run as connects to the SQL Server. This means that this user must be configured with the correct permissions.

1.5.3 Server & Security Related Configurations

Output Cache – Ensure that in the config file of the web application the caching is turned on:

After each IIS restart the first time, a page loads may take a few seconds as the page is compiled, but once cached the speed will be significantly faster.

Application Pool Time-Out – We recommend that you increase the AppPool idle timeout to match the session-state and forms timeouts in the web.config.

UploadReadAheadSize – You may consider changing the value of the server Runtime uploadReadAheadSize to “1048576” . You can change this by going to the IIS Manager ‘system.webServer/serverRuntime/uploadReadAheadSize’ for ApplicationHost.config. In the uploadReadAheadSize field. Change to:

“<serverRuntime uploadReadAheadSize=”1048576″/>”

NET Version Disclosure/WA-3 Information Disclosure – This can be changed in the IIS configuration, under HTTP response headers. You can turn off the following:

Server:Microsoft-IIS/7.5

X-AspNet-Version:4.0.30319

X-AspNetMvc-Version:5.2

X-Powered-By:ASP.NET

HTTP Trace Method enabled – To disable HTTP trace method, go to IIS – – > the web Application – – > Request Filtering – – >Http Verbs – – >

Example:

Options Method enabled– Ensure that you have the following in your config file inside the customHeaders open and close tags.

Check Security Rating of the SSL/TLS of your Web Server –

Check the current security rating of the SSL setup on your domain using the website https://www.ssllabs.com/ssltest/. If the security rating is low, the above website mentions the points/vulnerabilities which cause the low rating.

Recommended settings can be done by following the steps below.

Configure the registry entries related to SSL/TLS protocols:
Open the registry editor using regedit.exe

iii. Backup the registry, using the menu File  Export

Details related to the registry settings for various protocols can be referred from: https://technet.microsoft.com/en-gb/library/dn786418.aspx#BKMK_SchannelTR_SSL20
Navigate to the following path in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols
Create or update the following keys in the registry:

Key Name Value (DWORD)

SSL 2.0 Enabled 0

SSL 3.0 Enabled 0

TLS 1.0 Enabled 0 (see updated Ciphers list)

TLS 1.1 Enabled 1

TLS 1.2 Enabled 1

vii. Configure Ciphers:

Open the local group policy editor using gpedit.msc

In the left pane, navigate to Computer Configuration – – > Administrative Templates – – > Network – – > SSL Configuration Settings

Then, in the right pane double-click on SSL Cipher Suite Order.

There are instructions in the editor. You need to concatenate the ciphers below into one string separated by commas. Make sure each one is supported as shown in the group policy editor.

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256

These two are only available in windows 8.1 and server 2012 R2

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Note: The above ciphers should be added as a single string, separated by commas for each cipher. The complete string should not be more than 1023 characters.

viii. Enable the SSL Cipher suite by clicking on “Enabled” radio button on the SSL Cipher suite order popup window, and copy the string generated in the above step in the “SSL Cipher Suites” textbox. Then click on “Apply” button.

After completing steps 3 and 4, re-check the security rating of the SSL setup on your domain, using the website https://www.ssllabs.com/ssltest/

UPDATED CIPHERS LIST FOR TLS 1.2

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

Note: Microsoft recommends disabling TLS 1.0 at the Operating System level. Microsoft Windows NT Server stores information about different security-enhanced channel protocols that Windows NT Server supports

1.5.4 Database tasks

Ensure that daily processes that run on the database (such as the Cleanup in the XML Web and administrative tasks such as automated backups) are set to run outside of reporting hours, preferably overnight.

If there are database replication processes, anti-virus services or any other tasks that are running constantly, consult with the administrators and goAML project management team to ensure that the infrastructure is sufficient that these do not have any adverse effects on the web application.

1.5.5 Messages

Installations that have high levels of reporting can result in very large message board tables. Encouraging users to archive messages and/or delete unwanted messages can help reduce the load on the database.

1.6 Contacting support

If the issue requires support from the goAML team, please raise a ticket and attach as much information as possible. Useful information to include that may be applicable are:

Web application version number
Detailed description of the issue
Repeatable steps that cause the issue so that the developers and testers can replicate the issue and verify any fix. This implies the issue is deterministic. If the problem is just happening on seemingly random occasions, try to see if there are any common factors surrounding when the issue occurs. For example, it might be just happening to one user or at a certain time of day.
Any special circumstances or configuration that may have an effect on the running of the application such as third-party authentication, server proxies, firewall settings, data migration from old systems etc. or any events that happened prior to the issue occurring, such as a recent upgrade or change of hardware etc.
Permissions/Roles of the user experiencing the issue
Browser console and network logs
Event viewer and IIS logs

Providing as much information as possible when raising the ticket greatly increases the speed at which the ticket can be resolved. Make sure that only one issue is raised per ticket.

2. High Availability & Scalability

If you have multiple servers running IIS 7.0 or later version, and you would like to improve scalability and availability of the web applications, please use Network Load Balancer (NLB).

Microsoft recommends that NLB should be the primary and preferred method as opposed to using a failover clustering. Clustering IIS by means of clustering the IIS services doesn’t always guarantee a high availability solution for Web applications.

Please note: The IIS 7.0 installation files incorrectly include the Clusweb.vbs and Clusftp.vbs script files that are used in IIS 6.0 for IIS cluster administrative tasks. Do not use these scripts with IIS 7.0 or a later version.

12.1 Supported Configuration for Load Balancing

The supported configuration for load balancing the web application is to use Sticky sessions (Also called Session Affinity).

The goAMLWeb app only supports sticky sessions in a load balanced configuration for now. – That is, once a session is created, the browser that initiated the request must be routed always to the same server until the session ends. The session state is held in process, so a single session must use the same web server.

We do not recommend using state servers (SQL or otherwise).

Important:

If you are using the goAML Web app in a cluster environment or web farm, you must comment out the existing <machineKey validationKey=”AutoGen… tag in the web.config file and uncomment the one that is using the explicit validation key <!–<machineKey validationKey=”1B666AAA69D7F021605EF…

3. References

3.1 Common Acronyms

Acronym	Description
FIU	Financial Intelligence Unit
RE	Reporting Entity
B2B	Business to Business

3.2 Emails sent from goAML Web

When email is sent	Recipient
New Entity Change Request submission (Registration)	Reporting Entity email address and RE Admin email address
New Entity Change Request acceptance	Reporting Entity email address
New Entity Change Request rejection	Reporting Entity email address
Edit Entity Change Request acceptance	Reporting Entity email address
Edit Entity Change Request rejection	Reporting Entity email address
New Message in the message board (including report acceptance or rejection)	Reporting Entity email address
Report is submitted and validated (or determined invalid)	User email address
New User Change Request submission (Registration)	User email address
New User Change Request acceptance	User email address
New User Change Request rejection	User email address
Edit User Change Request acceptance	User email address
Edit User Change Request rejection	User email address
Password reset link	User email address
Password reset confirmation	User email address

How To Register

1. Overview

1.1. Features

2. Registration

2.1 Initial Setup

2.2 Registration Forms and the Schema

2.3 Creating Delegates

2.3.1 Creating a delegating entity without an Admin user

3. Log in and Selecting or Changing RE for session.

4. Change Requests – (moved)

3.3. Translations of Change Request Type, States and Permissions

Entity Permissions

Person Permissions

Change Request Types

Entity Change Request States

Person Change Request States

3. Managing Users and Entities

3.2 Role Management

3.2.1 Roles for Org or User Type

3.2.2 Add a new role to an organization type

3.2.3 Add a new role for a specific organization

3.2.4 Delete a Role

3.3 User-Role Management

3.4 Permissions Definitions

3.5 Active Users Grid

3.6 Active Organizations Grid

3.6.1 Create new Delegating Organization

3.6.2 Supervisory Body Business Type Mapping

3.7 Passwords

3.7.1 Change password

3.7.2 Forgot Password and Reset Password

3.7.3 Password Expiry

3.7.4 Manually Change the Password in the Database

3.7.5 Password Requirements

3.7.6 Maximum Invalid Password Attempts

4. Reporting

4.2 Web Reports – (moved)

4.2.1 Report Type Configuration

4.3 XML Report Validator

4.4 XML and ZIP Upload (moved)

4.5 Report Grids (moved)

5. XML Web Service

5.2 Configuration

5.2.1 Config file settings

5.2.2 Cleanup settings

5.2.3 Event logs

5.3 Validation Process

5.4 Cleanup Process

5.4.1 Report Cleaning

5.4.2 Message Cleaning

6. Message Board

6.2 Messages and Folders

6.3 Message Board Size Limit

6.4 Message Board Features

6.4.1 Viewing Messages

6.4.2 Sending and Replying

6.4.3 Editing Folders

6.4.4 Move, Delete, Mark Messages

6.4.5 Search Messages

7. Statistics

7.2 Report Definitions

8. B2B

8.2 Open API

9. Administration

9.2 Language and Culture

10.2 Settings Page

10.3 Site Configuration Tab

10.3.1 Site Appearance Tab

10.3.2 Cleanup Tab

10.3.3 3rd Party Portal Tab

10.3.4 Site Content Tab

10.3.4.1 Translating Site Content

10.3.5 Email Templates Tab

10.3.6 Translations Tab

10.3.6.1 Exporting and Importing Translations

11. Troubleshooting

1.1 Hosting HTTPS and HTTP deployments on the same domain

1.2 Diagnostics

1.3 Error Logs

1.3.1 Errors to the FIU admin