Overview
The eRA Commons Validation Service in Kuali Research allows a proposal to validate against NIH validations in eCommons prior to submit to avoid errors that may occur upon the sponsor validation. In order to enable eRA Commons Validation service in Kuali Research there are steps required in eRA Commons to set up a system account, linking a web services certificate (for both eRA Commons test and PRD), setting up the keystore parameters in kuali research, and lastly enabling the necessary parameter in Kuali Research.
If you are a hosted school with Kuali please submit a support ticket in Zendesk to request this functionality and we will work with you to get this enabled/configured. For on premises implementations please see the configuration information Also, if there are any questions on the process or if you need any assistance please don't hesitate to reach out to Kuali .
Setting up the NIH eRA Commons Certificate
NIH eRA Commons S2S Setup information and links:
- Create System Accounts (pg. 28) - https://era.nih.gov/files/ams_user_guide.pdf
- Web Services Certificate Guide - https://grants.nih.gov/grants/electronicreceipt/files/S2S_Web_Services_Guide.pdf
- eRA Commons Demonstration/Testing Site: https://public.uat.era.nih.gov/commons/
Work with institutional users with the SO role in eRA Commons, as they have the privileges necessary to register the certificate in NIH AMS.
Also, be sure your institution has set up an account under the eRA Commons Demo/Testing Site before starting this process. Information on requesting a non-production Commons account to access Ext-UAT can be found here: https://grants.nih.gov/grants/ElectronicReceipt/system_testing.htm
Create System Account in NIH eRA Commons:
Login to the eRA Commons demo/testing site and go to Admin>Accounts>Account Management. Do open search for User Type 'System' to make sure none already exist. Click the 'Create New Account' button at bottom and use below information:
- User Type: System
- Primary Organization: should auto-fill
- Certificate Owner: Kuali, Inc
- Certificate Provider/Authority: DigiCert Assured G2 SMIME RSA4096 SHA384 2024 CA1
- Certificate Serial Number: can be assigned (for hosted, this will be provided by Kuali). Must be 32 characters - if serial number provided is only 31 characters add a leading zero.
- Contact Information: enter admin you want contacted for this role
- AMS Roles: SVS_APPLICANT_DATA_SERV, APPLICANT_RETRIEVAL_DATA_SERV, SERVICE_PROVIDER_ROLE
Check acknowledgement statement and then 'Create'. This should be the steps necessary to establish the link required for the NIH Validation Service in your non-PRD environments; the same steps will need to be taken in PRD eRA Commons to connect the service in PRD. Make sure to then set the necessary configuration in Kuali Research.
Updating the Certificate Serial Number
Also, when the Grants.gov certificate is renewed (every 3 years) the certification serial number associated with this system user will have to be updated in eCommons. You will need to lookup the created system user under the above roles and update the associated Certificate Serial Number. Go to Admin>Accounts>Account Management and do an open search for User Type 'System' and one of the above roles to find the existing system user; edit and update the certificate serial number. Kuali will reach out to you well before expiration with the necessary steps and this will be part of that renewal process.
Configuration Required in Kuali
- Enable_NIH_Service - set to Y
- Enable_NIH_Service_Caching - set to Y
- Show_Section_In_Data_Validation - recommend setting to 'N' which will hide the section column in the validation window and better display the eCommons validations text.
- NIH Validation Mapping - maintenance table that comes with out-of-the-box validation messages loaded but it can be configured to customize the messages and if it fires as an error/warning if desired.
On Premise Required Configuration
If you're running Kuali Research locally (not hosted) the below technical configuration is required to get the NIH Validation service enabled.
Get Serial Number:
To get the Serial Number required for the above mentioned certification process you can use the following command:
`keytool -list -v -keystore <path to keystore> | grep "Serial number:"`
It will ask for a password which is set by the institution when they set up the keystore at the beginning (also in the config XML). Enter the password and the output will come back as: `Serial number: ...........`.
Set keystore parameters:
The keystore parameters for NIH are below; the password will need to be set accordingly. If you wish you can have the same settings/certificate for the Grants.gov and NIH eCommons so they would have the same values in both places.
<param name="nih.gov.s2s.keystore.location">path to keystore</param>
<param name="nih.gov.s2s.keystore.password">keystore password</param>
<param name="nih.gov.s2s.truststore.location">path to truststore</param>
<param name="nih.gov.s2s.truststore.password">truststore password</param>
<param name="nih.gov.s2s.cert.algorithm">TLSv1.2</param>
<param name=“nih.gov.s2s.cn.check">${dev.mode}</param>
<param name="nih.gov.s2s.host.production">https://services.external.era.nih.gov/svs/services/</param>
<param name="nih.gov.s2s.host.development">https://services.external.uat.era.nih.gov/svs/services/</param>
<param name="nih.gov.s2s.host">${nih.gov.s2s.host.development}</param>
<param name="nih.gov.s2s.port">SubmissionValidationService</param>
Comments
0 comments
Article is closed for comments.