System-To-System (S2S) functionality allows an institution to transmit proposals from Kuali Research to Grants.gov. In order to utilize this functionality configuration is required to obtain and setup the necessary S2S certificates. Below outlines the needed configuration and authorization steps related to these certificates. If you are a hosted customer Kuali will work with you directly and make the necessary technical configurations on your behalf to get this setup.
Technical Configuration (Self-Hosted)
If hosted, this required technical configuration will be done by the Kuali team but if you're an on-prem customer the below steps outline the process.
Familiarize yourself with Grants.gov provided instructions.
Build a Java Keystore (JKS) with certificate
- Procure a Certificate from a Certificate Authority (Digicert, Comodo, etc...)
- Kuali Research requires a Java Keystore (JKS) file. You may need to convert what the CA provides to this format.
- Search online for instructions on how to convert from the format provided by your CA to JKS. For example: P12 to JKS
- When importing your certificate to the JKS file, include your organization's DUNS number as the certificate alias.
- Multiple certificates, each aliased with a DUNS number, can reside in a single JKS.
Register with Grants.gov
Grants.gov requires the following information in order to register the certificate:
- Organization name
- Organization Email
- Certificate Serial Number
- Public Certificate PEM file
- Target Grants.gov environment: Training or Production.
Grants.gov certificates will be installed in the instances specified in your request form. The training site will be used for testing and configuration. Those institutions who have never accessed the grants.gov training site must register at https://training.grants.gov/web/grants/register.html before they can log in and authorize the S2S certificate on the training.grants.gov website.
Once a certificate is obtained submit the certificate to Grants.Gov using the provided PDF.When notification that the certificate has been installed, the E-Biz point of Contact needs to log into Grants.Gov and authorize the new AOR. This action needs to be done in both the grants.gov and training.grants.gov sites. See below section on authorizing certificate.
Configuration Parameters - Grants.gov
Update the following parameters in kc-config.xml:
- s2s.keystore.location - The full path to your Keystore.
- s2s.keystore.password - The Keystore Password
- s2s.truststore.location - Path to an updated 'cacerts' file.
- s2s.truststore.password - Password for the cacerts file.
Set System Parameters
- s2s.polling.scheduler.cronExpression = 0 0/20 * * * ? (can be changed to whatever timing you want; default is every 20 minutes)
- PROPOSAL_CONTACT_TYPE=<UNIT_ADMINISTRATOR_TYPE_CODE > for the “Grants.Gov Proposal Contact” type
Once you have submitted your certificates and receive an email from Grants.gov about authorizing you can following the below steps to complete this process:
- Go to the appropriate Grants.gov url (PRD > http://grants.gov; SBX > http://training.grants.gov)
- In the top, right corner of the homepage, click on the LOGIN link.
- From the right hand corner, select the [Login as EBIZ POC] button.
- Enter the user credentials and click the [Login] button.
- Click the Manage Certificates for Organization link
- Click on the SEARCH button
- A list of installed certificates should display. The S2S certificate can be identified by Certificate ID. You will also see YES or NO under the 'Has Roles' Column.
- If the certificate is there, to the right of the certificate you can click the Manage Roles link to assign the needed roles. You would do so by highlighting the AOR role and move the role to the box on the right (Current Roles).
- The above steps will need to be done in both the PRD and Test/Training GG sites.