update documentation

docs/certifications.rst

@@ -0,0 +1,66 @@
+.. _certifications-label:
+
+Certifications
+====================
+
+Overview
+--------
+
+To be bale to upload and store certificates within SEB Server is a new feature since SEB Server version 1.2. This allows an institutional administrator
+or an exam administrator to upload and store certificates for further use within SEB Server.
+
+.. note:: 
+    Certificates uploaded to SEB Server are stored in a secured certificate-store that is stored within the data base rather then a 
+    usual file. The certificated store is password secured and only the binary data of the certificate store is places into the 
+    databease for securty reasons.
+    
+Once a certificate has been uploaded to SEB Server it can be used for various other features of SEB Server where a certificate is needed.
+One feature that also comes with the SEB Server version 1.2 is the ability to encrypt a connection configuration with a certificate
+that has the right purpose (Identity) to do so. If you need this feature already, please have a look at: :ref:`connection-configuration-label`
+Other planed features are the import of certificate encrypted exam configurations as well as to embed certificates within a exam configuration
+to allow certificate pinning between SEB and LMS.
+
+There is currently certificate upload support for two version of certificates:
+
+**PEM**
+
+This are usually non password protected certificates in different file-formats. SEB Server currently supports the following PEM file-formats:
+
+- .pem 
+- .crt
+- .cer
+
+**PKCS12**
+
+This are usually password protected certificates in different file-formats. SEB Server currently supports the following PKCS12 file-formats:
+
+- .p12
+- .pfx
+
+.. image:: images/certificates/cert_list.png
+    :align: center
+    :target: https://raw.githubusercontent.com/SafeExamBrowser/seb-server/master/docs/images/certificates/cert_list.png
+
+
+Use Cases
+---------
+
+**Upload a certificate**
+
+- To upload and store a certificate of supported file type, please open the "SEB Configuration" section and select the "Certificates" page
+- You will see the list of known certificates from the SEB Server like in the picture above.
+- Choose "Import Certificate" from the right action pane and the upload dialog will open.
+- Within the upload dialog, select the certificate file on your local machine that you want to upload.
+- If the certificate is password protected, you will need to give the password to upload the certificate.
+- Chlick on "OK" to start the import.
+- If the import is successful the imported certificate will show up in the list. Otherwise SEB Server will display an error message with the reason of failure.
+
+**Remove / delete a certificate**
+
+- To permanently delete a stored certificate on SEB Server, please open the "SEB Configuration" section and select the "Certificates" page
+- You will see the list of known certificates from the SEB Server like in the picture above.
+- Please select the certificate you want to remove. 
+- Choose "Remove Selected Certificates" from the right action pane and a configuration dialog will appear.
+- If you are sure to delete the selected certificate(s), click on "OK" to delete.
+- The deleted certificates disappear form the certificates list.
+

docs/configurations.rst

@@ -19,10 +19,15 @@ with context defines default values and also to be able to only see change the a
 This feature is currently in an experimental state and may be changed and / or expanded within future releases of SEB Server. See 
 :ref:`config-template-label`
 
+An new feature since SEB Server version 1.2 is the integrated certificate store where an administator is able to upload and register
+certificates. The certificates can then be used to encrypt and secure a connection configuration for example. Or as planed for another
+SEB Server release, to embed into an exam configuration for SEB to allow certificate pinning on SEB - LMS communication.
+
 
 .. toctree::
    :maxdepth: 1
    
    connection_config
    exam_config
-   config_template
+   config_template
+   certifications

docs/connection_config.rst

@@ -55,6 +55,7 @@ Short description of all attributes of a connection configuration:
   **Starting an Exam**; Will cause SEB to use this connection configuration settings on startup but won't change local SEB settings.
   **Configuring a connection**; Will cause SEB to use this connection configuration settings and also save it as local SEB settings.
 - **Configuration Password**: Used to encrypt the connection configuration with a password. A SEB client will prompt this password while loading a password protected connection configuration.
+- **Encrypt with Certificate**: Since version 1.2. Used to encrypt the connection configuration with a certificate. The same certificate must be known by a SEB client to be able to load the configuration.
 - **With Fallback**: Select this to see and define a fallback strategy for SEB clients using this connection configuration in case of SEB Server service unavailability.
 - **Fallback URL**: Defines a start URL that is loaded by the SEB client in a fallback case.
 - **Connection Attempts**: Defines the number of attempts a SEB client will try to unsuccessfully connect to the SEB Server service until it switches to the fallback case.
@@ -89,7 +90,7 @@ configuration settings in the following ways:
 
 - Connection configuration with "Starting an Exam" setting and fallback strategy:
     Show warning with options "retry", "fallback" (load Fallback URL) and "quit".
-
+    
 
 Use Cases
 ---------
@@ -135,3 +136,21 @@ that connects with this connection configuration will then receive an HTTP 401 U
 - Now use the "Deactivate Connection Configuration" action from the right action pane to deactivate the connection configuration.
 - The connection configuration is now deactivated and SEB client using this connection configuration are not able to connect to SEB Server anymore.
 
+**Encrypt the Connection Configuration by password or certificate**
+
+To secure the used connection configuration you want to encrypt it with either password or certificate encryption. If you encrypt a connection
+configuration by password, SEB will promt the user for the password while loading the configuration whereas by using certificate encryption,
+a SEB client must know the same certificate that is been used for encryption while loading the configuration.
+
+- Sign in as an Institutional Administrator and select the "Connection Configuration" sub-menu of the "SEB Configuration" main-menu on the left.
+- Create an new connection configuration or use the list filter and / or the list navigation to find the needed connection configuration.
+- Fill in the settings as usual and for password encryption define a password in the "Configuration Password" field and confirm the password in the "Confirm Password" field.
+- For a certificate based encryption select one of the given certificates within the "Encrypt with Certificate" setting.
+- To upload new certificates that can be used for encryption, please refer to: :ref:`certifications-label`
+- "Use asymmetric only encryption" if you have use SEB Clients with version before 2.2. For more details on this subject please see: `SEB Configuration <https://www.safeexambrowser.org/windows/win_usermanual_en.html#configuration>`_
+- Save and activate the connection configuration. The connection configuration will then be encrypted by either password or certificate on export.
+
+.. image:: images/connection_config/encrypt.png
+    :align: center
+    :target: https://raw.githubusercontent.com/SafeExamBrowser/seb-server/master/docs/images/connection_config/encrypt.png
+

docs/lmssetup.rst

@@ -206,6 +206,20 @@ Once the client registration was successful the client id and client secret can
 
 To be able to create an LMS Setup for Moodle you need a Moodle administrator or manager account. You can then use this account in the LMS Setup to connect the the LMS.
 
+Since SEB Server uses some functions from the Moodles mobile API, you have to make sure the web services for mobile apps are enabled within your Moodle setup.
+To do so please login to Moodel with an administrator account and go to "Side Administration", scroll down to "Mobile App" and choose "Mobile Settings.
+
+.. image:: images/lmssetup/moodle_mobile.png
+    :align: center
+    :target: https://raw.githubusercontent.com/SafeExamBrowser/seb-server/documentation/docs/images/lmssetup/moodle_mobile.png
+    
+If you have a restrictive Moodle setup and troubles with the Moodle API account to use with SEB Server, please try to import the following 
+Moodle role profile within youe Moodle instance. This profile will create a SEB Server role within Moodle that can be used to apply to an 
+API account to be used with SEB Server. The role defines only the necessary privileges and functions needed for SEB Server communication.
+
+Moodle role and account settings: :download:`XML <files/webservice_seb-server.xml>`
+
+
 
 .. _lms-setup-rest-plugin-label:
 

docs/monitoring.rst

@@ -144,4 +144,12 @@ action form the right action pane to open up a pop-up containing all related inf
 
 Currently there is no export functionality to export all interessting SEB client logs to a CSV table for example. But such a feature will probably come
 with a next version of SEB Server.
+
+**Delete filtered client logs**
+
+To delete all currently filtered client logs, please use the "Delete Logs" action form the right action pane. 
+
+.. note:: 
+    On deletion, all available logs will permanantly be deleted from the persistent storage. So please make sure you want to delete all
+    logs that are currently displayed in the list before deleting.