Versions Compared

Old Version 2

changes.mady.by.user Unknown User (anastasia.antonenko)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (anastasia.antonenko)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: /indeed-identity/indeed-pam - path fixed.

Enabling RDP File Signing

To do so you need to edit the Rdp section of the Core configuration file located along the path listed below:

Windows

C:\inetpub\wwwroot\pam\core

Code Block
languagejs
 "Rdp": {
    "UseRemoteApp": false,
    "SignRdpFile": true,
    "Certificate": "16c214ba7dec702a7ce5e4ac727502b0c0d448e2",
    "Password": ""
  },

Linux

/etc/indeed-identity/indeed-pam/core

Code Block
languagejs
 "Rdp": {
    "UseRemoteApp": false,
    "SignRdpFile": true,
    "Certificate": "/etc/",
    "Password": "1234"
  },

Description of the Parameters of the Rdp Section of Configuration File

  • SignRdpFile — enable RDP file signature
  • Certificate — certificate thumbprint or path to the certificate itself
  • Password — certificate password. Should be specified if Certificate is a path to the certificate itself

After editing the configuration file restart the Core component.

Windows

Restart IIS.

Linux

Go to the folder /etc/indeed-identity/indeed-pam:

Code Block
languagebash
cd /etc/indeed-identity/indeed-pam

Restart the Indeed Identity PAM Core component:

Code Block
languagebash
sudo docker compose -f docker-compose.management-server.yml up -d core --force-recreate
or
sudo docker-compose -f docker-compose.management-server.yml up -d core --force-recreate

Certificate Setup

To enable RDP file signing, you need a certificate issued by a certification authority.

Note

All actions described below take place on a management server with the Core component installed.

Windows with Fingerprint

  1. Add the certificate to your computer's personal storage.

  2. Open certificate menu, select All TasksManage Private Keys....
  3. Click Add..., in the window that opens, click Locations..., select local computer OK.
  4. In the Enter the object names to select field enter IIS_IUSRSOK.

  5. Edit the configuration file by specifying the certificate thumbprint without a password.

Linux with Key Importing in PFX Format

Import a certificate in PFX format with a private key and password in the folder: /etc/indeed-identity/indeed-pam/keys/rdp-sign.pfx.

Edit the configuration file, specifying the path to the certificate and the password.

To the following file /etc/indeed-identity/indeed-pam/docker-compose.management-server.yml in the core - volumes section add the following line to organize certificate forwarding to the container:

Code Block
volumes:
      - ./core/events:/var/lib/indeed/indeed-pam/events
      - ./core/appsettings.json:/app/appsettings.json:ro
      - ./keys/shared/protector:/etc/indeed/indeed-pam/keys/shared/protector:ro
      - ./keys/core:/etc/indeed/indeed-pam/keys/core:ro
      - ./ca-certificates:/usr/local/share/ca-certificates:ro
      - ./logs/core:/app/logs
      - ./keys/rdp-sign.pfx:/etc/indeed/indeed-pam/keys/rdp-sign.pfx




Divbox
classrightFloat

Table of Contents
printablefalse