Versions Compared

Old Version 13

changes.mady.by.user Unknown User (ivan.lobanov)

Saved on

compared with

New Version 14

changes.mady.by.user Unknown User (ivan.lobanov)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Open the file ...SAMMigration\IndeedCM.Migrate.SAM.exe.config as administrator in a text editor (for example, Notepad) and fill in the following sections:

  • samSettings - SAM data storage connection parameters:

    • MsCAConnectorId - identifier of the connector to Microsoft CA. The value of the parameter can be found in the xml file of the connector in the SAM directory. The default value is: {1A30B883-CD69-4cbb-8D61-E72E9697D8B1}.

      Note

      Default path C:\Program Files\SafeNet\Authentication\SAM\x64\Bin\MsCAConnectorDescriptor.xml


    • connectionString - path to xml file (in the file name, name of the domain where SAM is deployed) with information for connecting to the SAM server.

      Note

      Default path C:\ProgramData\SafeNet\Authentication\SAM\


  • migrateSAMSettings - data migration parameters:
    • ignoreCMCertificateTemplateNotFoundError - card import parameter.
      Can have two values:
      • true - imports from SAM the card and only those certificates on it, for which there is a template created in the Indeed CM policy.

      • false - card is not imported from SAM, if Indeed CM policy does not have at least one template for a certificate issued in SAM.

        Note

        This does not stop the process of importing cards in either case. The attribute is optional, the default value is "false".


    • notIssuedTokenAdminPin - If the card in SAM is in the "registered" state and has never been issued, this parameter specifies the administrator PIN that will be set on the card after transferring it to Indeed CM.
    • issuedTokenAdminPin - if the key-carrier in SAM is in any other state and was issued without initialization, the parameter specifies the administrator PIN, which will be set on the device after migration it to Indeed CM.

    • tokenTypes - a section that should list all devices that need to be migrated from SAM to Indeed CM. You must specify the device model (token, smart card), product name, device color and ATR (Answer To Reset) value.

      Warning

      The ATR value for each device can be obtained from the manufacturer or with third-party software by contacting Indeed-Id Technical Support.

      If the IndeedCM.Migrate.SAM.exe utility encounters a device with a model and product name that are not specified in the tokenTypes section, such devices will not be migrated to the Indeed CM storage, and the utility will display the corresponding error.


  • adPersistenceSettings - parameters of connection to the Indeed CM data repository located in Active Directory. The contents of this section must be identical to the contents of the same name section of the Indeed CM Management Console configuration file (icm\Web.config).
  • sqlPersistenceSettings - the parameters of connection to the Indeed CM datastore in Microsoft SQL environment. By default this section is commented out with the following characters: <! - - . . . - ->. The contents of the section must be identical to the contents of the same name section of the Indeed CM Management Console configuration file (icm\Web.config).
  • adUserCatalogSettings - parameters of connection to the Indeed CM user directorycatalog, located in Active Directory. The contents of the section must be identical to the contents of the same name section of the Indeed CM Management Console configuration file (icm\Web.config).
  • Save the changes.

An example of the populated sections of the IndeedCM.Migrate.SAM.exe.config file is shown below. In the example, SAM is deployed in the demo.local domain, the SAM repository, Indeed CM, and the user directory the user catalog in Active Directory.

Code Block
languagexml
titleExample of a completed section:
<sam80Settings MsCAConnectorId="{1A30B883-CD69-4cbb-8D61-E72E9697D8B1}"
connectionString="C:\ProgramData\SafeNet\Authentication\SAM\demo.local.xml" />
<migrateSAMSettings ignoreCMCertificateTemplateNotFoundError="true"
notIssuedTokenAdminPin="adminpass"
issuedTokenAdminPin="adminpass2">
<tokenTypes>
<tokenType model="Token 12.0.0.0 12.0.12"
productName="SafeNet eToken 5110"
color="8"
atr="3bd5180081313a7d8073c8211030" />
<tokenType model="Token JC"
productName="eToken PRO Java 72K OS755"
color="4"
atr="3bd518008131fe7d8073c82110f4" />
</migrateSAMSettings>
<adPersistenceSettings path="LDAP://CN=Indeed CM,CN=Indeed Identity,
DC=demo,DC=local" userName="DEMO\cmadmin" password="Password1"
cryptoAlgName="AES"
cryptoKey="11d2f5051684451860ad177ebc39b55cacaf2a0a843b05ddf273b955c93ae015" />
<adUserCatalogSettings>
<rootContainers>
<container path="LDAP://OU=SAM_USERS,DC=demo,DC=local" userName="DEMO\cmadmin"
password="Password1" />
</rootContainers>
</adUserCatalogSettings>