Versions Compared

Old Version 1

changes.mady.by.user Pavel Golubnichiy

Saved on

compared with

New Version Current

changes.mady.by.user Pavel Golubnichiy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Warning
iconfalse

All URLs are specified in lowercase.

Switch to C:\inetpub\wwwroot\pam\idp folder and edit appsettings.json file:

ConnectionStrings:

  • Data Source Serveris the name of Microsoft SQL Server or its named instance
  • Initial Catalog Database - is the name of database (IPAMIdP)
  • User ID - is the service account to use with Indeed PAM databases

  • Password - is the password for that service account

    Code Block
    language
xml
  • js
    themeConfluence
    "ConnectionStrings": {
	"DefaultConnection": "
Data Source
  • Server=MSSQLServer;
Initial Catalog
  • Database=IPAMIdP;Integrated Security=False;User ID=IPAMSQLService;Password=password"
}


    Warning
    iconfalse

    If you are using a named instance of Microsoft SQL Server, the value of the

Data Source

  • Server parameter must be set in the format
    <server name>\\<instance name>.

    Code Block
    languagejs
    "ConnectionStrings": {
	"DefaultConnection": "Data Source=MSSQLServer\\Named instance; ..."
}



Database

:

section

In the Provider section, select the DBMS connection provider:

  • mssql - is for the MS SQL Server
  • pgsql - is for the PostgreSQL Pro

Example for the PostgreSQL Pro:

Code Block
languagejs
"Database":{
   "Provider": "pgsql"
},

IdentitySettings

:

section

  • AdminSids - is SID of the user to get access to administrator console and the Roles management. If there are several of them, then the SIDs must be divided by comma

  • GatewaySecret - Hash for client keys for additional authentication of Indeed PAM Gateway

    Note
    iconfalse
    The secret and its hash are generated by the console utility Pam.ConsoleApp.exe (located in \Misc\ConsoleApp folder) when configuring

    Indeed PAM Gateway

    .


  • IdpUrl - is URL Indeed PAM IdP
  • Lang - is the user interface language of the component, set it to "en" value.
  • ConsoleAppClientSecret Hash for client keys for additional authentication of the Console App utility
  • SshProxyClientSecret - Hash for client keys for additional authentication of Indeed PAM SSH Proxy

  • CoreApiSecret - Hash for client keys for additional authentication of PAM Core

    Note
    iconfalse

    The hashes for the GatawaySecret, ConsoleAppClientSecret, SshProxyClientSecret,

    generated when setting up Indeed PAM SSH Proxy in the same way as GatewaySecret

    and CoreApiSecret parameters are generated by the console utility Pam.ConsoleApp.exe


  • Enable2FaCacheForClients - List of client IDs for which the 2nd factor caching will work
  • SecondFaCacheLifetimeSeconds - 2nd factor caching time in seconds
    List of available client IDs:
    • "console-app"
    • "ssh-proxy-app"
    • "pam-management-console"
    • "pam-user-console"

    • "pam-gateway"

      Code Block
      languagejs
firstline5
    • "IdentitySettings":{

    •     "AdminSids": [ "S-1-5-21-1487179672-2651565253-5257550508-0000", "S-1-5-21-1487179672-2651565253-5257550508-0001" ],

    •     "GatewaySecret": "
bQAl17Y58+Htv982eadHmFaDguAPNrjd+Bl9vN0Uw5c
    • 3GRNSuF9p8vEOyP1izZGlyrsJgXTMl7bbyB5B7jS9/8=",
    
    • "
IdpUrl
    • IdpUrls": [ "https://pam.
indeed-id
    • domain.local/pam/idp" ],

    •     "Lang": "en",
    "SigningCertificate": "",

    •     "ConsoleAppClientSecret": ""
    "SshProxyClientSecret": "jAulRBy9VGuC0RbJPsVek10Hm5aUqpLiG3rFsqGgwU0=",
    "CoreApiSecret": "vAiPgdHe6jGyStXmYxYcoeY1xQfNX+
Q/anzbwy6ikV7LS3LvUsCpThBGzUOWWo76Idcy8c1E
    • Yun0BhKBrD3Cw=",
    "Enable2FaCacheForClients": [ "pam-management-console" ],
    "SecondFaCacheLifetimeSeconds": 60
},


PamSettings

:

section

  • ManagementConsoleUrl - URL of Indeed PAM Management Console
  • UserConsoleUrl - URL of Indeed PAM User Console
Code Block
languagexmljs
themeConfluence
"PamSettings": {
	"ManagementConsoleUrl    "ManagementConsoleUrls": [ "https://pam.indeed-iddomain.local/pam/mc" ],
	"UserConsoleUrl    "UserConsoleUrls": [ "https://pam.indeed-iddomain.local/pam/uc" ],
	    "SessionLifetime": 43200
},
EventsSettings:

LogServer section

  • EventCacheDirectory Directorya temporary folder for event writing
  • Url - URL API for the uniform event log
Code Block
languagexmljs
themeConfluence
"EventsSettingsLogServer": {
	  "AppId": "pam",
    "Component": "idp",
  "EventCache": {
    "EventCacheDirectoryDirectory": "C:\\Temp\\ILS\\IdP\\EventCacheDirectory",
    "EventCacheSendingIntervalSecSendingIntervalSec": 10
  },
  "10Server",: {
    "Url": "https://pam.indeed-iddomain.local/ilsls/api",
    "CertificateThumbprint"Certificate": {
      "Thumbprint": "",
      "CertificateFilePathFilePath": "",
      "CertificateFilePasswordFilePassword": ""
    }
  }
},

UserCatalog section

This section is required to search and add users to the Roles. It is filled in the same way as the similar section in the Pam Core settings.

Backtotop
Delay0
Distance250


Divbox
classrightFloat

Table of Contents
printablefalse