Page History

Switch to C:\inetpub\wwwroot\pam\idp folder and edit appsettings.json file:

ConnectionStrings:

• Server - is the name of Microsoft SQL Server or its named instance
• Database - is the name of database (IPAMIdP)
• User ID - is the service account to use with Indeed PAM databases

• Password - is the password for that service account
  
  

  Code Block
  language js theme Confluence
  "ConnectionStrings": { "DefaultConnection": "Server=MSSQLServer;Database=IPAMIdP;Integrated Security=False;User ID=IPAMSQLService;Password=password" }

  
  

  Warning
  icon false
  If you are using a named instance of Microsoft SQL Server, the value of the Server parameter must be set in the format <server name>\\<instance name>. Code Block language js "ConnectionStrings": { "DefaultConnection": "Data Source=MSSQLServer\\Named instance; ..." }

  
  

Database section

In the Provider section, select the DBMS connection provider:

• mssql - is for the MS SQL Server
• pgsql - is for the PostgreSQL Pro

Example for the PostgreSQL Pro:

"Database":{
   "Provider": "pgsql"
},

IdentitySettings section

• AdminSids - is SID of the user to get access to administrator console and the Roles management. If there are several of them, then the SIDs must be divided by comma

• GatewaySecret - Hash for client keys for additional authentication of Indeed PAM Gateway
  

• IdpUrl - is URL Indeed PAM IdP
• Lang - is the user interface language of the component, set it to "en" value
• ConsoleAppClientSecret - Hash for client keys for additional authentication of the Console App utility
• SshProxyClientSecret - Hash for client keys for additional authentication of Indeed PAM SSH Proxy
  

• CoreApiSecret - Hash for client keys for additional authentication of PAM Core
  

  Note
  icon false
  The hashes for the GatawaySecret, ConsoleAppClientSecret, SshProxyClientSecret, and CoreApiSecret parameters are generated by the console utility Pam.ConsoleApp.exe

  
  

• Enable2FaCacheForClients - List of client IDs for which the 2nd factor caching will work
• SecondFaCacheLifetimeSeconds - 2nd factor caching time in seconds
  List of available client IDs:
  
  • "console-app"
  • "ssh-proxy-app"
  • "pam-management-console"
  • "pam-user-console"

  • "pam-gateway"

    Code Block
    language js
    "IdentitySettings":{ "AdminSids": [ "S-1-5-21-1487179672-2651565253-5257550508-0000", "S-1-5-21-1487179672-2651565253-5257550508-0001" ], "GatewaySecret": "3GRNSuF9p8vEOyP1izZGlyrsJgXTMl7bbyB5B7jS9/8oF/d7eb/qOKgJrb+uA/l/4BVI3/OI3q3Yxq6TsdcHuY=", "IdpUrls": [ "https://pam.domain.local/pam/idp" ], "Lang": "ruen", "SigningCertificate": "", "ConsoleAppClientSecret": "" "SshProxyClientSecret": "jAulRBy9VGuC0RbJPsVek10Hm5aUqpLiG3rFsqGgwU0xAlrki/souxzqK4wrDf4P2AOiGCfV5sA8XdJbj53cAI=", "CoreApiSecret": "vAiPgdHe6jGyStXmYxYcoeY1xQfNX+Yun0BhKBrD3CwzuUOwHHOReDWDw4T/hYT/eMbe4wTEjqlVdmoxJQO1fI=", "Enable2FaCacheForClients": [ "pam-management-console" ], "SecondFaCacheLifetimeSeconds": 60 },

    
    

PamSettings section

• ManagementConsoleUrl - URL of Indeed PAM Management Console
• UserConsoleUrl - URL of Indeed PAM User Console
• CoreApiUrls - URL of Indeed PAM Core

"PamSettings": {
    "ManagementConsoleUrls": [ "https://pam.domain.local/pam/mc" ],
    "UserConsoleUrls": [ "https://pam.domain.local/pam/uc" ],
    "SessionLifetime": 43200
},

LogServer section

• Directory - a temporary folder for event writing
• Url - URL API for the uniform event log
  

"LogServer": {
  "AppId": "pam",
  "Component": "idp",
  "EventCache": {
    "Directory": "C:\\ILS\\IdP",
    "SendingIntervalSec": 10
  },
  "Server": {
    "Url": "	"CoreApiUrls": [ "https://pam.domain.local/lspam/apicore",
    "Certificate": {
      "Thumbprint": "" ],
      "FilePathSessionLifetime": "",
      "FilePassword": ""
    }
  }43200
},

UserCatalog section

This section is required to search and add users to the Roles. It is filled in the same way as the similar section in the Pam Core settings.