Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Indeed Identity PAM Core
Warning | ||
---|---|---|
| ||
All URLs are specified in lowercase. The json format does not allow comments in the file, so you must delete lines beginning with the characters "//" |
Warning | |||||
---|---|---|---|---|---|
| |||||
You need to recycle Indeed.PAM.Core application pool after every change to the configuration file. You can do this in IIS Manager snap-in, or with powershell command
|
Note | ||
---|---|---|
| ||
URL example: https://pam.domain.local/pam/core |
Go to C:\inetpub\wwwroot\pam\core folder and edit appsettings.json file:
ConnectionStrings
- PamCore - IPAMCore database connection string
- JobsQueue - IPAMJobs database connection string
Connection String parameters:
- Server - DBMS server name or named instance
- Database - Database name
- User ID - account to use with Database
Password - account password
Code Block language js "ConnectionStrings": { "PamCore": "Server=sql.domain.local;Database=IPAMCore;Integrated Security=False;User ID=IPAMSQLServiceOps;Password=password", "JobsQueue": "Server=sql.domain.local;Database=IPAMTasks;Integrated Security=False;User ID=IPAMSQLServiceOps;Password=password" },
Warning icon false If using a Named Instance of Microsoft SQL Server, the value of the Server parameter must be specified in the Server Name\\Named instance format.
Code Block language js "PamCore": "Server=sql\\instance; ..."
Database
Provider - DBMS provider
- mssql - Microsoft SQL Server
- pgsql - PostgreSQL, PostgreSQL Pro
Auth
- IdpUrls - Indeed PAM IdP IDP URL address
ApiSecret - Secret for PAM Core component authentication purpose
Excerpt Include Configuring PAM components Configuring PAM components Configuration Configuration nopanel true PamGatewayIpAddresses - Indeed Identity PAM Gateway and SSH PROXY IP Addresses
Code Block language js "Auth": { "IdpUrls": [ "https://pam.domain.local/pam/idp" ], "ApiSecret": "Nkq26+pScsle+rDZ4q77+bITcgFO1wKrCGBHa/EqsthQFn9p5K5TBHlEOJw1MGU1PVvjaNlWobxipvsAreQBNA==", "PamGatewayIpAddresses": "192.168.48.155, 192.168.48.202", "GatewayCertificateValidation": { "Enabled": false, "Filter": "" } },
Encryption
- Algorithm - encryption algorithm
- Key - encryption key
Note | ||
---|---|---|
| ||
The encryption key is generated by the IndeedPAM.KeyGen.exe utility, which is the part of the Indeed Identity PAM distribution and is located in the /Misc directory. |
Code Block | ||
---|---|---|
| ||
"Encryption": { "Algorithm": "AES", "HashAlgorithm": "SHA512", "Key": "4258egk74n834rr93bf458813l7618wq7f1jei9a58915pk511z63n5j0svt1m1o8", "MediaFiles": { "Algorithm": "AES" } }, |
LogServer
- Directory - temporary folder for recording events
Url - Indeed Log Server API URL address
Code Block language js "LogServer": { "AppId": "pam", "Component": "server", "EventCache": { "Directory": "C:\\ILS", "SendingIntervalSec": 10 }, "Server": { "Url": "https://pam.domain.local/ls/api", "Certificate": { "Thumbprint": "", "FilePath": "", "FilePassword": "" } } },
ManagementConsole
Url - management console URL address
Code Block language js "ManagementConsole": { "Url": "https://pam.domain.local/pam/mc" },
UserCatalog
- ServerName - is the DNS name of Domain Controller that performs Global Catalog function
- ContainerPath - is the Distinguished name of Container or OU to be used as Active Directory user directory
- UserName - service account for working with Active Directory user directory
- Password - service account password
Code Block | ||
---|---|---|
| ||
"UserCatalog": { "RootProvider": "ad", "Providers": { "ActiveDirectory": [ { "Id": "ad", "ServerName": "domain.local", "ContainerPath": "DC=domain,DC=local", "UserName": "IPAMADReadOps", "Password": "password", "UserMapRules": { "Settings": [ { "Category": "person", "Class": "user" } ] } } ] } } |
Backtotop | ||||
---|---|---|---|---|
|
Divbox | ||||
---|---|---|---|---|
| ||||
|