Versions Compared
compared with
Key
- This line was added.
- This line was removed.
- Formatting was changed.
| Tip | ||
|---|---|---|
| ||
Indeed PAM Core can work as the part of an Active-Active failover cluster. Failover requires one or several additional Indeed PAM Core servers. Load balancing is performed using the HAProxy load balancer. To configure a fault-tolerant configuration, you must contact technical support support@indeed-id.com |
IIS
- Run IIS and switch to Default Web Site
- Select the api application and open the Configuration Editor from Management section
- Open the Section: drop-down list and select system.webServer - serverRuntime item
- Set the uploadReadAheadSize parameter to value of 1048576
- Click Apply in Actions section
Indeed PAM Core
| Warning | ||
|---|---|---|
| ||
All URLs are specified in lowercase. |
IIS
- Запустите Internet Information Services (IIS) Manager и раскройте пункт Сайты (Sites).
- Выберите сайт Indeed.PAM.ApiServer и нажмите Привязки (Bindings) в разделе Действия (Actions).
- Нажмите Добавить (Add):
- Тип (Type) - https.
- Порт (Port) - 4000.
- Выберите SSL-сертификат (SSL Certificate).
- Сохраните привязку.
Конфигурация
Перейдите в каталог Switch to C:\inetpub\wwwroot\Indeed.PAM.ApiServer и откройте для редактирования файл api folder and edit web.config.Заполните секции file:
<logServer … />:
- Url -
- API URL for the uniform event log
| language | xml |
|---|---|
| theme | Confluence |
| title | Пример |
| Code Block |
|---|
<logServer Url="http://logserver.indeed-id. |
local/ils/api" CertificateThumbprint="" CertificateFilePath="" CertificateFilePassword="" /> |
<logServerClient … />:
- EventCacheDirectory -
- a temporary folder for event writing
| Code Block | ||||
|---|---|---|---|---|
|
<logServerClient AppId="pam" Component="server" EventCacheDirectory=" |
C: |
\Temp\ILS\Core\EventCacheDirectory" LogServerTargetConfigFile="" EventCacheSendingIntervalSec="10"/> |
<encryptionSettings ... />:
- cryptoAlgName - is the name of encryption algorithm
- cryptoKey - is encryption key
| Note | ||
|---|---|---|
| ||
The encryption key is generated by the IndeedPAM.KeyGen.exe utility, which is the part of the Indeed PAM distribution and is located in the /Misc directory. |
| Code Block |
|---|
<encryptionSettings cryptoAlgName="DES" cryptoKey="ea06v76ht457t2l8" /> |
<adUserCatalogProvider ... >:
- serverName - is the DNS name of Domain Controller that performs Global Catalog function
- containerPath - is the LDAP path to container or unit to be used as Active Directory user directory
- userName - service account for working with Active Directory user directory
- Password - service account password
| Code Block | ||||
|---|---|---|---|---|
|
<adUserCatalogProvider id="ad" serverName="dc. |
indeed-id. |
local" containerPath=" |
OU= |
organization unit, |
DC= |
indeed-id, |
DC= |
local" userName=" |
IPAMManager" password=" |
password"> |
<connectionStrings> ... </connectionStrings>:
- <add name="DBConnection" ... />:
- Data Source - имя SQL-сервера.Microsoft SQL Server Name or Instance Name
- Initial Catalog - имя базы данных API.
- Integrated Security - тип проверка подлинности.
- User ID - имя для входа сервисной учётной записи для работы с базами данных Indeed PAM. Password - пароль сервисной учётной записи.
- database Name (IPAMCore)
- User ID - service account to use with Indeed PAM databases
- Password - service account password
- <add name="JobsQueueConnectionString" ... />:
- Data Source - Microsoft SQL Server Name or Instance Name
- Initial Catalog - database Name (IPAMTasks)
- User ID - service account to use with Indeed PAM databases
- Password - service account password
An example of connecting to a Microsoft SQL Server database
| Code Block | ||||
|---|---|---|---|---|
|
<connectionStrings> <add name="DBConnection" connectionString="Data Source= |
MSSQLServer;Initial Catalog= |
IPAMCore;Integrated Security=False;User ID= |
IPAMSQLService;Password= |
password" providerName="System.Data.SqlClient" /> |
| Note | ||
|---|---|---|
| ||
| В случае использования SQL Express параметр подключения к серверу необходимо задавать в формате <имя сервера SQL >\<имя инстанса SQL>. |
| language | xml |
|---|---|
| theme | Confluence |
| title | Пример |
<add name=" |
JobsQueueConnectionString" connectionString="Data Source |
=MSSQLServer;Initial Catalog=IPAMTasks;Integrated Security=False;User ID=IPAMSQLService;Password=password" providerName="System.Data.SqlClient" />
</connectionStrings> |
An example of connecting to a PostgreSQL Pro database
| Warning | ||
|---|---|---|
| ||
In the connection string, you need to replace the providerName=''System.Data.SqlClient' with the providerName=''Npgsql' |
value - URL адрес IDP.
| Code Block | ||
|---|---|---|
|
<add key="IdpUrl" value="https://pam.indeed.demo:4003"/>value - IP-адрес сервера Proxy.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<add key="PamProxyIpAddresses" value="192.168.0.100" /> |
value - каталог для временных файлов.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<add key="TempVideoDirectory" value="c:\temp\" /> |
<connectionStrings>
<add name="DBConnection" connectionString="Data Source=PostgreSQLProServer;Initial Catalog=IPAMCore;Integrated Security=False;User ID=IPAMSQLService;Password=password" providerName="Npgsql" />
<add name="JobsQueueConnectionString" connectionString="Data Source=PostgreSQLProServer;Initial Catalog=IPAMTasks;Integrated Security=False;User ID=IPAMSQLService;Password=password" providerName="Npgsql" />
</connectionStrings> |
For PostgreSQL Pro, in the <appSettings> ... </appSettings> section, add the line
| Code Block | ||
|---|---|---|
| ||
<appSettings>
...
<add key="DBMS" value="PostgreSQL" />
</appSettings> |
| Warning | ||
|---|---|---|
| ||
If using a Named Instance of Microsoft SQL Server, the value of the Data Source parameter must be specified in the <Server Name>\<Named instance> format.
|
<add key="IdpUrl" ... />:
- value - URL Indeed PAM IdP
| Note | ||
|---|---|---|
| ||
| На указанный каталог необходимо выдать полные права для пула приложений API. Откройте Свойства (Properties) каталога и перейдите на вкладку Безопасность (Security). Нажмите Редактировать (Edit...), затем Добавить (Add..). Нажмите Размещение... (Location) и выберите локальный ПК. Введите имя локальной учётной записи IIS AppPool\Indeed.PAM.ApiServer или IIS_IUSRS (если используется IIS 7.0), нажмите Проверить имя (Check Names) и ОК. Установите права Полный доступ (Full control) и нажмите Применить (Apply). |
value - каталог для хранения снимков экрана и видеозаписей сессий.
| Code Block | ||||
|---|---|---|---|---|
|
<add key=" |
IdpUrl" value=" |
| Note | ||
|---|---|---|
| ||
| (см. примечание п. 7) |
https://pam.indeed-id.local/idp"/> |
<add key="
DomainAdminGroupNamesPamProxyIpAddresses" … />:
- value -
- Indeed PAM Gateway server IP address
| Code Block | ||||
|---|---|---|---|---|
|
<add key=" |
PamProxyIpAddresses" value=" |
192.168.0.100" /> |
| Backtotop | ||||
|---|---|---|---|---|
|