Versions Compared
compared with
Key
- This line was added.
- This line was removed.
- Formatting was changed.
| Warning | ||
|---|---|---|
| ||
All URLs are specified in lowercase. |
IIS
- Запустите Internet Information Services (IIS) Manager и раскройте пункт Сайты (Sites).
- Выберите сайт Indeed.Idp и нажмите Привязки (Bindings) в разделе Действия (Actions).
- Нажмите Добавить (Add):
- Тип (Type) - https
- Порт (Port) - 4003
- Выберите SSL-сертификат (SSL Certificate)
- Сохраните привязку
Конфигурация
| Warning | ||
|---|---|---|
| ||
Все URL-адреса указываются в нижнем регистре. |
Перейдите в каталог Switch to C:\inetpub\wwwroot\Indeed.Idp и откройте для редактирования файл idp folder and edit appsettings.json.Заполните секции file:
ConnectionStrings:
- Data Source -
- is the name of Microsoft SQL Server or its named instance
- Initial Catalog -
- is the name of database (IPAMIdP)
- User ID -
- is the service account to use with Indeed PAM databases
Password - is the password for that service account
| Code Block | ||||
|---|---|---|---|---|
|
"ConnectionStrings": {
"DefaultConnection": "Data Source= |
MSSQLServer;Initial Catalog= |
IPAMIdP;Integrated Security=False;User ID= |
IPAMSQLService;Password= |
password" } |
| Warning |
|---|
|
| |
If you are using a named instance of Microsoft SQL Server |
| language | xml |
|---|---|
| theme | Confluence |
| title | Пример |
, the value of the Data Source parameter must be set in the format
|
|
|
|
Database:
In the Provider section, select the DBMS connection provider:
- mssql - is for the MS SQL Server
- pgsql - is for the PostgreSQL Pro
Example for the PostgreSQL Pro:
| Code Block | ||
|---|---|---|
| ||
"Database":{
"Provider": "pgsql"
}, |
IdentitySettings:
- AdminSids -
- is SID of the user to get access to administrator console. If there are several of them, then the SIDs must be divided by comma
GatewaySecret - Hash for client keys for additional authentication of Indeed PAM Gateway
Note icon false The secret and its hash are generated by the console utility Pam.ConsoleApp.exe (located in \Misc\ConsoleApp folder) when configuring Indeed PAM Gateway.
- IdpUrl - is URL
- Indeed PAM
- IdP
- Lang - is the user interface language of the component, set it to "en" value.
- SshProxyClientSecret - Hash for client keys for additional authentication of Indeed PAM SSH Proxy, generated when setting up Indeed PAM SSH Proxy in the same way as GatewaySecret
- Enable2FaCacheForClients - List of client IDs for which the 2nd factor caching will work
- SecondFaCacheLifetimeSeconds - 2nd factor caching time in seconds
List of available client IDs:- "console-app"
- "ssh-proxy-app"
- "pam-management-console"
- "pam-user-console"
- "pam-gateway"
| Code Block | |
|---|---|
|
|
| ||
"IdentitySettings":{ "AdminSids": [ "S-1-5-21-1487179672-2651565253-5257550508-0000", "S-1-5-21-1487179672-2651565253-5257550508-0001" ], "GatewaySecret": "bQAl17Y58+Htv982eadHmFaDguAPNrjd+Bl9vN0Uw5c=", "IdpUrl": "https://pam. |
indeed-id.local/idp",
"Lang": "en",
"SigningCertificate": "",
"ConsoleAppClientSecret": ""
"SshProxyClientSecret": "+Q/anzbwy6ikV7LS3LvUsCpThBGzUOWWo76Idcy8c1E=",
"Enable2FaCacheForClients": ["pam-management-console"],
"SecondFaCacheLifetimeSeconds": 60
}, |
PamSettings:
- ManagementConsoleUrl -
- URL of Indeed PAM Management Console
- UserConsoleUrl - URL
- of Indeed PAM User Console
| Code Block | ||||
|---|---|---|---|---|
|
"PamSettings": { " |
ManagementConsoleUrl": "https://pam.indeed |
-id.local/mc", "UserConsoleUrl": "https://pam.indeed |
-id.local/uc", " |
SessionLifetime": 43200 }, |
EventsSettings:
- EventCacheDirectory - a temporary folder for event writing
- Url - URL API for the uniform event log
| Code Block | ||||
|---|---|---|---|---|
| ||||
"EventsSettings": {
"AppId": "pam",
"Component": "idp",
"EventCacheDirectory": "C:\\Temp\\ILS\\IdP\\EventCacheDirectory",
"EventCacheSendingIntervalSec": "10",
"Url": "https://pam.indeed-id.local/ils/api",
"CertificateThumbprint": "",
"CertificateFilePath": "",
"CertificateFilePassword": ""
}, |
| Backtotop | ||||
|---|---|---|---|---|
|