Versions Compared
compared with
Key
- This line was added.
- This line was removed.
- Formatting was changed.
| Warning | ||
|---|---|---|
| ||
All URLs are specified in lowercase. |
Перейдите в каталог Switch to C:\inetpub\wwwroot\Indeed.Idp и откройте для редактирования файл idp folder and edit appsettings.json.Заполните секции file:
ConnectionStrings:
- Data Source -
- is the name of Microsoft SQL Server or its named instance
- Initial Catalog -
- is the name of database (IPAMIdP)
- User ID - is the service account to use with Indeed PAM databases
Password - is the password for that service account
| Code Block | ||||
|---|---|---|---|---|
| ||||
"ConnectionStrings": {
"DefaultConnection": "Data Source=MSSQLServer;Initial Catalog=IPAMIdP;Integrated |
Security=False;User ID= |
IPAMSQLService;Password= |
password" |
} |
| Warning | ||
|---|---|---|
| ||
If you are using a named instance of Microsoft SQL Server, the value of the Data Source parameter must be set in the format
|
|
Database:
In the Provider section, select the DBMS connection provider:
- mssql - is for the MS SQL Server
- pgsql - is for the PostgreSQL Pro
Example for the PostgreSQL Pro:
| Code Block | ||
|---|---|---|
| ||
"Database":{
"Provider": "pgsql"
}, |
IdentitySettings:
- AdminSids -
- is SID of the user to get access to administrator console. If there are several of them, then the SIDs must be divided by comma
GatewaySecret - Hash for client keys for additional authentication of Indeed PAM Gateway
Note icon false The secret and its hash are generated by the console utility Pam.ConsoleApp.exe (located in \Misc\ConsoleApp folder) when configuring Indeed PAM Gateway.
- IdpUrl -
- is URL Indeed PAM IdP
- Lang - is the user interface language of the component, set it to "en" value.
- SshProxyClientSecret - Hash for client keys for additional authentication of Indeed PAM SSH Proxy, generated when setting up Indeed PAM SSH Proxy in the same way as GatewaySecret
- Enable2FaCacheForClients - List of client IDs for which the 2nd factor caching will work
- SecondFaCacheLifetimeSeconds - 2nd factor caching time in seconds
List of available client IDs:- "console-app"
- "ssh-proxy-app"
- "pam-management-console"
- "pam-user-console"
- "pam-gateway"
| Code Block | ||||
|---|---|---|---|---|
|
"IdentitySettings":{ "AdminSids": [ "S-1-5-21-1487179672-2651565253-5257550508-0000", "S-1-5-21-1487179672-2651565253-5257550508-0001" ], "GatewaySecret": "bQAl17Y58+Htv982eadHmFaDguAPNrjd+Bl9vN0Uw5c=", "IdpUrl": "https://pam. |
indeed-id.local/idp",
"Lang": "en",
"SigningCertificate": "",
"ConsoleAppClientSecret": ""
"SshProxyClientSecret": "+Q/anzbwy6ikV7LS3LvUsCpThBGzUOWWo76Idcy8c1E=",
"Enable2FaCacheForClients": ["pam-management-console"],
"SecondFaCacheLifetimeSeconds": 60
}, |
PamSettings:
- ManagementConsoleUrl - URL of Indeed PAM Management Console
- UserConsoleUrl - URL
- of Indeed PAM User Console
| Code Block | ||||
|---|---|---|---|---|
|
"PamSettings": { " |
ManagementConsoleUrl": "https://pam.indeed |
-id.local/mc", "UserConsoleUrl": "https://pam.indeed |
-id.local/uc", " |
SessionLifetime": 43200 }, |
EventsSettings:
- EventCacheDirectory - a temporary folder for event writing
- Url - URL API for the uniform event log
| Code Block | ||||
|---|---|---|---|---|
| ||||
"EventsSettings": {
"AppId": "pam",
"Component": "idp",
"EventCacheDirectory": "C:\\Temp\\ILS\\IdP\\EventCacheDirectory",
"EventCacheSendingIntervalSec": "10",
"Url": "https://pam.indeed-id.local/ils/api",
"CertificateThumbprint": "",
"CertificateFilePath": "",
"CertificateFilePassword": ""
}, |
| Backtotop | ||||
|---|---|---|---|---|
|