Versions Compared

Old Version 34

changes.mady.by.user Maksim Kuzmov

Saved on

compared with

New Version Current

changes.mady.by.user Pavel Golubnichiy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


IIS

  1. Запустите Internet Information Services (IIS) Manager и раскройте пункт Сайты (Sites).
  2. Выберите сайт Indeed.Idp и нажмите Привязки (Bindings) в разделе Действия (Actions).
  3. Нажмите Добавить (Add):
    1. Тип (Type) - https
    2. Порт (Port) - 4003
    3. Выберите SSL-сертификат (SSL Certificate)
  4. Сохраните привязку

Конфигурация

Warning
iconfalse

Все URL-адреса указываются в нижнем регистре.

All URLs are specified in lowercase.

Перейдите в каталог Switch to C:\inetpub\wwwroot\Indeed.Idp, откройте для редактирования файл idp folder and edit appsettings.jsonи заполните секции file:

ConnectionStrings:

  • Data Source - имя SQL сервера is the name of Microsoft SQL Server or its named instance
  • Initial Catalog - имя базы данных Indeed PAM IDPIntegrated Security - тип проверки подлинности (оставить без изменений is the name of database (IPAMIdP)
  • User ID -  сервисная учётная запись для работы с базами данных is the service account to use with Indeed PAM databases

  • Password - пароль сервисной учётной записи is the password for that service account


Code Block
languagexml
themeConfluence
"ConnectionStrings": {
	"DefaultConnection": "Data Source=sqlserverMSSQLServer;Initial Catalog=idppamIPAMIdP;Integrated Security=False;User ID=SQLservicePAMIPAMSQLService;Password=123456password"
}


Warning
iconfalse

В случае использования именованного экземпляра If you are using a named instance of Microsoft SQL Server значение параметра Data Source необходимо задавать в формате <имя сервера>\\<имя экземпляра>, the value of the Data Source parameter must be set in the format
<server name>\\<instance name>.

Code Block
"ConnectionStrings": {
	"DefaultConnection": "Data Source=sqlserverMSSQLServer\\SQLEXPRESSNamed instance; ..."
}


Database:

In the Provider section, select the DBMS connection provider:

  • mssql - is for the MS SQL Server
  • pgsql - is for the PostgreSQL Pro

Example for the PostgreSQL Pro:

Code Block
languagejs
"Database":{
   "Provider": "pgsql"
},

IdentitySettings:

  • AdminSids - SID пользователя, который получит доступ к консоли администратора, если пользователей несколько, то их SID указывается через запятую
  • IdpUrl - URL адрес Indeed PAM IDP
  • is SID of the user to get access to administrator console. If there are several of them, then the SIDs must be divided by comma

  • GatewaySecret - Hash for client keys for additional authentication of Indeed PAM Gateway

    Note
    iconfalse

    The secret and its hash are generated by the console utility Pam.ConsoleApp.exe (located in \Misc\ConsoleApp folder) when configuring Indeed PAM Gateway.


  • IdpUrl - is URL Indeed PAM IdP
  • Lang - is the user interface language of the component, set it to "en" value.
  • SshProxyClientSecret - Hash for client keys for additional authentication of Indeed PAM SSH Proxy, generated when setting up Indeed PAM SSH Proxy in the same way as GatewaySecret
  • Enable2FaCacheForClients - List of client IDs for which the 2nd factor caching will work
  • SecondFaCacheLifetimeSeconds - 2nd factor caching time in seconds
    List of available client IDs:
    • "console-app"
    • "ssh-proxy-app"
    • "pam-management-console"
    • "pam-user-console"
    • "pam-gateway"
Code Block
languagejs
firstline5
Code Block
languagexml
themeConfluence
"IdentitySettings":{
	"AdminSids": [ "S-1-5-21-1487179672-2651565253-5257550508-0000", "S-1-5-21-1487179672-2651565253-5257550508-0001" ],
	"GatewaySecret": "bQAl17Y58+Htv982eadHmFaDguAPNrjd+Bl9vN0Uw5c=", 
	"IdpUrl": "https://pam.domain.demo:4003"
}indeed-id.local/idp",
	"Lang": "en",
    "SigningCertificate": "",
	"ConsoleAppClientSecret": ""
    "SshProxyClientSecret": "+Q/anzbwy6ikV7LS3LvUsCpThBGzUOWWo76Idcy8c1E=",
    "Enable2FaCacheForClients": ["pam-management-console"],
    "SecondFaCacheLifetimeSeconds": 60
},


PamSettings:

  • AdminConsoleUrl ManagementConsoleUrl - URL адрес  URL of Indeed PAM Management Console
  • UserConsoleUrl - URL адрес of Indeed PAM User Console
  • ProxySessionLifeTime - максимальное время жизни сессии, значение указывается в секундах (оставить без изменений)
Code Block
languagexml
themeConfluence
"PamSettings": {
	"AdminConsoleUrlManagementConsoleUrl": "https://pam.indeed.demo:4001-id.local/mc",
	"UserConsoleUrl": "https://pam.indeed.demo:4002-id.local/uc",
	"ProxySessionLifetimeSessionLifetime": 43200
},

EventsSettings:

  • EventCacheDirectorya temporary folder for event writing
  • Url - URL API for the uniform event log
Code Block
languagexml
themeConfluence
"EventsSettings": {
	"AppId": "pam",
    "Component": "idp",
    "EventCacheDirectory": "C:\\Temp\\ILS\\IdP\\EventCacheDirectory",
    "EventCacheSendingIntervalSec": "10",
    "Url": "https://pam.indeed-id.local/ils/api",
    "CertificateThumbprint": "",
    "CertificateFilePath": "",
    "CertificateFilePassword": ""
},

Backtotop
Delay0
Distance250