You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 52 Current »

All URLs are specified in lowercase.

Switch to C:\inetpub\wwwroot\idp folder and edit appsettings.json file:

ConnectionStrings:

  • Data Sourceis the name of Microsoft SQL Server or its named instance
  • Initial Catalog - is the name of database (IPAMIdP)
  • User ID - is the service account to use with Indeed PAM databases

  • Password - is the password for that service account

"ConnectionStrings": {
	"DefaultConnection": "Data Source=MSSQLServer;Initial Catalog=IPAMIdP;Integrated Security=False;User ID=IPAMSQLService;Password=password"
}

If you are using a named instance of Microsoft SQL Server, the value of the Data Source parameter must be set in the format
<server name>\\<instance name>.

"ConnectionStrings": {
	"DefaultConnection": "Data Source=MSSQLServer\\Named instance; ..."
}

Database:

In the Provider section, select the DBMS connection provider:

  • mssql - is for the MS SQL Server
  • pgsql - is for the PostgreSQL Pro

Example for the PostgreSQL Pro:

"Database":{
   "Provider": "pgsql"
},

IdentitySettings:

  • AdminSids - is SID of the user to get access to administrator console. If there are several of them, then the SIDs must be divided by comma

  • GatewaySecret - Hash for client keys for additional authentication of Indeed PAM Gateway

    The secret and its hash are generated by the console utility Pam.ConsoleApp.exe when configuring Indeed PAM Gateway.

  • IdpUrl - is URL Indeed PAM IdP
  • Lang - is the user interface language of the component, set it to "en" value.
  • SshProxyClientSecret - Hash for client keys for additional authentication of Indeed PAM SSH Proxy, generated when setting up Indeed PAM SSH Proxy in the same way as GatewaySecret
  • Enable2FaCacheForClients - List of client IDs for which the 2nd factor caching will work
  • SecondFaCacheLifetimeSeconds - 2nd factor caching time in seconds
    List of available client IDs:
    • "console-app"
    • "ssh-proxy-app"
    • "pam-management-console"
    • "pam-user-console"
    • "pam-gateway"
"IdentitySettings":{
	"AdminSids": [ "S-1-5-21-1487179672-2651565253-5257550508-0000", "S-1-5-21-1487179672-2651565253-5257550508-0001" ],
	"GatewaySecret": "bQAl17Y58+Htv982eadHmFaDguAPNrjd+Bl9vN0Uw5c=", 
	"IdpUrl": "https://pam.indeed-id.local/idp",
	"Lang": "en",
    "SigningCertificate": "",
	"ConsoleAppClientSecret": ""
    "SshProxyClientSecret": "+Q/anzbwy6ikV7LS3LvUsCpThBGzUOWWo76Idcy8c1E=",
    "Enable2FaCacheForClients": ["pam-management-console"],
    "SecondFaCacheLifetimeSeconds": 60
},


PamSettings:

  • ManagementConsoleUrl - URL of Indeed PAM Management Console
  • UserConsoleUrl - URL of Indeed PAM User Console
"PamSettings": {
	"ManagementConsoleUrl": "https://pam.indeed-id.local/mc",
	"UserConsoleUrl": "https://pam.indeed-id.local/uc",
	"SessionLifetime": 43200
},

EventsSettings:

  • EventCacheDirectorya temporary folder for event writing
  • Url - URL API for the uniform event log
"EventsSettings": {
	"AppId": "pam",
    "Component": "idp",
    "EventCacheDirectory": "C:\\Temp\\ILS\\IdP\\EventCacheDirectory",
    "EventCacheSendingIntervalSec": "10",
    "Url": "https://pam.indeed-id.local/ils/api",
    "CertificateThumbprint": "",
    "CertificateFilePath": "",
    "CertificateFilePassword": ""
},




  • No labels