You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Open the file ...SAMMigration\IndeedCM.Migrate.SAM.exe.config as administrator in a text editor (for example, Notepad) and fill in the following sections:

  • samSettings - SAM data storage connection parameters:
    • MsCAConnectorId - identifier of the connector to Microsoft CA. The value of the parameter can be found in the xml file of the connector in the SAM directory. The default value is: {1A30B883-CD69-4cbb-8D61-E72E9697D8B1}.

      Default path C:\Program Files\SafeNet\Authentication\SAM\x64\Bin\MsCAConnectorDescriptor.xml

    • connectionString - path to xml file (in the file name, name of the domain where SAM is deployed) with information for connecting to the SAM server.

      Default path C:\ProgramData\SafeNet\Authentication\SAM\

  • migrateSAMSettings - data migration parameters:
    • ignoreCMCertificateTemplateNotFoundError - card import parameter.
      Can have two values:
      • true - imports from SAM the card and only those certificates on it, for which there is a template created in the Indeed CM policy.
      • false - card is not imported from SAM, if Indeed CM policy does not have at least one template for a certificate issued in SAM.

        This does not stop the process of importing cards in either case. The attribute is optional, the default value is "false".

    • notIssuedTokenAdminPin - If the card in SAM is in the "registered" state and has never been issued, this parameter specifies the administrator PIN that will be set on the card after transferring it to Indeed CM.
    • issuedTokenAdminPin - if the key-carrier in SAM is in any other state and was issued without initialization, the parameter specifies the administrator PIN, which will be set on the device after migration it to Indeed CM.
    • tokenTypes - a section that should list all devices that need to be migrated from SAM to Indeed CM. You must specify the device model (token, smart card), product name, device color and ATR (Answer To Reset) value.

      The ATR value for each device can be obtained from the manufacturer or with third-party software by contacting Indeed-Id Technical Support.

      If the IndeedCM.Migrate.SAM.exe utility encounters a device with a model and product name that are not specified in the tokenTypes section, such devices will not be migrated to the Indeed CM storage, and the utility will display the corresponding error.

  • adPersistenceSettings - parameters of connection to the Indeed CM data repository located in Active Directory. The contents of this section must be identical to the contents of the same name section of the Indeed CM Management Console configuration file (icm\Web.config).
  • sqlPersistenceSettings - the parameters of connection to the Indeed CM datastore in Microsoft SQL environment. By default this section is commented out with the following characters: <! - - . . . - ->. The contents of the section must be identical to the contents of the same name section of the Indeed CM Management Console configuration file (icm\Web.config).
  • adUserCatalogSettings - parameters of connection to the Indeed CM user directory, located in Active Directory. The contents of the section must be identical to the contents of the same name section of the Indeed CM Management Console configuration file (icm\Web.config).
  • Save the changes you've made.

An example of the populated sections of the IndeedCM.Migrate.SAM.exe.config file is shown below. In the example, SAM is deployed in the demo.local domain, the SAM repository, Indeed CM, and the user directory in Active Directory:

Example of a completed section:
<sam80Settings MsCAConnectorId="{1A30B883-CD69-4cbb-8D61-E72E9697D8B1}"
connectionString="C:\ProgramData\SafeNet\Authentication\SAM\demo.local.xml" />
<migrateSAMSettings ignoreCMCertificateTemplateNotFoundError="true"
notIssuedTokenAdminPin="adminpass"
issuedTokenAdminPin="adminpass2">
<tokenTypes>
<tokenType model="Token 12.0.0.0 12.0.12"
productName="SafeNet eToken 5110"
color="8"
atr="3bd5180081313a7d8073c8211030" />
<tokenType model="Token JC"
productName="eToken PRO Java 72K OS755"
color="4"
atr="3bd518008131fe7d8073c82110f4" />
</migrateSAMSettings>
<adPersistenceSettings path="LDAP://CN=Indeed CM,CN=Indeed Identity,
DC=demo,DC=local" userName="DEMO\cmadmin" password="Password1"
cryptoAlgName="AES"
cryptoKey="11d2f5051684451860ad177ebc39b55cacaf2a0a843b05ddf273b955c93ae015" />
<adUserCatalogSettings>
<rootContainers>
<container path="LDAP://OU=SAM_USERS,DC=demo,DC=local" userName="DEMO\cmadmin"
password="Password1" />
</rootContainers>
</adUserCatalogSettings>



  • No labels