サポートと今すぐチャット
サポートとのチャット

Identity Manager 8.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using Windows PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

Installing and configuring the SPML web service

To install SPML web service, a server has to be made available on which the following software is already installed:

  • Windows operating systems

    The following versions are supported:

    • Windows Server 2022

    • Windows Server 2019

    • Windows Server 2016

    • Windows Server 2012 R2

    • Windows Server 2012

  • Microsoft .NET Framework Version 4.7.2 or later

  • Microsoft Internet Information Services 10 or 8.5 or 8 or 7.5 or 7 with ASP.NET 4.7.2 and the Role Services:

    • Web Server > Common HTTP Features > Static Content

    • Web Server > Common HTTP Features > Default Document

    • Web Server > Application Development > ASP.NET

    • Web Server > Application Development > .NET Extensibility

    • Web Server > Application Development > ISAPI Extensions

    • Web Server > Application Development > ISAPI Filters

    • Web Server > Security > Basic Authentication

    • Web Server > Security > Windows Authentication

    • Web Server > Performance > Static Content Compression

    • Web Server > Performance > Dynamic Content Compression

Required permissions
  • The user account that the Internet Information Service runs under, needs write access (MODIFY) to the installation directory.

  • The following permissions are required for automatic updating:

    • The user account for updating requires write permissions for the application directory.

    • The user account for updating requires the Log on as a batch job local security policy.

    • The user account running the application pool requires the Replace a process level token and Adjust memory quotas for a process local security policies.

Detailed information about this topic

Installing the SPML Web Service

IMPORTANT: Start the SPML web service installation locally on the server.

To install the SPML web service

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page of the installation wizard:

    1. Change to the Installation tab.

    2. In the Web-based components pane, click Install.

    Starts the Web Installer.

  3. On the Web Installer start page, select Install SPML web service and click Next.

  4. On the Database connection page, do the following:

    TIP: It is recommended to establish a connection through the application server.

    • To use an existing connection to the One Identity Manager database, select it in the Select a database connection menu.

      - OR -

    • To create a new connection to the One Identity Manager database, click Add new connection and enter a new connection .

  5. On the Select setup target page, configure the following settings and click Next.
    Table 191: Settings for the installation target
    Setting Description

    Application name

    Name used as application name, as in the title bar of the browser, for example.

    Target in IIS

    Internet Information Services web page on which to install the application.

    Enforce SSL

    Specifies whether secure or insecure websites are available to install. If the option is set, only sites secured by SSL can be used for installing. This setting is the default value. If this option is not set, insecure websites can be used for installing.

    URL

    The application's Uniform Resource Locator (URL).

    Install dedicated application pool

    Specifies whether an application pool is installed for each application. This allows applications to be set up independently of one another. If this option is set, each application is installed in its own application pool.

    Application pool

    The application pool to use. This can only be entered if the Install dedicated application pool option is not set.

    If you use the DefaultAppPool default value, the application pool has the following syntax:

    <application name>_POOL

    Identity

    Permissions for running an application pool. You can use a default identity or a custom user account.

    If you use the ApplicationPoolIdentity default value, the user account has the following syntax:

    IIS APPPOOL\<application name>_POOL

    You can authorize another user by clicking ... next to the box, enabling the Custom account option and entering the user and password.

    Web authentication

    Type of authentication against the web application. You have the following options:

    • Windows authentication (single sign-on)

      The user is authenticated against the Internet Information Services using their Windows user account and the web application logs in the employee assigned to the user account as role-based. If single sign-on is not possible, the user is diverted to a login page. You can only select this authentication method if Windows authentication is installed.

    • Anonymous

      Login is possible without Windows authentication. The user is authenticated against the Internet Information Services and the web application anonymously, and the web application is directed to a login page.

    Database authentication

    NOTE: You can only see this section if you have selected a SQL database connection on the Database connection page.

    Type of authentication against the One Identity Manager database. You have the following options:

    • Windows authentication

      The web application is authenticated against the One Identity Manager database with the same Windows user account that your application pool uses. Login is possible with a user-defined user account or a default identity for the application pool.

    • SQL authentication

      Authentication is completed with a SQL Server login and password. The SQL Server login from the database connection is used. Use the [...] button to enter a different SQL login, for example, if the application is run with a access level for end users. This access data is saved in the web application configuration as computer specific encrypted.

  6. Specify the user account for automatic updating of the application server on the Set update credentials page.

    The user account is used to add or replace files in the application directory.

    • Set Use IIS credentials for update, if you want to use the user account that is running the application for updates.

    • Set Use other credentials for updates, if you want to use another user account and enter the domain, user name, and password for the user.

  7. Installation progress is displayed on the Setup is running page. Once installation is complete, click Next.

    The Web Installer generates the web application and the corresponding configuration files (web.config) for each folder.

  8. Click Finish on the last page to end the program.

Configuring the SPML web service

The SPML web service configuration is found in the web.config XML file in the installation directory. You can use any text editor to edit this file.

NOTE:

  • After the default installation, make any changes required to the AuthenticationString in the configuration\application.

  • Generate the QOIM_Schema.xsd and QOIM_SpmlTargetSchema.xsd schema files with the Designer‘s Schema Editor. For more information, see Creating schema files. Save the schema files to the SPML web service directory and declare the storage location of the schema files in the configuration file using the ProviderSchema and SpmlTargetSchema options. The files are saved by default to the Schemas directory in the installation directory.

  • If the SPML web service should only be available over an encoded SSL connection, configure this in the Internet Information Services setting for each respective application. Look at your Internet Information Services documentation for further information.

Table 192: Configurable options in the “web.config” configuration file
Section Option Permitted values

Description

connectionString

 

 

Database connection parameter.

runtimedirs

key="Cache"

value = "<path>"

Directory for storing the cache directory.

Default: value="C:\inetpub\wwwroot\<web service name>\App_Data\Cache\DB"

 

key="AssemblyCache"

value = "<path>"

Directory for storing the cache directory.

Default: value="C:\inetpub\wwwroot\<web service name>\App_Data\Cache\Assemblies"

application

key = "ProviderSchema"

value = "<path>"

Relative path to SPML schema (QOIM_Schema.xsd). The schema defines all objects and properties the can be administered using the web service. The file is created by the Designer. All requests made to the web service are verified against this file.

Default: value=".\Schemas\QOIM_Schema.xsd"

 

key = "SpmlTargetSchema"

value = "<path>"

Relative path to the SPML target schema (QOIM_SpmlTargetSchema.xsd). The schema defines the response to the listTargetsRequest. The file is created by the Designer.

Default: value=".\Schemas\QOIM_SpmlTargetSchema.xsd"

 

key = "MaxConnections"

value = "<Integer>"

Number of possible simultaneous connections Number of clients

Default: value ="1"

 

key = „AuthenticationString"

value="Module=;User=;
Password="

Authentication module and login data for carrying out login and all operations of the web service.

Standard: value="Module=DialogUser;User=DIALOGUSER;Password=PASSWORD"

 

key = "DebugMode"

value = "True"

value = "False"

Extended data in the log.

Default: value="true"

 

key = "LogAllRequests"

value = "True"

value = "False"

Always log queries.

Default: value="false"

 

key = "LogDirectory"

value = "<path>"

Log directory.

Default: value=".\Log"

 

key = "MaxSearchResults"

value = "<Integer>"

Maximum number of search results permitted for the iteration.

Default: value="10000"

 

key = "ConcurrentSearchResponseObjects"

value = "<Integer>"

Number of objects per iteration that may be returned to the client by the search operation.

Default: value="10"

 

key = "CheckForUnusedResultsInterval"

value = "<Integer>"

Interval in seconds for scanning orphaned search results.

Default: value="30"

 

key = "KeepSearchResultsFor"

value = "<Integer>"

Interval in seconds the client has to iterate the result set before it is discarded.

Default: value="60"

NOTE: Use aspnet_regiis.exe to encrypt the connection parameter (ConnectionString).

Calling example:

c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pe "application" -app "/<web service name>" -prov "DataProtectionConfigurationProvider"

where: <web service name> = web service path on the Internet Information Services

Uninstalling the SPML Web Service

To uninstall a web application

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page of the installation wizard:

    1. Change to the Installation tab.

    2. In the Web-based components pane, click Install.

    This starts the Web Installer.

  3. On the Web Installer start page, click Uninstall a web application and click Next.

  4. On the Uninstall a web application page, double-click the application that you want to remove.

    The icon is displayed in front of the application.

  5. Click Next.

  6. On the Database connection page, select the database connection and authentication method and enter the corresponding login data.

  7. Click Next.

  8. Confirm the security prompt with Yes.

  9. The uninstall progress is displayed on the Setup is running page.

  10. Once installation is complete, click Next.

  11. On the Wizard complete page, click Finish.

  12. Close the autorun program.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択