To install the SOAP Web Service, you must provide a server on which the following software is already installed:
Required permissions
-
The user account that the Internet Information Service runs under, needs write access (MODIFY) to the installation directory.
-
The following permissions are required for automatic updating:
-
The user account for updating requires write permissions for the application directory.
-
The user account for updating requires the local security policy Log on as a batch job.
-
The user account running the application pool requires the local security policies Replace a process level token and Adjust memory quotas for a process.
Detailed information about this topic
IMPORTANT: Start the SOAP Web Service installation locally on the server.
To install the SOAP Web Service
-
Launch autorun.exe from the root directory of the One Identity Manager installation medium.
-
Go to the Installation tab and select the entry Web based components and click Install. Starts the Web Installer.
-
On the start page of the Web Installer, select Install SOAP Web Service and click Next.
-
On the Database connection page, enter the connection data for the One Identity Manager database and click Next.
-
On the Select setup target page, configure the following settings and click Next.
Table 188: Settings for the installation target
| Application name |
Name used as application name, as in the title bar of the browser, for example. |
| Target in IIS |
Internet Information Services web page on which to install the application. |
| Enforce SSL |
Specifies whether insecure websites are available for installation. If the option is set, only sites secured by SSL can be used for installing. This setting is the default value. If this option is not set, insecure websites can be used for installing. |
|
URL |
The application's Uniform Resource Locator (URL). |
| Install dedicated application pool |
Specifies whether an application pool is installed for each application. This allows applications to be set up independently of one another. If this option is set, each application is installed in its own application pool. |
| Application pool |
The application pool to use. This can only be entered if the Install dedicated application pool option is not set.
If you use the DefaultAppPool default value, the application pool has the following syntax:
<application name>_POOL |
| Identity |
Permissions for executing an application pool. You can use a default identity or a custom user account.
If you use the ApplicationPoolIdentity default value, the user account has the following syntax:
IIS APPPOOL\<application name>_POOL
You can authorize another user by clicking ... next to the box, enabling the Custom account option and entering the user and password. |
| Web authentication |
Specifies the type for authentication against the web application. You have the following options:
- Windows authentication (single sign-on)
The user is authenticated against the Internet Information Services using their Windows user account and the web application logs in the employee assigned to the user account as role-based. If single sign-on is not possible, the user is diverted to a login page. You can only select this authentication method if Windows authentication is installed.
- Anonymous
Login is possible without Windows authentication. The user is authenticated against the Internet Information Services and the web application anonymously, and the web application is directed to a login page. |
| Database authentication |
NOTE: You can only see this section if you have selected a SQL database connection on the Database connection page.
Specifies the type for authentication against the One Identity Manager database. You have the following options:
- Windows authentication
The web application is authenticated against the One Identity Manager database with the same Windows user account that your application pool uses. Login is possible with a user-defined user account or a default identity for the application pool.
- SQL authentication
Authentication is completed with a SQL Server login and password. The SQL Server login from the database connection is used. Use the [...] button to enter a different SQL login, for example, if the application is executed with a access level for end users. This access data is saved in the web application configuration as computer specific encrypted. |
-
Specify the user account for automatic updating of the application server on the Set update credentials page.
-
The user account is used to add or replace files in the application directory.
-
Set Use IIS credentials for update, if you want to use the user account that is running the application for updates.
-
Set Use other credentials for updates, if you want to use another user account and enter the domain, user name, and password for the user.
-
Installation progress is displayed on the Setup is running page. Once installation is complete, click Next.
The Web Installer generates the web application and the corresponding configuration files (web.config) for each directory.
-
Click Finish on the last page to end the program.
The SOAP Web Service configuration is found in Web.config in the installation directory. You can use any text editor to edit this file.
Table 189: Configurable options in the “web.config” configuration file
|
connectionString |
|
|
Database connection parameter. |
|
runtimedirs |
key="Cache" |
value = "<path>" |
Directory for storing the cache directory.
Default: value="C:\inetpub\wwwroot\<web service name>\App_Data\Cache\DB" |
|
|
key="AssemblyCache" |
value = "<path>" |
Directory for storing the cache directory.
Default: value="C:\inetpub\wwwroot\<web service name>\App_Data\Cache\Assemblies" |
|
settings |
key="timeout" |
value="<time>" |
Timeout for connections in the application pool.
Default: value="00:05:00" |
|
|
key="maxconnectionlifetime" |
value="<time>" |
Maximum length of time to maintain the connections. After this time limit has expired, all the connections are closed even if the timeout has not expired yet.
Default: value="00:05:00" |
|
|
key="usepropertybag" |
value = "True"
value = "False" |
Specifies whether a property bag is used. A property bag is used when object properties are populated in order to maintain the particular fill order that is required because of side effects or templates.
Permitted values are:
Default: value=”True" |
|
|
key="ignoreinvisiblevalues" |
value = "True"
value = "False" |
Specifies whether values that the user is not permitted to see are not returned.
Permitted values are:
-
False: Values that the user is not allowed to see, generate an error message.
-
True: Values that the user is not allowed to see, are not returned. If this value is set, the user is issued an error message.
Default: value=”True" |
|
|
key = "logdirectory" |
value = "<path>" |
Log directory.
Default: value = "C:\inetpub\wwwroot\<web service name>\App_Data\Logs |
|
|
key = "allowwebservicemethods" |
value = "List of methods" |
Semicolon-delimited list of permitted web service methods. |
|
|
key = "allowfunctions" |
value = "List of functions" |
List of the permitted functions for each CallFunction method. If no other function is given, all functions are permitted. |
Related topics
The SOAP Web Service can be reached over a browser under:
http://<server>/<application name>
https://<server>/<application name>
TIP: You can open the web server's status display in the Job Queue Info. In the Job Queue Info, select View | Server state in the menu and, on the Web servers tab, open the web server status display from the Open in browser context menu.
In addition, API documentation is available here.
