Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Installing and Configuring the SOAP Web Service

Installing and Configuring the SOAP Web Service

To install the SOAP Web Service, you must provide a server on which the following software is already installed:

  • Windows operating system

    Following versions are supported:

    • Windows Server 2008 (non-Itanium based 64-bit) Service Pack 2 or later
    • Windows Server 2008 R2 (non-Itanium based 64-bit) Service Pack 1 or later
    • Windows Server 2012
    • Windows Server 2012 R2
    • Windows Server 2016

  • Microsoft .NET Framework Version 4.5.2 or later

    		 NOTE: Microsoft .NET Framework version 4.6 is not supported.
  • Microsoft Internet Information Service 7, 7.5, 8, 8.5 or 10 with ASP.NET 4.5.2 and Role Services:
    • Web Server > Common HTTP Features > Static Content
    • Web Server > Common HTTP Features > Default Document
    • Web Server > Application Development > ASP.NET
    • Web Server > Application Development > .NET Extensibility
    • Web Server > Application Development > ISAPI Extensions
    • Web Server > Application Development > ISAPI Filters
    • Web Server > Security > Basic Authentication
    • Web Server > Security > Windows Authentication
    • Web Server > Performance > Static Content Compression
    • Web Server > Performance > Dynamic Content Compression
Required Permissions

The user account that the Internet Information Service runs under, needs write access (MODIFY) to the installation directory.

Detailed information about this topic

Installing the SOAP Web Service

Installing the SOAP Web Service

IMPORTANT: Start the SOAP Web Service installation locally on the server.

To install the SOAP Web Service

  1. Execute the program autorun.exe from the root directory on the One Identity Manager installation medium.
  2. Go to the Installation tab and select the entry Web based components and click Install. Starts the Web Installer.
  3. Select Install Web Installer on the SOAP Web Service start page and click Next.
  4. Enter connection credential for the One Identity Manager database on the Database connection page and click Next.
  5. Configure the following settings on the Select setup target page and click Next.
    Table 336: Settings for the Installation Target
    Setting Description
    Application name Name used as application name, as in the title bar of the browser, for example.
    Target in IIS Internet Information Services web page on which to install the application.
    Enforce SSL Specifies whether insecure websites are available for installation. If the option is set, only sites secured by SSL can be used for installing. This setting is the default value. If this option is not set, insecure websites can be used for installing.

    URL

    The application's Uniform Resource Locator (URL).

    Install dedicated application pool

    Specifies whether an application pool is installed for each application. This allows applications to be set up independently of one another. If this option is set, each application is installed in its own application pool.

    Application pool

    The application pool to use. This can only be entered if the option Install dedicated application pool is not set.

    The application pool is formatted with the following syntax, if the default value "DefaultAppPool" is used.

    <application name>_POOL

    Identity

    Permissions for executing an application pool. A default identity or a user defined user account can be used.

    The user account is formatted with the following syntax, if the default value "ApplicationPoolIdentity" is used.

    IIS APPPOOL\<application name>_POOL

    If you want to authorize another user, click ... next to the text box and enter the user and password.

    Web Authentication

    Specifies the type for authentication against the web application. You have the following options:

    • Windows Authentication (Single Sign-On)

      The user is authenticated against the Internet Information Services using their Windows user account and the web application logs in the employee assigned to the user account as role-based. If single sign-on is not possible, the user is diverted to a login page. You can only select this authentication method is Windows authentication is installed.

    • Anonymous

      Login is possible without Windows authentication. The user is authenticated against the Internet Information Services and the web application anonymously and the web application is directed to a login page.

    Database authentication

    NOTE: You can only see this section if you have selected an SQL database connection in Database connection.

    Specifies the type for authentication against the One Identity Manager database. You have the following options:

    • Windows authentication

      The web application is authenticated against the One Identity Manager database using the Windows account under which your application pool is running. Login is possible with a user defined user account or a default identity for the application pool.

    • SQL Authentication

      Login is only possible through a user defined user accounts. Authentication is done using user name and password. This access data is saved in the web application configuration as computer specific encrypted.

  6. Specify the user account for automatic updating of the application server on the Set update credentials page.

    The user account is used to add or replace files in the application directory.

    • Set the option Use IIS credentials for update if you want to use the user account, under which the application is run, for updates.
    • Set the option Use other credentials for updates if you want to use another user account and enter the domain, user name and password for the user.

    NOTE: The following permissions are required for automatic updating:

    • The user account for updating required write permissions for the application directory.
    • The user account for updating requires the local security policy "Log on as a batch job".
    • The user account, under which the application pool runs, requires the local security policies "Replace a process level token" and "Adjust memory quotas for a process".
  7. Installation progress is displayed on the Setup is running page. Once installation is complete, click Next.

    The Web Installer generates the web application and the corresponding configuration files (web.config) for each folder.

  8. Click Finish on the last page to end the program.

Configuring the SOAP Web Service

Configuring the SOAP Web Service

The SOAP Web Service configuration is found in the XML file Web.config in the installation directory. You can use any text editor to edit this file.

Table 337: Configurable Options in the Configuration File "Web.config"
Section Option Permitted Values Meaning
connectionString     Database connection parameter.
runtimedirs key="Cache" value = "<path>"

Directory for storing the cache directory.

Default: value="C:\inetpub\wwwroot\<web service name>\App_Data\Cache\DB"

  key="AssemblyCache" value = "<path>"

Directory for storing the cache directory.

Default: value="C:\inetpub\wwwroot\<web service name>\App_Data\Cache\Assemblies"

settings key="timeout" value="<time>"

Timeout for connections in the application pool.

Default: value="00:05:00"

  key="maxconnectionlifetime" value="<time>"

Maximum length of time to maintain the connections. After this time limit has expired, all the connections are closed even if the timeout has not expired yet.

Default: value="00:05:00"

  key="usepropertybag" value = "True"

value = "False"

Specifies whether a property bag is used. A property bag is used in order to maintain a particular fill order when object properties are populated.

Table 338: Permitted Values
Value Meaning
False Values are set in the object in the order in which they were given.
True The fill order is taken from the meta data.

Default: value="True"

  key="ignoreinvisiblevalues" value = "True"

value = "False"

Specifies whether values that the user is not permitted to see are not returned.

Table 339: Permitted Values
Value Meaning
False An error message sent if the user is not permitted to see the values.
True Values that the user is not permitted to see are not returned. If this value is set, the user is issued an error message.

Default: value="True"

  key = logdirectory value = "<path>"

Log directory.

Default: value = "C:\inetpub\wwwroot\<web service name>\App_Data\Logs

 

key = allowwebservicemethods

value = "List of methods"

semicolon delimited list of permitted web service methods.

 

key = allowfunctions

value = "List of functions"

List of the permitted functions for each CallFunction method. If no other function is given, all functions are permitted.

Displaying the Status of a SOAP Web Service

Displaying the Status of a SOAP Web Service

The SOAP Web Service can be reached over a browser under:

http://<server>/<application name>

https://<server>/<application name>

TIP: You can open the web server's status display in Job Queue Info. Select the menu item View | Server state in the Job Queue Info and display the web server's state on the Web servers tab by using Open in browser in the context menu.

In addition, API documentation is available here.

Related Documents