Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Installing and Configuring SPML Web Services

To install SPML Web Service, a server has to be made available on which the following software is already installed:

  • Windows operating system

    Following versions are supported:

    • Windows Server 2008 (non-Itanium based 64-bit) Service Pack 2 or later
    • Windows Server 2008 R2 (non-Itanium based 64-bit) Service Pack 1 or later
    • Windows Server 2012
    • Windows Server 2012 R2
    • Windows Server 2016
  • Microsoft .NET Framework Version 4.5.2 or later

    NOTE: Microsoft .NET Framework version 4.6 is not supported.
  • Microsoft Internet Information Service 7, 7.5, 8, 8.5 or 10 with ASP.NET 4.5.2 and Role Services:
    • Web Server > Common HTTP Features > Static Content
    • Web Server > Common HTTP Features > Default Document
    • Web Server > Application Development > ASP.NET
    • Web Server > Application Development > .NET Extensibility
    • Web Server > Application Development > ISAPI Extensions
    • Web Server > Application Development > ISAPI Filters
    • Web Server > Security > Basic Authentication
    • Web Server > Security > Windows Authentication
    • Web Server > Performance > Static Content Compression
    • Web Server > Performance > Dynamic Content Compression
Required Permissions

The user account that the Internet Information Service runs under, needs write access (MODIFY) to the installation directory.

Detailed information about this topic

Installing the SPML Web Service

IMPORTANT: Start the SPML web service installation locally on the server.

To install the SPML web service

  1. Execute the program autorun.exe from the root directory on the One Identity Manager installation medium.
  2. Go to the Installation tab and select the entry Web based components and click Install. Starts the Web Installer.
  3. Select the Install SPML web service on the Web Installer start page and click Next.
  4. Enter connection credential for the One Identity Manager database on the Database connection page and click Next.
  5. Configure the following settings on the Select setup target page and click Next.
    Table 342: Settings for the Installation Target
    Setting Description
    Application name Name used as application name, as in the title bar of the browser, for example.
    Target in IIS Internet Information Services web page on which to install the application.
    Enforce SSL Specifies whether insecure websites are available for installation. If the option is set, only sites secured by SSL can be used for installing. This setting is the default value. If this option is not set, insecure websites can be used for installing.

    URL

    The application's Uniform Resource Locator (URL).

    Install dedicated application pool

    Specifies whether an application pool is installed for each application. This allows applications to be set up independently of one another. If this option is set, each application is installed in its own application pool.

    Application pool

    The application pool to use. This can only be entered if the option Install dedicated application pool is not set.

    The application pool is formatted with the following syntax, if the default value "DefaultAppPool" is used.

    <application name>_POOL

    Identity

    Permissions for executing an application pool. A default identity or a user defined user account can be used.

    The user account is formatted with the following syntax, if the default value "ApplicationPoolIdentity" is used.

    IIS APPPOOL\<application name>_POOL

    If you want to authorize another user, click ... next to the text box and enter the user and password.

    Web Authentication

    Specifies the type for authentication against the web application. You have the following options:

    • Windows Authentication (Single Sign-On)

      The user is authenticated against the Internet Information Services using their Windows user account and the web application logs in the employee assigned to the user account as role-based. If single sign-on is not possible, the user is diverted to a login page. You can only select this authentication method is Windows authentication is installed.

    • Anonymous

      Login is possible without Windows authentication. The user is authenticated against the Internet Information Services and the web application anonymously and the web application is directed to a login page.

    Database authentication

    NOTE: You can only see this section if you have selected an SQL database connection in Database connection.

    Specifies the type for authentication against the One Identity Manager database. You have the following options:

    • Windows authentication

      The web application is authenticated against the One Identity Manager database using the Windows account under which your application pool is running. Login is possible with a user defined user account or a default identity for the application pool.

    • SQL Authentication

      Login is only possible through a user defined user accounts. Authentication is done using user name and password. This access data is saved in the web application configuration as computer specific encrypted.

  6. Specify the user account for automatic updating of the application server on the Set update credentials page.

    The user account is used to add or replace files in the application directory.

    • Set the option Use IIS credentials for update if you want to use the user account, under which the application is run, for updates.
    • Set the option Use other credentials for updates if you want to use another user account and enter the domain, user name and password for the user.

    NOTE: The following permissions are required for automatic updating:

    • The user account for updating required write permissions for the application directory.
    • The user account for updating requires the local security policy "Log on as a batch job".
    • The user account, under which the application pool runs, requires the local security policies "Replace a process level token" and "Adjust memory quotas for a process".
  7. Installation progress is displayed on the Setup is running page. Once installation is complete, click Next.

    The Web Installer generates the web application and the corresponding configuration files (web.config) for each folder.

  8. Click Finish on the last page to end the program.

Configuring the SPML Web Service

The SPML Web Service configuration is found in the XML file Web.config in the installation directory. You can use any text editor to edit this file.

NOTE:

  • After the default installation, make any changes required to the option AuthenticationString in the section configuration\application.
  • Create the schema files QOIM_Schema.xsd and QOIM_SpmlTargetSchema.xsd with the Schema Editor in the Designer. For more information, see Creating the Schema File. Add the schema files to the SPML Web Service directory (by default in the Schema directory of the install directory) and declare the storage location of the schema files in the configuration file using the options ProviderSchema and SpmlTargetSchema.
  • If the SPML Web Service should only be available over an encoded SSL connection, configure this in the Internet Information Services setting for each respective application. Look at your Internet Information Services documentation for further information.
Table 343: Configurable Options in the Configuration File "Web.config"
Section Option Permitted Values Meaning
connectionString     Database connection parameter.
runtimedirs key="Cache" value = "<path>"

Directory for storing the cache directory.

Default: value="C:\inetpub\wwwroot\<web service name>\App_Data\Cache\DB"

  key="AssemblyCache" value = "<path>"

Directory for storing the cache directory.

Default: value="C:\inetpub\wwwroot\<web service name>\App_Data\Cache\Assemblies"

application key = "ProviderSchema" value = "<path>"

Relative path to SPML schema (QOIM_Schema.xsd). The schema defines all objects and properties the can be administered using the web service. The file is created by Designer. All requests made to the web service are verified against this file.

Default: value=".\Schemas\QOIM_Schema.xsd"

  key = "SpmlTargetSchema" value = "<path>"

Relative path to SPML target schema (QOIM_SpmlTargetSchema.xsd). The schema defines the response to the list Target Request. The file is created by Designer.

Default: value=".\Schemas\QOIM_SpmlTargetSchema.xsd"

  key = "MaxConnections" value = "<Integer>"

Number of possible simultaneous connections (number of clients).

Default: value ="1"

  key = „AuthenticationString" value="Module=;User=;
Password="

Authentication module and login data for carrying out login and all operations of the web service.

Default: value="Module=DialogUser;User=DIALOGUSER;Password=PASSWORD"

  key = "DebugMode" value = "True"

value = "False"

Extended data in the log.

Default: value="true"

  key = "LogAllRequests" value = "True"

value = "False"

Always log queries.

Default: value="false"

  key = "LogDirectory" value = "<path>"

Log directory.

Default: value=".\Log"

  key = "MaxSearchResults" value = "<Integer>"

Maximum number of search results permitted for the iteration.

Default: value="10000"

  key = "ConcurrentSearchResponseObjects" value = "<Integer>"

Number of objects per iteration that may be returned to the client by the search operation.

Default: value="10"

  key = "CheckForUnusedResultsInterval" value = "<Integer>"

Interval in seconds for scanning orphaned search results.

Default: value="30"

  key = "KeepSearchResultsFor" value = "<Integer>"

Interval in seconds the client has to iterate the result set before it is discarded.

Default: value="60"

  key = logdirectory value = "<path>"

Log directory.

Default: value = "C:\inetpub\wwwroot\<web service name>\App_Data\Logs

NOTE: To encrypt the connection parameter (ConnectionString), use aspnet_regiis.exe.

Calling example:

c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pe "application" -app "/<web service name>" -prov "DataProtectionConfigurationProvider"

where: <web service name> = web service path on the Internet Information Services

Uninstalling the SPML Web Service

To uninstall a web application

  1. To uninstall a web application, use the Web Installer.
    1. Execute the program autorun.exe from the root directory on the One Identity Manager installation medium.
    2. Go to the Installation tab and select Web-based components and click Install. This starts the Web Installer.

    - OR -

    1. Start the Web Installer from Start | One Identity | One Identity Manager | Configuration | Web Installer.
  2. Select Uninstall a One Identity Manager web application on the Web Installer start page and click Next.
  3. All installed web applications are displayed on the page, Uninstall a One Identity Manager web application.
    1. Select the web application you want to remove by double-clicking on it.
    2. Select the authentication module in the Authentication method section and authenticate yourself.
    3. Click Next to start uninstalling.
    4. Confirm the security prompt with Yes.
  4. The uninstall progress is displayed on the Setup is running page. After installation is complete, click Next.
  5. Click Finish on the last page to end the program.

Related Documents