Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

FileLogWriter

The FileLogWriter writes One Identity Manager Service messages into a log file. The log file can be displayed in a browser.

Following parameters are available:

  • Log file (OutPutFile)

    The parameter contains the name of the log file including its directory. Log information for the One Identity Manager Service is written to this file.

    IMPORTANT: Ensure that the given directory exists. If the file cannot be created, no error output is possible. In this case, the error messages appear in the Windows event log or, under Linux, in /var/log/messages.

  • Renaming interval for the log file (LogLifeTime)

    In order to avoid unnecessarily large log files, the module supports the functionality of exchanging the log file with a history list. The LogLifeTime specifies the maximum life of a log file before it is renamed as backup. If the log file has reached its maximum age, the file is renamed (i.e.as JobService.log_20040819-083554) and a new log file is started.

    Timeout format:

    day.hour:minutes:seconds

  • Process step log duration (JobLogLifeTime)

    Use this parameter to specify the length of time process step logs are kept. After this expires, the logs are deleted.

    Timeout format:

    day.hour:minutes:seconds

    For test purposes, you can enable logging of individual process steps in the Job Queue Info. The process step's processing messages with the NLog warning level "Debug" are written to a separate log. The files are stored in the log directory.

    Repository structure:

    <Protokollverzeichnis>\JobLogs\<first 4 digits of the UID_Job>\Job_<UID_Job>_<yyyymmdd>_<Timestamp>.log

  • Max.number of archived log files (HistorySize)

    This attribute limits the number of log files. If several log files exist, the oldest backup file is deleted when a new log file is created so that the limit is not exceeded.

  • Max .log file size (MB) (MaxLogSize)

    Use this parameter to specify the maximum size for the log file. Once the log file has reaches the limit, it is renamed into a backup file and a new log file is created.

  • Max. length of the parameter (ParamMaxLength)

    This parameter defines how many character can be in a job so that it is still written to the log file.

  • Severity level (LogSeverity)

    Specifies the warning level for logging messages. Only warnings and fatal errors are logged by default.

    Table 209: Warning Levels for Logging
    Severity level Description
    Info All messages are written to the log file. The log file quickly becomes large and cumbersome.
    Warning Only warnings and exception errors are written to the log file (default).
    Serious Only exception errors are written to the log file.
Related Topics

The Dispatcher Module

In a hierarchical server structure a server can be used as a proxy server for other servers. The proxy server makes requests at set time intervals for process steps to be processed on a server and sends them to the next server. If the request load needs to be minimized, a proxy server is recommended.

Following parameters are available:

  • Acts as proxy for other servers (IsProxy)

    This parameter specifies if a server is acting as a proxy server. Set this option if the server should be a proxy server.

  • Proxy request interval (ProxyInterval)

    The ProxyInterval sets the time interval in seconds, after which the proxy server acting as deputy for another server, should renew a request to the database.

The following guidelines can be used as orientation for the configuration of One Identity Manager Service polling intervals in a cascading environment:

Table 210: Polling Interval Guidelines for One Identity Manager Service
Parameter Root Server (direct connection to database) Leaf Server (connected using HTTP/File or other.)
JobServiceDestination.Startinterval 90 seconds 600 seconds
JobServiceDestination.Statisticinterval 360 seconds 600 seconds
Dispatcher.ProxyInterval 180 seconds
Dispatcher.IsProxy True False

The proxy mode of a root server ensures that, acting on behalf of the leaf server, process steps are queried in shorter proxy intervals. When a root server is restarted it can take a while until all the leaf servers have send their first requests (in this case max.6000 seconds), but then the system takes over.

Figure 44: Dispatcher Configuration Example

The Connection Module

With this module you can set special configuration settings for the behavior of the One Identity Manager Service.

The parameters in this module are:

  • Directory for generating logging (JobGenLogDir)

    Log files are created in this directory that record process generation instructions from One Identity Manager Service.

  • Suppress reload beep (NoReloadBeep)

    When this parameter is set the beep is switched off that is made when buffered dialog data is loaded.

  • BLOB read operation logging (LogBlobReads)

    Use this parameter to specify whether read operation on text and binary LOB field are written to the SQL log.

  • Reload interval for cache (CacheReloadInterval)

    Use this parameter to enter a time interval for updating the local cache. Click on this icon to discard the change. The parameter overwrites the setting in the configuration parameter "Common\CacheReload\Interval".

  • Expression for tracing the stack position (ObjectDumpStackExpression)

    This expression specifies when an extra stack trace is written to the object log. If the current row in the object log matches the regular expression, the stack trace is written in the object log.

    Example expression: "Lastname"

    If the current contain the value "Lastname" the stack trace is also copied to the log.

    NOTE: This parameter is used for localizing errors. It is not recommended to set this parameter in normal working conditions on performance grounds.

Related Topics

The HTTP Authentication Module

Every One Identity Manager Service automatically works as an HTTP server. Which services the One Identity Manager Service provides depends on the plug-ins configurations. Use this module to specify how authentication works on an HTTP server so that other services can be accessed, for example, displaying the log file or the status display.

The following module types may be selected:

  • BasicHttpAuthentication

    To access the HTTP server with this authentication type, enter a specific user account (user) and the associated password (password).

  • WindowsHttpAuthentication

    Use this authentication type to specify an Active Directory group, whose users can be authenticated on the HTTP server. Either an SID or the Active Directory group name can be entered into the Job server domain. If the Active Directory groups are not in the Job server domain, you must use the SID.

NOTE: If no model is given, no authentication is required. All users can access the service.

Related Documents