Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

JobServiceDestination

The JobServiceDestination module of the One Identity Manager Service performs the actual handling of process steps. A JobServiceDestination requests the process steps from the job provider, processes them using process components and returns the result.

Table 94: JobServiceDestination parameters

Parameter

Description

Number of external slots (ExternalSlots)

Maximum number of external processes (StdioProcessor.exe) opened by the One Identity Manager Service for handling process components.

Environment variables for external slots (ExternalSlotEnvironment)

List of environment variables to set for external slot processes. Enter the variables in a pipe (|) delimited list.

Syntax:

Variable1=value1|Variable2=value2...

Number of external 32-bit slots (ExternalSlots32)

Maximum number of external processes in the 32-bit memory (StdioProcessor32.exe) opened by the One Identity Manager Service for handling process components.

Environment variables for external 32-bit slots (ExternalSlotEnvironment32)

List of environment variables to set for external 32-bit slot processes. Enter the variables in a pipe (|) delimited list.

Syntax:

Variable1=value1|Variable2=value2...

Number of internal slots (InternalSlots)

Number of internal process provided by the One Identity Manager Service for the internal handling of process components.

File with private key (PrivateKey)

File with encryption information. The default file is private.key.

The encryption file has to be in the installation directory of all servers with One Identity Manager Service. If the One Identity Manager Service finds a private key on start up, it places it in the per-user key container and deletes the file from the hard drive.

To create a key file and encrypt database information, use the Crypto Configuration program.

NOTE: If you are working with an encrypted One Identity Manager database, see the notes on working with an encrypted database in the One Identity Manager Installation Guide.

Encryption method (EncryptionScheme)

Encryption method used

Table 95: Encryption scheme
Method Description

RSA

RSA encryption with AES for large data (default).

FIPSCompliantRSA

FIPS certified RSA with AES for large data. This method is used if encryption must match the FIPS 1040-2 standard. The local security policy Use FIPS compliant algorithms for encryption, hashing, and signing must be enabled.

Job provider ID (ProviderID)

if more than one job provider is being processed by the One Identity Manager Service, enter the name of the job provider to be used. If this is empty the first Job provider is used.

PrivateKeyId

Identifier of the private key. If no ID is specified, a search is performed for the private.key file.

Use this parameter if you work with several private keys, for example, if One Identity Manager Service data must be exchanged between two encrypted One Identity Manager databases. Enter the private keys in the File with private key module. If the One Identity Manager only uses an encrypted database, you can alternatively enter the key file in the File with private key parameter (PrivateKey).

Queue

Queue identifier

Each One Identity Manager Service within the network must have a unique queue identifier. The process steps are requested by the Job queue using exactly this queue name. A Job server must be known in the One Identity Manager database for each queue.

RequestTimeout

Specifies when a process request has failed and is resent.

Timeout format:

day.hour:minutes:seconds

Process request interval (StartInterval)

Interval in seconds after which the One Identity Manager Service requests new process steps The default value is 90 seconds. Suggestions for configuring the time interval are calculated from Job server statistical data.

Interval for calculating statistics (StatisticInterval)

Interval in seconds in which the One Identity Manager Service delivers statistic information on processing speed to the database. The default value is set to 4 times the process request interval. Suggestions for configuring the time interval are calculated from Job server statistical data.

Max. external processor reusage count (MaxExternalSlotReuse)

Specifies how often an external processor can be reused before the process is unloaded and restarted. The value 0 indicates that the process is only unloaded when no longer in use. The default value is 100.

Related Topics

FileJobDestination

The FileJobDestination handles the process steps provided by the FileJobGate (FileJobProvider or FTPJobProvider) and returns the results to the job provider.

Table 96: FileJobDestination parameters

Parameter

Description

Backup of transferred files (BackupFiles)

If this option is enabled, all files (with or without errors) are moved to a Backup subdirectory. In the default case (not set) only files with errors are saved.

Check file index (CheckInputIndex)

If this option is set, the file name index is checked to see if has increased in size. Files with the same or a lower index are not processed. This option is not set by default.

Max. number of process trees in a transfer file (MaxListCount)

Maximum number of process steps that can be grouped together as a file. This allows limiting of the file size.

Use encryption (UseEncryption)

Specifies whether the data is to be written to the files in encrypted form.

NOTE: The setting for encryption must be identically configured in the job provider and the related job destination.

Notification methods (EventTypes)

The job provider supports three different methods for providing notification about new data. The notification methods can be combined when separated by commas.

Example:

TIMER,FSEVENT

Table 97: Supported notification methods
Method Description

Timer

Newly stored data is queried at defined intervals.

HTTP

The provider queries the parent Job server via HTTP and processes the stored data once the server replies.

FSEvent

Newly stored data is queried after a file system event.

Remote host for HTTP notification (HostName)

If using the HTTP notification method, enter the name of the remote host here to which the queries are transferred.

HTTP notification port (Port)

If using the HTTP notification method, enter the port for transfer here.

File lookup timer interval (ms) (TimerInterval)

If using the TIMER notification method, enter the interval in milliseconds here.

Input directory (InputDirectory)

The module reads and processes the process files (*.fjg) in this directory.

NOTE: Ensure that the job provider and related job destination use the same directory. Input directory and output directory are then reversed accordingly.

Output directory (OutputDirectory)

Directory to which the processed files are written.

Subdirectories (SubDirectories)

You can enter a list of directory names separated by a pipe character (|) here. All the directories are then monitored and processed correspondingly. The following directory structure is expected:

SubDirectories = "ServerA|ServerB"

...

Request

ServerA

ServerB

Response

ServerA

ServerB

where Request and Response are the directories specified in the Input directory (InputDirectory) and Output directory (OutputDirectory) parameters.

NOTE: You can only use the Timer notification method. The HTTP and FSEvent notification methods are not available.

Automatic identification of subdirectories (AutoSubDirectories)

If this option is enabled, the module automatically processes all the files in the subdirectories. Processing is not recursive.

Job provider ID (ProviderID)

if more than one job provider is being processed by the One Identity Manager Service, enter the name of the job provider to be used. If this is empty the first Job provider is used.

Related Topics

FTPJobDestination

The FTPJobDestination handles the process steps provided in the FileJobGate (FileJobProvider or FTPJobProvider) and returns the results to the job provider.

 

Table 98: FTPJobDestination parameters

Parameter

Description

Backup of transferred files (BackupFiles)

If this option is enabled, all files (with or without errors) are moved to a Backup subdirectory. In the default case (not set) only files with errors are saved.

Check file index (CheckInputIndex)

If this option is set, the file name index is checked to see if has increased in size. Files with the same or a lower index are not processed. This option is not set by default.

Max. number of process trees in a transfer file (MaxListCount)

Maximum number of process steps that can be grouped together as a file. This allows limiting of the file size.

Use encryption (UseEncryption)

Specifies whether the data is to be written to the files in encrypted form.

NOTE: The setting for encryption must be identically configured in the job provider and the related job destination.

Notification methods (EventTypes)

The job provider supports three different methods for providing notification about new data. The notification methods can be combined when separated by commas.

Example:

TIMER,FSEVENT

Table 99: Supported notification methods
Method Description

Timer

Newly stored data is queried at defined intervals.

HTTP

The provider queries the parent Job server via HTTP and processes the stored data once the server replies.

FSEvent

Newly stored data is queried after a file system event.

Remote host for HTTP notification (HostName)

If using the HTTP notification method, enter the name of the remote host here to which the queries are transferred.

HTTP notification port (Port)

If using the HTTP notification method, enter the port for transfer here.

Monitoring interval for input directory (TimerInterval)

If using the TIMER notification method, enter the interval in milliseconds here.

Input directory (InputDirectory)

The module reads and processes the process files (*.fjg) in this directory.

NOTE: Ensure that the job provider and related job destination use the same directory. Input directory and output directory are then reversed accordingly.

Output directory (OutputDirectory)

Directory to which the processed files are written.

Subdirectories (SubDirectories)

You can enter a list of directory names separated by a pipe character (|) here. All the directories are then monitored and processed correspondingly. The following directory structure is expected:

SubDirectories = "ServerA|ServerB"

...

Request

ServerA

ServerB

Response

ServerA

ServerB

where Request and Response are the directories specified in the Input directory (InputDirectory) and Output directory (OutputDirectory) parameters.

NOTE: You can only use the Timer notification method. The HTTP and FSEvent notification methods are not available.

Automatic identification of subdirectories (AutoSubDirectories)

If this option is enabled, the module automatically processes all the files in the subdirectories. Processing is not recursive.

Job provider ID (ProviderID)

if more than one job provider is being processed by the One Identity Manager Service, enter the name of the job provider to be used. If this is empty the first Job provider is used.

FTP Server (FTPServer)

Name or IP address of the FTP server.

FTPPort

Port for FTP transfer The default port is port 21.

FTP user account (FTPUser)

User account for FTP login.

FTP password (FTPPassword)

  • Password for the user account for FTP login.

  • Related Topics

    HTTPJobDestination

    A HTTPJobDestination sends process steps to a child Job server. The data transfer is carried out by HTTP.

    Table 100: HTTPJobDestination parameters

    Parameter

    Description

    Receiver port (ChildPort)

    HTTP port of the child Job server.

    ProviderID

    Enter the name of the Job provider that will be used if more than one Job provider is being processed. If this is empty the first Job provider is used.

    Retries

    Number of retries performed by the module when the data transfer fails.

    RetryDelay

    This defines how long the module will wait after a failed process step transfer before retrying.

    Timeout format:

    day.hour:minutes:seconds

    RemoteDomain

    User account domain on the remote HTTP server.

    RemoteUser

    User account for logging on the HTTP server.

    RemotePassword

    Password for the user account for logging onto the HTTP server.

    Related Topics
    Related Documents