Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Selecting a method

The standard One Identity Manager Service configuration settings are specified in this module.

Table 101: Configuration module parameters

Parameter

Description

VerboseLogging

Set the parameter to obtain more detailed messages on starting and stopping the One Identity Manager Service.

DebugMode

In DebugMode One Identity Manager Service writes additional information to the log file. For example, all the parameters and results that are passed to a component are written to the log file.

NOTE: This parameter is used for localizing errors. It is not recommended to set this parameter in normal working conditions on performance grounds.

ComponentDebugMode

When set, individual One Identity Manager Service process components write additional process information to a log file.

NOTE: This parameter is used for localizing errors. It is not recommended to set this parameter in normal working conditions on performance grounds.

HTTPAddress

If One Identity Manager Service is running on a computer with several network cards, you can use this parameter to define which service should work over which IP address. If no IP address is entered, then all of them are used.

HTTPPort

Every One Identity Manager Service automatically works as an HTTP server. This parameter specifies the port that One Identity Manager Service works with. The default value is port 1880.

The HTTP server is addressed via:

Logging of job provider and executing instance (LogDestinationAndProviderId)

Specifies whether the job provider ID and executing instance are output in the log messages of the process step.

Language

Language used for error messages and outputs from the One Identity Manager Service. Permitted values are German and English. The default value is English.

UseSSL

Specifies whether the HTTP server is to provide secure connections. If this option is enabled, you can access the server from your browser using HTTPS.

The One Identity Manager Service uses System.Net.HttpListener for the web interface. For detailed information on how to configure certificates, see How to: Configure a port with an SSL certificate.

DoNotProtectCryptedValues

Nomally, encrypted values from the Jobservice.cfg are additionally protected by the data protection API. This prevents use by other accounts or servers. This option switches of additional protection to use it on other cluster nodes, for example.

WaitTimeOnFailedStart

The time to wait after a failed start before a retry is carried out. The default value is 90 seconds.

Timeout format:

hours:minutes:seconds

RetriesOnFailedStart

Number of retries for the One Identity Manager Service to start up. The default value is 5 retries.

DoNotProtectPrivateKeys

If the One Identity Manager Service finds a private key in the installation directory on startup, it places the key in the Windows internal key container of its service account and deletes the file from the hard drive. If this option is enabled, the key files are not moved to the key container.

Logwriter module

This module writes the One Identity Manager Service messages. The following module types may be selected:

EventLogLogWriter

The EventLogLogWriter writes messages from the One Identity Manager Service to an event log. The event log can be displayed using the event window of the Microsoft Management Console, for example.

Table 102: EventLogLogWriter parameters

Parameter

Description

EventLog

Name of the event log to which the messages are written. The messages are written to the application log with Application as the default value.

NOTE: If more than one One Identity Manager Service write event logs on a server, make sure that the first 8 letters in the log name are unique on the server.

Severity (LogSeverity)

Severity levels of the logged messages. The default value is Warning.

Table 103: Severity level of logging
Severity code Description
Info All messages are written to the event log. The event log quickly becomes large and confusing.
Warning Only warnings and exception errors are written to the event log (default)
Serious Only exception messages are written to the event log.

EventID

The ID of the messages written to the event log.

Category

The category of the messages written to the event log.

Source

The name of the source of the messages written to the event log.

Related Topics

FileLogWriter

The FileLogWriter writes messages from One Identity Manager Service to a log file. The log file can be displayed in a browser.

You call up the log file with the appropriate URL.

http://<server name>:<port number>

The default value is port 1880.

Table 104: FileLogWriter parameters

Parameter

Description

Log file (OutputFile)

Name of the log file, including the directory name. Log information for the One Identity Manager Service is written to this file.

IMPORTANT: The directory specified for the file must exist. If the file cannot be created, no error output is possible. Error messages then appear under Windows operating systems in the event log or under Linux operating systems in /var/log/messages.

Log rename interval (LogLifeTime)

In order to avoid unnecessarily large log files, the module supports the functionality of exchanging the log file with a history list. The LogLifeTime specifies the maximum life of a log file before it is renamed as backup. If the log file has reached its maximum age, the file is renamed (for example, as JobService.log_20040819-083554) and a new log file is started.

Timeout format:

day.hour:minutes:seconds

Process step log lifetime (JobLogLifeTime)

Use this parameter to specify the length of time process step logs are kept. After this expires, the logs are deleted.

Timeout format:

day.hour:minutes:seconds

For test purposes, you can enable logging of individual process steps in the Job Queue Info. The processing messages of the process step is written to a separate log with the Debug NLog severity. The files are stored in the log directory.

Repository structure:

<log directory>\JobLogs\<first 4 digits of the UID_Job>\Job_<UID_Job>_<yyyymmdd>_<Timestamp>.log

Number of history logs (HistorySize)

Maximum number of log files. If several log files exist, the oldest backup file is deleted when a new log file is created so that the limit is not exceeded.

Max. log file size (MB) (MaxLogSize)

Maximum size in MB of the log file. Once the log file has reached the limit, it is renamed as a backup file and a new log file is created.

Max. length of parameters (ParamMaxLength)

Specifies the maximum number of characters a process step parameter is permitted to have in order to be written to the log file.

LogSeverity

Severity levels of the logged messages. The default value is Warning.

Table 105: Severity level of logging
Severity code Description
Info All messages are written to the event log. The event log quickly becomes large and confusing.
Warning Only warnings and exception errors are written to the event log (default)
Serious Only exception messages are written to the event log.

Add server name (AddServerName)

Specifies whether the server name is to be added to the log entries.

Related Documents