Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Dispatcher module

In a hierarchical server structure a server can be used as a proxy server for other servers. The proxy server makes requests at set time intervals for process steps to be processed on a server and sends them to the next server. If the request load needs to be minimized, a proxy server is recommended.

Table 106: Dispatcher module parameters

Parameter

Description

Acts as proxy for other servers (IsProxy)

Specifies whether the server is to act as a proxy server. Set this option if the server should be a proxy server.

ProxyInterval

The ProxyInterval sets the time interval in seconds, after which the proxy server acting as deputy for another server, should renew a request to the database.

The following guidelines can be used as orientation for the configuration of One Identity Manager Service polling intervals in a cascading environment:

Table 107: Polling Interval Guidelines for One Identity Manager Service
Parameter Root Server (direct connection to database) Leaf server (connected via HTTP or file)
JobServiceDestination.StartInterval 90 seconds 600 seconds
JobServiceDestination.Statisticinterval 360 seconds 600 seconds
Dispatcher.ProxyInterval 180 seconds
Dispatcher.IsProxy True False

The proxy mode of a root server ensures that, acting on behalf of the leaf server, process steps are queried in shorter proxy intervals. When the root server is restarted, it may take a while until all leaf servers have sent their first request (in this case a maximum of 600 seconds). However, the system then swings into action.

Figure 30: Dispatcher Configuration Example

Connection module

With this module you can set special configuration settings for the behavior of the One Identity Manager Service.

Table 108: Connection module parameters

Parameter

Description

Process generation log directory (JobGenLogDir)

Directory of log files in which the instructions for process generation generated by One Identity Manager Service are recorded.

Disable reload beep (NoReloadBeep)

When this parameter is set the beep is switched off that is made when buffered dialog data is loaded.

Log BLOB reads (LogBlobReads)

Specifies whether read operations on text and binary LOB (BLOB) should be written to the SQL log.

Cache type (CacheType)

Specifies how the data is cached. The default value is MultipleFiles.

Cache reload interval (CacheReloadInterval)

Time in seconds after which the local cache should be updated. This parameter overwrites the setting in the configuration parameter Common | CacheReload | Interval.

Regular expression for stack trace positions (ObjectDumpStackExpression)

This expression specifies when an extra stack trace is written to the object log. If the current row in the object log matches the regular expression, the stack trace is written in the object log.

Sample expression: "Lastname"

If the current row contains the value "Lastname", the stack trace is also copied to the log.

NOTE: This parameter is used for localizing errors. It is not recommended to set this parameter in normal working conditions on performance grounds.

TokenCertificateThumbprint

Fingerprint of the certificate used to verify the security token.

TokenCertificateFile

Certificate file of the certificate to be used to verify the security token. The certificate must support RSA encryption with SHA1, SHA256, or SHA512 and contain the private key.

HTTP authentication module

Every One Identity Manager Service automatically works as an HTTP server. Which services the One Identity Manager Service provides depends on the plug-ins configurations. Use this module to specify how authentication works on an HTTP server so that other services can be accessed, for example, displaying the log file or the status display.

The following module types may be selected:

  • BasicHttpAuthentication

    With this authentication type, enter a specific user account and the corresponding password for accessing the HTTP server.

  • WindowsHttpAuthentication

    Use this authentication type to specify an Active Directory group, whose users can be authenticated on the HTTP server. A security ID (SID) or the Active Directory group name in the domain of the Job server can be specified. If Active Directory is not located in the domain of the Job server, the SID must be used.

NOTE: If a module is not specified, authentication is not required. In this case, all users can access the services.

Module plug-ins

Plug-ins are program classes that One Identity Manager Service loads and that extend the functionality of the service. The following plug-ins are available:

Related Documents