Chat now with support
Chat with Support

Identity Manager 9.2 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using Windows PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue tasks One Identity Manager Service configuration files

HTTP authentication module

Every One Identity Manager Service automatically works as an HTTP server. Which services the One Identity Manager Service provides depends on the plug-ins configurations. Use this module to specify how authentication works on an HTTP server so that other services can be accessed, for example, displaying the log file or the status display.

The following module types may be selected:

  • BasicHttpAuthentication

    Use this authentication type to specify a user account for accessing the HTTP server.

    Module parameters are:

    • User account (User): User account for logging in.

    • Password (Password): User account's password.

  • SessionHttpAuthentication

    Users can log in with the authentication modules that are assigned to the Job Server application and enabled.

    The users require the JobServer_Status program function.

    Table 117: Module parameters

    Parameter

    Description

    Job provider ID (ProviderID)

    ID of the Job provider with the connection configuration to use for logging in. This must be either a MSSQLJobProvider or an AppServerJobProvider. If this is empty the first Job provider is used.

    Application URL (AppURL)

    (Optional) This option is only required if the users can log in with OAuth2 or OpenID Connect. The URL must match the value in the QBMWebApplication.BaseURL column. A OAuth2/OpenID Connect configuration is assigned to the web application.

    The following URL must be given in the configuration and the connected external system as the redirect URL.

    https://<jobserver>:<port>/login

    Cleanup after inactivity (RemoveSessionAfterInactivity)

    Specifies the time period after which the session is removed from memory. The next time the session is accessed, it is reestablished transparently for the user. The default value is 00:10:00.

    Timeout format:

    hours:minutes:seconds

    Session timeout (SessionTimeout)

    Specifies how long a session stays connected. After timeout expired or when the Job server is restarted, the session is ended. The default value is 1.00:00:30.

    Timeout format:

    day.hour:minutes:seconds

    For more information about authentication modules, see the One Identity Manager Authorization and Authentication Guide.

  • WindowsHttpAuthentication

    Use this authentication type to specify an Active Directory group, whose users can be authenticated on the HTTP server.

    Module parameters are:

    • Group (Role): Active Directory group. A security ID (SID) or the Active Directory group name in the domain of the Job server can be specified. If the Active Directory group is not located in the domain of the Job server, the SID must be used.

    • Debug login errors (DebugLoginErrors): (Optional) User account properties and groups are written to the log file to debug login problems. Do not set this value in production environments as group assignments can be written to the log.

NOTE: If a module is not specified, authentication is not required. In this case, all users can access the services.

Module plug-ins

Plug-ins are program classes that One Identity Manager Service loads and that extend the functionality of the service. The following plug-ins are available:

HTTPLogPlugin

The plug-in writes a log file that records the One Identity Manager Service HTTP requests.

Enter the following parameter:

  • Output file (LogFile)

    Enter the name of the file that is to record the messages. The file is written in Apache HTTP Server Combined Log Format.

ScheduleCommandPlugin

This plug-in calls up an external program in regular intervals. This is useful, for example, when process steps need to be routed over their own transfer methods.

Table 118: ScheduleCommandPlugin parameters

Parameters

Description

Command to run (Command)

Command to be run including command line option This command is run as a cmd and therefore built-in commands are possible.

Service start command (StartCommand)

Command run when the One Identity Manager Service is started

Service start command (StopCommand)

Command run when the One Identity Manager Service is stopped

Interval between runs (Interval)

Interval (in seconds) at which the command should be called While the command is running, the timer is stopped so that the calls do not overlap. The default value is 60.

Command output to log file (OutputToLog)

Specifies whether the command outputs are logged if successful. If this parameter is set, the command output is also written to the One Identity Manager Service's log file when successful. If the parameter is disabled, only errors are written to the log file.

Severity level (LogSeverity)

Message types used for messages that appear in the log file when the transaction is successful. Permitted values are Info, Warning, and Serious. The default value is Info.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating