立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Configuring database connections

The current connection settings for the Web Designer Web Portal can be viewed in the Web Designer Configuration Editor in the Database connection view. You can customize the settings as required.

To select a new database connection

  1. Open the Web Designer Configuration Editor.

  2. In the Database connection view, click the Enter new connection link.

  3. Select the system type and enter the connection data:
    • For the SQL Server system type, enter the following information.

      • Server: Database server.

      • (Optional) Windows Authentication: Specifies whether the integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

      • User: The user's SQL Server login name.

      • Password: Password for the user's SQL Server login.

      • Database: Select the database.

    • For the Application server system type, enter the URL.

NOTE: In the Options menu, select either Test connection or Advanced options as required.

Authentication data for the web application

The authentication data for the web project and subprojects is configured in the Web Designer Configuration Editor in the Web project section. For more information about authentication modules, see the One Identity Manager Authorization and Authentication Guide.

Table 31: Authentication data for the web project

Setting

Description

Web project

Name of the web project.

Authentication module

Authentication module for logging on to the web project.

NOTE: Some authentication modules support single sign-on. In such cases, a corresponding message is shown beneath selection.

Perform single sign-on, if an error occurs, using the following module.

If the module selected under Authentication module supports single sign-on, you have the option to specify an alternative authentication method here. This authentication method is used as a fall-back if single sign-on fails for any reason.

Debugging

Activate this option if you want to use a debugging environment.

OAuth

If you use the OAuth 2.0 / OpenID Connect or OAuth 2.0 / OpenID Connect (role-based) authentication modules, make your configuration settings here.

OAuth 2.0 / OpenID Connect configuration

Select the OAuth 2.0 / OpenID Connect configuration that you want to adjust.

Client ID for OAuth authentication

ID of the application on the identity provider.

Example: urn:OneIdentityManager/Web

Issuer information for the OAuth certificate

This is used to find the certificate in the certificate store. Either the thumb nail or the issuer of the certificate is required.

For example: O=[company name], OU=[organizational unit], CN=[server IP]

OAuth Resource

Uniform Resource Name (URN) of the resource to be queried. Only required if the identity provider requires this value.

Thumbprint for the OAuth certificate

Thumbprint of the certificate used to verify the security token. Either the thumb nail or the issuer of the certificate is required.

Endpoint

Uniform Resource Locator (URL) of the certificate end point on the authorization server.

For example: https://certificateServer/certificate.crt

Authentication data for subprojects

Authentication data for subprojects.

To enter or change authentication data for a sub project

  1. Open the Web Designer Configuration Editor.

  2. In the Web project pane, next to the Authentication for sub projects is missing message, click .

  3. In the edit view, click on the project marked in red.

  4. In the Authentication method pane, select the required authentication procedure and enter the required login credentials.

  5. Click OK.

Logging for the web application

The settings for logging the web application are configured in the Web Designer Configuration Editor in the Log view. This view is divided into:

  • General

  • Application log

  • Event log

  • Database log

Table 32: General settings for logging

Setting

Description

Application

Name of the web application.

Company name

Name of the company that uses the web application.

Product title

Software manufacturer’s product name

Log directory

Directory in which the log files of the web application are saved. The web server process must have write access to this folder.

Table 33: Application log settings

Setting

logging

Severity code

Severity level of the log.

Archive every

Maximum runtime of a log file before it is renamed. When a log file has reached its maximum age, the file is renamed and a new log file is started.

Archive numbering

Specifies whether the archive files of the application log are numbered in ascending or descending order.

Table 34: Event log settings

Setting

Description

Severity code

Severity level of the log.

Table 35: Database log settings

Setting

Description

Severity code

Severity level of the log.

Archive every

Maximum runtime of a log file before it is renamed. When a log file has reached its maximum age, the file is renamed and a new log file is started.

Archive numbering

Specifies whether the archive files of the database log are numbered in ascending or descending order.

Table 36: Permitted severities
Severity Level Description

Off

No information is logged.

Trace

Logs highly detailed information. This setting should only be used for analysis purposes. The log file quickly becomes large and cumbersome.

Debug

Logs debug steps. This setting should only be used for testing.

Info

Logs all information.

Warning

Logs all warnings.

Errors

Logs all error messages.

Fatal

Logs all critical error messages.

Configuring the Web Designer Web Portal automatic update

NOTE: The following permissions are required for automatic updating:

  • The user account for updating requires write permissions for the application directory.

  • The user account for updating requires the local security policy Log on as a batch job.

  • The user account running the application pool requires the Replace a process level token and Adjust memory quotas for a process local security policies.

The automatic update is configured in the Web Designer Configuration Editor in the Automatic update pane.

To configure the automatic update of the web application

  1. Open the Web Designer Configuration Editor.

  2. In the Automatic updates pane, set the Enable automatic updates option.

  3. Define the user account for the automatic update. The user account is used to add or replace files in the application directory.

    • Use IIS credentials for update: Set this option to use the user account under which the application pool is run for the updates.

    • Use other credentials for updates: To use a different user account, set this option. Specify the domain, the user name, and the user password.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级