立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Sessions 6.0.2 - Upgrading plugins for One Identity Safeguard for Privileged Sessions version 6.0

Upgrading plugins for One Identity Safeguard for Privileged Sessions 6.0

This document provides guidelines on upgrading your deprecated plugins for One Identity Safeguard for Privileged Sessions 6.0. The following sections describe the most common parameter mappings from the deprecated plugins to the new One Identity Safeguard for Privileged Sessions 6.0 plugins.

[name-of-plugin]

This section is intended to be the same as in the deprecated plugins. However, it is advised to double-check it against the respective new default.cfg file.

NOTE:

Make sure to enter $ as the value of the parameter storing sensitive data and store the actual configuration parameters of the plugin in the Credential Store.

These parameters are the following in case of each plugin:

  • Duo: ikey and skey

  • inWebo: client_cert

  • Okta: api_key

  • RADIUS: secret

  • Safeguard: password

  • Starling 2FA: api_key

  • TPAM: server_user_key

  • YubiKey: api_key

For details on storing sensitive plugin data securely, see the following section of the respective plugin:

[users]

This configuration section was only included in certain plugins.

The following parameters were in the now deprecated [users] configuration section. They are mapped as follows:

[users]
<user-name-1>=<id-1>

This is now:

[usermapping source=explicit]
<user-name-1>=<id-1>
[plugin]

The following parameters were in the now deprecated [plugin] configuration section. They are mapped as follows:

  • [plugin]
    config_version=1

    This is now deleted.

  • [plugin]
    log_level=info

    This is now:

    [logging]
    log_level=info

    Note that log_level now only accepts strings as values. It does not accept integers.

  • [plugin]
    cred_store=<name-of-credstore-hosting-sensitive-data>

    This is now:

    [credential_store]
    name=<name-of-credstore-hosting-sensitive-data>
[auth]

The following parameters were in the [auth] configuration section. They are mapped as follows:

  • [auth]
    prompt=Hit Enter to send Duo push notification or provide the OTP:

    This has not changed.

  • [auth]
    whitelist=<name-of-the-user-list>

    This is now:

    [whitelist source=user_list]
    name=<name-of-the-user-list>
[username_transform]

The following parameters were in the [username_transform] configuration section. They are mapped as follows:

[username_transform]
append_domain=<name-of-the-domain-to-append-to-usernames>

This has not changed.

[ldap]

The following parameters were in the now deprecated [ldap] configuration section. They are mapped as follows:

  • [ldap]
    ldap_server_config=<ldap-configuration-name>

    This is now:

    [ldap_server]
    name=<ldap-configuration-name>
  • [ldap]
    filter=(&(cn={})(objectClass=inetOrgPerson))

    This is now deleted. It is automatically retrieved from the LDAP Server Policy from now on.

  • [ldap]
    user_attribute=cn

    This is now:

    [usermapping source=ldap_server]
    user_attribute=cn
[cache]

The following parameters were in the now deprecated [cache] configuration section. They are mapped as follows:

  • [cache]
    soft_timeout=0

    This is now:

    [authentication_cache]
    soft_timeout=0
  • [cache]
    hard_timeout=0

    This is now:

    [authentication_cache]
    hard_timeout=0
  • [cache]
    limit=0

    This is now:

    [connection_limit by=client_ip_gateway_user]
    conn_limit=0
[question_1]

The following parameters were in the now deprecated [question_1] configuration section. They are mapped as follows:

  • [question_1]
    key=nameofthekey

    This has not changed.

  • [question_1]
    prompt=prompt to ask from the user

    This has not changed.

  • [question_1]
    disable_echo=1

    This has not changed.

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级