Versions Compared

Old Version 2

changes.mady.by.user Vladislav Fomichev

Saved on

compared with

New Version 3

changes.mady.by.user Vladislav Fomichev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Indeed AM Admin Console is a Web application based on IIS. This module performs system administration. It also handles all the settings of the system and of the users.


Info

Files of Admin Console reside in: indeed AM\Indeed AM Admin Console\<Version number>\

  • Indeed.AdminConsole-x64.msi is the installation package of Admin Console.

Additional AdminConsole installation files reside in: indeed AM\

  • Misc\Server2008\Indeed.AdminConsole.IIS.Install.MSServer2008.ps1 is the script file to install the required components of IIS server for Windows Server 2008.
  • Misc\Server2008\NDP452-KB2901907-x86-x64-AllOS-ENU.exe is the Microsoft .NET Framework 4.5.2  update package for Windows Server 2008. 
  • Misc\Server2012\AccessControlInitialConfig\Indeed.AdminConsole.IIS.Install.MSServer2012.ps1 is the script to install the required IIS server components for Windows Server 2012.

Installation

  1. Install the Admin Console by running Indeed.AdminConsole-x64.msi installer.

  2. Add HTTPS binding in Default Web Site settings of IIS Manager.

    Info

    Indeed AM Admin Console is a web application on the basis of IIS. “Require SSL” is a default installation setting, which, in turn, requires active HTTPS binding.

    If you do not plan to use https protocol, then deactivate SSL requirement in IIS settings for Admin Console. 


    1. Run IIS Manager and expand the Sites item.
    2. Select the Default Web Site site and click Bindings item in the Actions section.
    3. Click Add:
      1. Type - https.
      2. Port - 443.
      3. Select the SSL Certificate.
    4. Save the binding.
  3. Configure Kerberos delegation.
  4. Add Admin Console application to local Internet. 


Modifying a configuration file

  1. Open the console configuration file named Web.config (C:\inetpub\wwwroot\iidemc\Web.config).
  2. Specify the URL to connect to Indeed AM server for Url parameter in amAuthServer tag.

    1. Urlparameter is url address of Indeed server in the following format: http(s):// full_dns_name_of_server/easerver/

      Info

      To ignore server certificate errors, change the "isIgnoreCertErrors" parameter to "true" in "applicationSettings. config" file ( iidemc\Config ).


      Code Block
      languageyml
      titleExample
      <amAuthServer Url="https://amserv.indeed-id.local/easerver"/>


  3. Specify the url to connect to log server. To do so, edit the logServer tag.

    1. URL is url to connect to log server in the following format http(s)://full_dns_name_of_server/ils/api. 

      Note

      If several servers are used, then you have to specify the load balancer address


    2. CertificateThumbprint - this is to be defined if the private key is stored in the registry, and the certificate is in the PC storage.
    3. CertificateFilePath -this is to be defined, if the key pair is stored in pfx.

    4. CertificateFilePassword is the password for pfx.

      Code Block
      languageyml
      titleExample
      <logServer Url="http://log.indeed-id.local/ils/api/" CertificateThumbprint="" CertificateFilePath="" CertificateFilePassword=""/>


  4. Restart IIS server after modification of configuration files. Admin Console is available at the following address: “http(s)://full_dns_name_of_server/iidemc/"

Setting session Expiration Time

Info
This setting is optional
  1. Open the configuration file Indeed Admin Console applicationSettings.config:  C:\inetpub\wwwroot\iidemc\Config\applicationSettings.config.

  2. Specify a required value for the sessionExpirationTimeMinutes parameter. Default value: 30(minutes).

    Code Block
    languageyml
    <amApplicationSettings
  findUsersMaxResultCount="200"
  isIgnoreCertErrors="false"
  sessionExpirationTimeInMinutes="60"
  allowOverrideRandomPasswordGeneration="false"
/>


  3. Save changes in configuration file. 


Configuring of logging in to Admin Console using SAML IDP

Info

This setting is optional

  1. Open the console configuration file named Web.config (C:\inetpub\wwwroot\iidemc\Web.config).
  2. Specify the URL to connect to Indeed AM SAML server for LoginUrl parameter in amAuthentication tag.

    1. loginUrl parameter is URL address of the server with Indeed SAML idp component installed in the following format: http(s)://full_dns_name_of_server/iidsamlidp/

      Code Block
      languageyml
      titleExample
      <amAuthentication mode="Saml" loginUrl="http://saml.demo.local/iidsamlidp"/>


  3. In code:

    Code Block
    languageyml
    titleExample
    <authentication mode="Windows">
      <forms loginUrl="~/Account/Authenticate"></forms>
 </authentication>

    Change the value of mode parameter to Forms

    Code Block
    languageyml
    titleExample
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Authenticate"></forms>
 </authentication>


  4. Save changes in configuration file. 

    Info

    To disable domain login and password prompt, activate “Anonymous authentication” and deactivate “Windows authentication” for iidsamlidp, at the SAML server.


Configuring of logging out of Admin Console using SAML idp

  1. Open the console configuration file named Web.config (C:\inetpub\wwwroot\iidemc\Web.config).

  2. For amAuthentication tag, add enableLogout parameter set to true (false by default).

    Code Block
    languageyml
    titleExample
    <amAuthentication mode="Saml" loginUrl="http://saml.demo.local/iidsamlidp/" enableLogout="true"/>


  3. Open the SAML configuration file named Web.config (C:\inetpub\wwwroot\iidsamlidp\Web.config).

  4. Specify the Admin Console server URL address for EmcServiceUrl parameter of  amPartnerServiceProviderSettings tag.

    Code Block
    languageyml
    titleExample
    <amPartnerServiceProviderSettings SelfServiceUrl="http://dc.demo.local/iidselfservice/" EmcServiceUrl="http://dc.demo.local/iidemc/"/>



Backtotop