Page History

Installation

1. Install the Indeed Enterprise Server by running

1. IndeedAM. Server-x64

1. .msi installer.

2. Add HTTPS binding in Default Web Site settings of IIS Manager.

1.  

   Info

   Indeed AM is a web application on the basis of IIS. “Require SSL” is a default installation setting, which, in turn, requires active HTTPS binding. If you do not plan to use HTTPS protocol, then deactivate SSL requirement in IIS settings for  easerver and in the server configuration file (C:\inetpub\wwwroot\easerver\Web.config). To do so, change the value of "requireHttps" parameter to "false". Example: <appSettings> <add key="requireHttps" value="false" /> </appSettings>

   
   

   1. Run IIS Manager and expand the Sites item.
   2. Select the Default Web Site site and click Bindings item in the Actions section.
   3. Click Add:
      1. Type - https.
      2. Port - 443.

1. 1. 1. Select the SSL Certificate.
   2. Save the binding.

Modifying a configuration file.

1. Open the server configuration file named Web.config (C:

1. \inetpub\wwwroot\easerver\Web.config).

2. Add a private key to sign the token of "

1. secretKey” parameter of

1. "logonSettings” tag. The "secretKey" parameter is used to create a user token in the "jwt” format. 

   Code Block
   language yml title Exemple
   <logonSettings secretKey="67d7e6caec61d61239dc0b05f86063ed899931b581fa1ed8140d7843b320fe02"/>

   
   

2. Define the system user directory. To do so, edit the adUserCatalogProvider tag parameters:

1. 1. id is the unique identifier of the directory.
   2. serverName is the name of Active Directory domain, where the said directory resides.
   3. containerPath is the path to the container in the form of Distinguished Name or the domain itself (again as DN), if the whole of the domain is used to store users.
   4. userName is the name of service account used to connect to the user directory.

   5. password is the password of the service account for the user directory in AD.

      Code Block
      language yml title Exemple
      <adUserCatalogProviders> <adUserCatalogProvider id="UserId" serverName="indeed.

1. 1. local" containerPath="DC=,DC=local" userName="IndeedCatalogUser" password="Q1q2E3e4"/> </adUserCatalogProviders>

      
      

2. Specify the root identifier of the provider to work with the directory. To do so, edit the rootUserCatalogProviderId attribute

1. of userCatalogProviderSettings tag.
   

   1. rootUserCatalogProviderId - set it to the value of Id attribute of  adUserCatalogProvider tag.

      Code Block
      language yml title Exemple
      <userCatalogProviderSettings rootUserCatalogProviderId="UserId">

      
      

2. Define the system data storage. In SQL Server, edit dbContextSettings tag and create mssqlDbContext tag with id and connectionString parameters.
   1. rootDbContextId is an the unique value of storage identifier.
   2. id - set it to the value of rootDbContextId tag.
   3. Add the connectionString parameter with built-in parameters:

      1. Data Source - this defines the server instance. The parameter is mandatory for all connections. Admissible values are: network name or server IP address, local or  localhost for local connections.

      2. Initial Catalog defines the database name.

      3. User Id is the user name to connect to the database.

      4. Password is user password to connect to the database.

         Code Block
         language yml title Exemple
         <dbContextSettings rootDbContextId="mssql"> <mssqlDbContexts> <mssqlDbContext id="mssql" connectionString="Data Source=EASERVER\EASERVER;Initial Catalog=AM_Server_7;User Id=Admin- DB;Password=Q1q2E3e4;"/> </mssqlDbContexts> </dbContextSettings>

         
         

3. Define the encryption key for the system data. To do so, edit the encryptionSettings tag parameters.
   1. cryptoAlgName specifies the encryption algorithm used.
   2. cryptoKey contains key values generated by the utility.

   3. certificateThumbprint - Thumbprint of the certificate used to encrypt the key (delete the attribute, if it is not to be used). 

      Code Block
      language yml title Exemple
      <encryptionSettings cryptoAlgName="Aes" cryptoKey="90ce7dbc3ff94a7867abc6672c23cce2c3717d38af42f04293130cb68a34ecc2"/>

      
      

4. Define the system administrator. To do so, edit the userId parameter of accessControlAdminSettings tag. 

   Note
   The user in question has to be within the user directory.

1. 
   

   1. UserId is the user identifier in the following format:

1. 1. “Directory identifier (rootUserCatalogProviderId); underscore;

1. 1. GUID of system administrator”. 

      Info
      GUID can be found with PowerShell command. For this, Remote Server Administration Tools component has to be installed.

1. 1. Code Block language powershell title Exemple Get-ADUser YouUserName -Properties * | Select ObjectGUID

      
      

2. Specify the

1. url to connect to log server. To do so, edit the logServer tag.

   1. URL is url to connect to log server in the following format http(s)://

1. 1. full_dns_name_of_server/ils/api. 

      Note
      If several servers are used, then you have to specify the load balancer address.

      
      

   2. CertificateThumbprint - this is to be defined if the private key is stored in the registry, and the certificate is in the PC storage.
   3. CertificateFilePath - this is to be defined, if the key pair is stored in pfx.
   4. CertificateFilePassword is the password for pfx.

Encryption / decryption of configuration file.

1. Run command line as Administrator.

2. In command line, switch to encryption utility folder. 

   Note

1. The utility encrypts the following sections: logServer, logonSettings, userCatalogProviderSettings, encryptionSettings, dbContextSettings. It is recommended to encrypt all the sections.

   Encryption / decryption of separate sections.

2. To encrypt a separate section, you have to execute the following command: EA. Config.Encryptor /encrypt "Path to server configuration file" "Section name”

   Code Block
   language yml title Exemple
   EA.Config.Encryptor /encrypt "C:\inetpub\wwwroot\easerver\Web.config" "logServer"

   
   

3. To decrypt a separate section, you have to execute the following command: EA. Config.Encryptor /decrypt "Path to server configuration file" "Section

1. name” 

   Code Block
   language yml title Exemple
   EA.Config.Encryptor /decrypt "C:\inetpub\wwwroot\easerver\Web.config" "logServer"

   Encryption/decryption of all sections.

1. To encrypt

1. all sections, run  encryptConfigs.bat

1. .Image Added
2. To decrypt

1. all sections, run  decryptConfigs.bat

1. .

1. Image Added

Initial configuration setup

1. Open the EA.Server.AccessControlInitialConfig.exe.config file for editing.

2. Edit the key attribute - value parameter is to be set to true, if Windows Token is planned to be used for authentication.

1.   If the server is within the domain, you can use one of the following providers: windows password, emailOTP, smsOTP. To do so, value is to be set to false.

1. Code Block
   language yml title Exemple
   <appSettings> <add key="eaServerUrl" value="http://192.168.1.2/easerver/"/> <add key="isWindowsAuth" value="true"/> </appSettings>

   
   

1. Run the EA.Server.AccessControlInitialConfig.exe utility at the domain machine under the user account, which is to become system administrator and which defined as administrator in the accessControlAdminSettings tag.

Image Added