Page History

Installation

1. Install the Indeed Enterprise Server by AM by running IndeedAM. Server-x64.msi installer.

2. Add HTTPS binding in Default Web Site settings of IIS Manager. 

   Info

   Indeed AM is a web application on the basis of IIS. “Require SSL” is a default installation setting, which, in turn, requires active HTTPS binding. If you do not plan to use HTTPS protocol, then deactivate SSL requirement in IIS settings for  easerver and in the server configuration file (C:\inetpub\wwwroot\easerver\Web.config). To do so, change the value of "requireHttps" parameter to "false". Example: <appSettings> <add key="requireHttps" value="false" /> </appSettings>

   
   

   1. Run IIS Manager and expand the Sites item.
   2. Select the Default Web Site site and click Bindings item in the Actions section.
   3. Click Add:
      1. Type - https.
      2. Port - 443.
      3. Select the SSL Certificate.
   4. Save the binding.

Modifying a configuration file.

1. Open the server configuration file named Web.config (C:\inetpub\wwwroot\easerver\Web.config).

2. Add a private key to sign the token of "secretKey” parameter of "logonSettings” tag. The "secretKey" parameter is used to create a user token in the "jwt” format. 

   Code Block
   language yml title Example
   <logonSettings secretKey="67d7e6caec61d61239dc0b05f86063ed899931b581fa1ed8140d7843b320fe02"/>

   
   

3. Define the system user directory. To do so, edit the adUserCatalogProvider tag parameters:
   1. id is the unique identifier of the directory.
   2. serverName is the name of Active Directory domain, where the said directory resides.
   3. containerPath is the path to the container in the form of Distinguished Name or the domain itself (again as DN), if the whole of the domain is used to store users.
   4. userName is the name of service account used to connect to the user directory.

   5. password is the password of the service account for the user directory in AD.

      Code Block
      language yml title Example
      <adUserCatalogProviders> <adUserCatalogProvider id="UserId" serverName="indeed.local" containerPath="DC=,DC=local" userName="IndeedCatalogUser" password="Q1q2E3e4"/> </adUserCatalogProviders>

      
      

4. Specify the root identifier of the provider to work with the directory. To do so, edit the rootUserCatalogProviderId attribute of userCatalogProviderSettings tag.
   

   1. rootUserCatalogProviderId - set it to the value of Id attribute of  adUserCatalogProvider tag.

      Code Block
      language yml title Example
      <userCatalogProviderSettings rootUserCatalogProviderId="UserId">

      
      

5. Define the system data storage. If Active Directory is used as data storage, edit the rootDbContextId parameter of dbContextSettings tag and adDbContext tag parameters.
   1. rootDbContextId is the unique value of storage identifier.
   2. id - set it to the value of rootDbContextId tag.
   3. path is LDAP path to the data container in Active Directory. It is recommended to specify it in the "serverless binding” format.
   4. userName is the name of service account used to connect to the storage.

   5. password is the password of the service account for the user directory in AD.

      Code Block
      language yml title Example
      <dbContextSettings rootDbContextId="mssql"> <mssqlDbContexts> <mssqlDbContext id="mssql" connectionString="Data Source=EASERVER\EASERVER;Initial Catalog=AM_Server_7;User Id=Admin- DB;Password=Q1q2E3e4;"/> </mssqlDbContexts> </dbContextSettings>

      
      

6. Define the encryption key for the system data. To do so, edit the encryptionSettings tag parameters.
   1. cryptoAlgName specifies the encryption algorithm used.
   2. cryptoKey contains key values generated by the utility.

   3. certificateThumbprint - Thumbprint of the certificate used to encrypt the key (delete the attribute, if it is not to be used). 

      Code Block
      language yml title Exemple
      <encryptionSettings cryptoAlgName="Aes" cryptoKey="90ce7dbc3ff94a7867abc6672c23cce2c3717d38af42f04293130cb68a34ecc2"/>

      
      

7. Define the system administrator. To do so, edit the userId parameter of accessControlAdminSettings tag. 

   Note
   The user in question has to be within the user directory.

   
   

   1. UserId is the user identifier in the following format: “Directory identifier (rootUserCatalogProviderId); underscore; GUID of system administrator”. 

      Info
      GUID can be found with PowerShell command. For this, Remote Server Administration Tools component has to be installed. Code Block language powershell title Example Get-ADUser YouUserName -Properties * | Select ObjectGUID

      
      

8. Specify the url to connect to log server. To do so, edit the logServer tag.

   1. URL is url to connect to log server in the following format http(s)://full_dns_name_of_server/ils/api. 

      Note
      If several servers are used, then you have to specify the load balancer address.

      
      

   2. CertificateThumbprint - this is to be defined if the private key is stored in the registry, and the certificate is in the PC storage.
   3. CertificateFilePath - this is to be defined, if the key pair is stored in pfx.
   4. CertificateFilePassword is the password for pfx.

Encryption / decryption of configuration file.

1. Run command line as Administrator.

2. In command line, switch to encryption utility folder. 

   Note
   The utility encrypts the following sections: logServer, logonSettings, userCatalogProviderSettings, encryptionSettings, dbContextSettings. It is recommended to encrypt all the sections.

   Encryption / decryption of separate sections.

3. To encrypt a separate section, you have to execute the following command: EA. Config.Encryptor /encrypt "Path to server configuration file" "Section name”

   Code Block
   language yml title Example
   EA.Config.Encryptor /encrypt "C:\inetpub\wwwroot\easerver\Web.config" "logServer"

   
   

4. To decrypt a separate section, you have to execute the following command: EA. Config.Encryptor /decrypt "Path to server configuration file" "Section name” 

   Code Block
   language yml title Example
   EA.Config.Encryptor /decrypt "C:\inetpub\wwwroot\easerver\Web.config" "logServer"

   Encryption/decryption of all sections.

1. To encrypt all sections, run  encryptConfigs.bat.
2. To decrypt all sections, run  decryptConfigs.bat.

Initial configuration setup

1. Open the EA.Server.AccessControlInitialConfig.exe.config file for editing.

2. Edit the key attribute - value parameter is to be set to true, if Windows Token is planned to be used for authentication.  If the server is within the domain, you can use one of the following providers: windows password, emailOTP, smsOTP. To do so, value is to be set to false.

   Code Block
   language yml title Example
   <appSettings> <add key="eaServerUrl" value="http://192.168.1.2/easerver/"/> <add key="isWindowsAuth" value="true"/> </appSettings>

   
   

3. Run the EA.Server.AccessControlInitialConfig.exe utility at the domain machine under the user account, which is to become system administrator and which defined as administrator in the accessControlAdminSettings tag.