Difference between revisions of "Settings"
m (1 revision imported) |
|
(No difference)
|
Latest revision as of 12:52, 11 May 2017
Settings
You can generally access the USAM Admin console using the same username and PIN from a Admin Account on the Swivel Core server that the USAM is working with. However you may need to change some settings first if you are running a non standard installation.
These settings are under \home\swivel\.swivel\authentication-manager in a file called settings.properties
The first section dictates how the USAM should communicate with the Core Server. It is recommended you change the default secret before putting into production
pinsafessl=false pinsafeserver=localhost pinsafecontext=pinsafe pinsafesecret=secret pinsafeport=8181
The next section dictates how the USAM should retrieve images from the core
imagessl=false imageserver=localhost imagecontext=proxy imageport=8443 selfsigned=true
This entry determines which Swivel Core server group a user must be a member of in order to access the USAM Admin console
administrationGroup=PINsafeAdministrators
The following section defines the format of the certificates and keys used by the platform and where they are stored
certificateIssuer=SAML_SP encryptionType=DSA publicKeyFileName=/keys/dsapubkey.der privateKeyFileName=/keys/dsaprivkey.der certificateFileName=/keys/dsacert.pem
Time Polling is used by the OneTouch Authentication method to determine how long the long in page will wait for the user's response.
timeoutPolling=60000
When a user authenticates to a service the platform needs to map the presented ID to a user attribute associated with the user on the Swivel Core Server. This is usually their email address as this is the attribute generally used as a username by cloud service providers.
federatedIDAttribute=email
This is the URL of the home page for the authentication manager
applicationRootURL=http://127.0.0.1:8080/swivelauthenticationmanager
This is the url that will be used for GeoIP look ups. It is possible to host your own GeoIP server in which case this value would need to be changed accordingly
freegeoipurl=https://freegeoip.net/xml/
The tomcat service will need restarting for changes to take affect.