Settings

From Swivel Knowledgebase
Revision as of 12:52, 11 May 2017 by Admin (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Settings

You can generally access the USAM Admin console using the same username and PIN from a Admin Account on the Swivel Core server that the USAM is working with. However you may need to change some settings first if you are running a non standard installation.


These settings are under \home\swivel\.swivel\authentication-manager in a file called settings.properties

The first section dictates how the USAM should communicate with the Core Server. It is recommended you change the default secret before putting into production


 pinsafessl=false
 pinsafeserver=localhost
 pinsafecontext=pinsafe
 pinsafesecret=secret
 pinsafeport=8181


The next section dictates how the USAM should retrieve images from the core

 imagessl=false
 imageserver=localhost
 imagecontext=proxy
 imageport=8443
 selfsigned=true

This entry determines which Swivel Core server group a user must be a member of in order to access the USAM Admin console

 administrationGroup=PINsafeAdministrators


The following section defines the format of the certificates and keys used by the platform and where they are stored

 certificateIssuer=SAML_SP
 encryptionType=DSA
 publicKeyFileName=/keys/dsapubkey.der
 privateKeyFileName=/keys/dsaprivkey.der
 certificateFileName=/keys/dsacert.pem

Time Polling is used by the OneTouch Authentication method to determine how long the long in page will wait for the user's response.

 timeoutPolling=60000

When a user authenticates to a service the platform needs to map the presented ID to a user attribute associated with the user on the Swivel Core Server. This is usually their email address as this is the attribute generally used as a username by cloud service providers.

 federatedIDAttribute=email

This is the URL of the home page for the authentication manager

 applicationRootURL=http://127.0.0.1:8080/swivelauthenticationmanager

This is the url that will be used for GeoIP look ups. It is possible to host your own GeoIP server in which case this value would need to be changed accordingly

 freegeoipurl=https://freegeoip.net/xml/

The tomcat service will need restarting for changes to take affect.