Provisioning Configurator –
the Configuration Interface
Console Window – Overview
Start Provisioning Configurator by selecting the product icon created during the installation.
When starting the Configurator, a lock file is created. The file is located in the installation folder. The purpose is to enable a warning if more than one person is trying to edit the configuration at the same time on a server. The filename is “ProvisioningConfigurator.lck”, and the content is just a notification when the Configurator was started e.g. “2012-12-06 11:10:10”.
The lock file should automatically be removed when closing the Configurator.
The main configuration console window is divided in two different panes, left and right, and a menu bar. Usually, administration tasks are performed by selecting a configuration category object in the left pane and configuration options in the right pane. Some categories can have subcategories and can be selected by expanding the category object in the same way as browsing folders in a file system.
Remote Configuration
A Identity Provisioning configuration and a set of Action Packages can be transferred to or received from another Identity Provisioning via the menu Remote. This can be useful when the remote server is headless or the configuration must be uniform in several PIP instances.
Every time you save a configuration to the remote server, the previous configuration file is saved as a backup in the folder config_backup.
Settings
The remote configuration is sent between the server and the client using the web service listener at the remote server. The configuration for the web service listener can be found at Tools > Options.
Before remote configuration can be used it must be enabled on the remote server. If you are able to use the Provisioning Configurator on the remote server you follow these instructions:
- Click Tools > Options
- Enable Allow Remote Configuration
- Set a password in the password field
In a headless installation the remote configuration is enabled in the file remoteConfig.txt in the Identity Provisioning root folder.
Parameter | Description |
AllowRemoteConfig | Set to true to enable remote configuration, or false to disable. |
RemoteConfigPassword | The password for accessing the remote configuration. The value is encoded, but to set a new password you can write the password you want in clear text, and the next time PIP is reading the information, it will encode the password. |
Remote Menu Options
Option | Description |
Load Remote Configuration | Load configuration and (optional) the Action Packages, from a remote server. When using this function, you get the choice to save your current local configuration before loading the remote configuration. If loading Action Packages, you get a choice to save your currently loaded Action Packages as your backup.You can restore the Action Packages from your backup in the Action Package Manager when you are done. |
Save Remote Configuration | Save the configuration, and optional the Action Packages, to a remote server. |
Delete Remote Configuration | Delete a configuration file from a remote server. |
Load Remote Action Packages | Load the Action Packages from a remote server. When using this function, you get the choice to save your currently loaded Action Packages as your backup. You can restore the Action Packages from your backup in the Action Package Manager when you are done. |
Save Remote Action Packages | Save the current Action Packages to a remote server. |
Load Local Configuration | Restore the Action Packages from your backup, and load the configuration file config.aam from your local machine. |
Example – Load Remote Configuration
In your local Provisioning Configurator:
- Click Remote > Load Remote Configuration
- In the dialog Load Remote Configuration
- Remote Server URL: http://[host]:8080
- Password: *********
- File Name: Type your desired file name, or click the button to browse configuration files on the remote server.
- Click Ok
Note
- The Web Service listener must be started at the remote server. Otherwise the remote configuration will not work. If remote configuration is enabled, the Web Service listener will be started when Identity Provisioning service is started. But if you are using the Provisioning Configurator at the remote server, you have to manually start the Web Service listener using the Web Service button in the menu bar.
- The configuration for the Web Service listener is saved in the configuration file. If you are loading the configuration from the remote server and then saves it to the same remote server again, there is nothing to worry about. But if you load a local configuration and saves it as config.aam to the remote server, you have to check your Web Service configuration in Tools > Options, before saving the configuration.
- When you have loaded a configuration from the remote server, the Policy debugger will run the Policy on your local machine. This means that if you do not have access to the different resources you are using from your local machine, the Policy debugging will not work.
Options
To view, enable and change options in Provisioning Configurator, Click Tools > Options.
Settings can be made for:
Logging
Web Service Listener (such as Remote Configuration, mentioned above)
Other options
License expiration
Look and Feel
The setting for “Socket Timeout” applies to the internal database and SMTP.
When starting Identity Provisioning service, this will be the timeout for a connection to the internal database.
This is done, to verify that the service is not already started.
The parameter is also used for test of SMTP connection, as well as policy Preflight check against SMTP (if enabled).
Timeout against other databases (ODBC/JDBC) is set to 7 seconds and for LDAP the value is 10 seconds.
Menu Bar
The Provisioning Configurator menu bar with the most common menu selections.
The Select Pane (Left)
This pane is used to select a an object category to create, configure, delete or show information about configuration objects.
Data Sources
Data source objects contain configuration information about the Identity Provisioning connections to various user stores as well as user credentials to authenticate to them.
SMTP Settings
Is used to enable and configure SMTP options. Several actions can use the SMTP functionality to send information.
Schedules
Schedules are for policies, many schedules can be defined. A policy can be associated with several schedules.
Log Settings
The Logs Settings configuration object includes configuration options for Identity Provisioning log, severity levels and log files.
Alerts
Identity Provisioning can be configured to send alerts to administrators via SMS or e-mail when errors are occurring.
Alerts will be sent at the same time errors are detected.
Actions
The Provisioning Configurator is including many actions, and PhenixID constantly creates new actions and updates old ones.
Each action is a small package, and administrators only need to set configuration parameters. Developers can write specific actions following the PhenixID Identity Provisioning Developer’s Guide.
It is recommended to check regularly for updated actions and PIP core functionality.
Full description of all Actions and usage examples can be read in the Action documentation.
Policies
The node Policies shows all existing policies. Subcategory nodes can be created to sort policies.
For example:
Logs
Select and then view/search the log file for information.
The Configuration Pane (Right)
This pane is showing information about the different options available for the object type selected in the Select Pane (left).
Mouse Operations
Tool tip
- This application briefly shows context sensitive help when the mouse cursor remains over a defined spot, for example Menu Action, Property Value etc.
Left button
- Navigate the category structure by expanding or collapsing objects.
- Show and select actions in the Menu bar.
Right button
- View and select actions on configuration objects. Available actions depend on the object type.
- Show and select actions in the Menu bar.
Exit/Close (Button)
Is used to exit and close the Provisioning Configurator. The Configurator is verifying whether the configuration has been changed or not before closing. If modifications were made, a warning message will be displayed asking to save or cancel the configuration changes.