Nexus Documentation

Space shortcuts

Page tree

CURL vulnerability information (CVE-2023-38545)
Nexus awareness advisory on Microsoft's update KB5014754

Visit Nexus to get an overview of Nexus' solutions, read customer cases, access the latest news, and more.

This article describes how to use instance ID and role configuration to limit the access to a certain instance of Identity Manager Operator. For example, this can be useful if there are two instances which are intended for use on the internet and intranet, respectively. 


Expand/Collapse All

Step-by-step instruction

Set instance ID property

On Docker deployment, Smart ID 20.06 or later

  1. Navigate to the docker\compose folder of the Identity Manager client instance, for example: 

    Example: docker-compose.yml folder

    \docker\compose\identitymanager\operator

  2. Open the file docker-compose.yml for editing.

  3. Add a system.properties.idmInstanceId entry with a unique and descriptive instance ID name: 

    Example: instance ID in system.properties
    services:
  idm-operator:
    ...
    labels:
		...
        - "system.properties.idmInstanceId=instanceName"

  4. Save the file.

On legacy installation, 3.12.x or older

  1. Navigate to the WEB-INF\classes folder of the Identity Manager client instance, for example: 

    Example: system.properties folder

    \tomcat\webapps\prime_explorer\WEB-INF\classes

  2. Open the file system.properties for editing.

  3. Update idmInstanceId to a unique and descriptive name: 

    Example: instance ID in system.properties
    #In a multi-node env the instance ID is the value that uniquely identifies each Tomcat
idmInstanceId=instanceName
    The old property detailedUserInformationCreator.explorerInstanceId also still works for the same setting.
  4. Save the file. 

Set available instance IDs in role

To limit an Identity Manager role to only access certain instances, update the Instance Ids field in the Role configuration with one or more idmInstanceId values that were configured in system.properties.

For more information, see the section For roles: Limit access to certain instance IDs in Set permissions from Identity Manager users or roles.

Example use case: internet and intranet instances

Settings

Instances of Identity Manager Operator:

  • instanceId = Internet
  • instanceId = Intranet

Roles: 

  • Administrator: limited to Intranet
  • User: all instances available.
    This is set by leaving the Instance Ids field empty in the Role settings.  

User:

  • admin, with assigned roles: Administrator, User

Resulting behavior

  • When the admin user logs into Identity Manager Operator using the Tomcat instance Intranetthey will have the role Administrator.
  • When the admin user logs into Identity Manager Operator using the Tomcat instance Internet, they will have the role User.


If no instanceId is set in system.properties, then a user that logs in to that instance will only be able to use roles that are available on every instance. 

With the scenario above, this means:

  • When the admin user logs in to an instance without instanceId, they will have the role User.

 

This article is valid for Smart ID 20.11.2 and later. 

Related information

Copyright 2023 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions