Access local services from Identity Manager in the cloud
This article is valid for Smart ID 20.11.4 and later.
When Smart ID Identity Manager is running in the cloud it does not have access to internal customer systems, like, for example, LDAP. It can not be guaranteed that a service in the customer's network can be accessed. To get access to customer systems, the Smart ID Agent (DataSyncProxy) is used.
Read more here: Smart ID Agent (DataSyncProxy) in Identity Manager.
Prerequisites
JAVA Runtime (Version 11)
Access to local services (in order to do the required read/write operations)
Internet connection (in order to access Nexus GO Service)
Step-by-step instructions
Enable the Smart ID Agent to Identity Manager
In Identity Manager Admin, go to Home > Data pool.
To edit an existing data pool, double-click the data pool name.
In the Data sources tab, select one of the data sources in the Type drop-down list.
Check Smart ID Identity Manager - Agent enabled.
Click Save.
Configure Smart ID Agent in Identity Manager
In the Identity Manager file system.properties, these are the standard settings for response intervals and timeouts for Identity Manager (for executing searches, exporting data, and so on) and Identity Manager Admin (for testing connection, getting the scim resource types and getting the attribute lists). If needed, they can be configured.
Example: Configure Smart ID Agent in system.properties
dataSync.responsePollingIntervalInMs=200
dataSync.responsePollingTimeoutInMs=30000
# when the connection timeout above occurs, spring logs a message on error level. To disable this enter: (Note: if you want to be sure not to miss any other logs do not turn this on)
dataSync.suppressSpringMvcExceptionsWhileTimeout=true
# When set, sends a request at defined interval to keep the connection open.
# You'll need to set it if you observe multiple registrations occur before the configured timeout
dataSync.keepAliveIntervalInMs=10000
Configure Smart ID Agent in customer system
Unpack the ZIP file containing application.yaml.
Configure application.yaml with the service parameters, see the example below.
In the urls you can configure one or multiple Identity Manager or Identity Manager Admin services. For all of them, the same tenant id and authentication method will be used. You can use basic authentication by configuring the userName and password, or client certificate authentication by configuring a keyStore and it's password. If both are configured, client certificate authentication will be used. If one or multiple of the services use a server certificate, which is not trusted by default, you can configure a trustStore and it's password containing the certificate to trust the server certificate.
Example: application.yaml
logging.config: ./log4j2.xml # Custom logging configuration
prime:
urls: # Urls of the servers the agent should connect to
- https://localhost:18443/idm
- https://localhost:18443/idm-admin
tenantId: 1 # Tenant id to connect to
# Basic Authentication
userName: admin
password: admin
# Client certificate authentication
# keyStore: <path/to/your/keystore>
# keyStorePassword: <keystore password>
# Truststore for not trusted server certificate
# trustStore: <path/to/your/truststore>
# trustStorePassword: <truststore password>
reconnectDelay: 15000 # The delay how often the agent checks if the connection is still active (in milliseconds)
heartBeatTimeout:10000
To start the Smart ID Agent:
On Windows, execute the startup.bat
On Linux execute the startup.sh.
Depending on your system configuration you might need to modify it to use a compatible JAVA Runtime, see Prerequisites.
Install Smart ID Agent as Windows Service
You can install Smart ID Agent as a Windows Service.
Since it is not possible to run a jar as a service, you must use a third party software that will run as a service and itself run the jar.
Download and install NSSM (Non-Sucking Service Manager) http://nssm.cc/download .
From the command line, you can get a list of commands by typingnssm --help
.Run the command
nssm install
to open the GUI to create a new service.In the Application tab, enter this information:
Path - the path to your java.exe (for example, C:\Program Files\Java\jdk-11.0.8\bin\java.exe)
Startup directory - the directory in which the application starts. Match it with the folder where the jar file is located (for example C:\path\to\application)
Arguments - the arguments you use when starting the jar (for example,
-Xms4g -Xmx8g -jar "C:\path\to\application\app.jar"
)
In NSSM, go to the Details tab and enter:
Display name and Description - self-explanatory, enter something appropriate.
Startup type - Automatic is the default and preferred choice, so that your service starts with Windows.
Service name - Give your service a unique name (do not use spaces, this is an identifier).
Click Install service to finish the creation process.
Once the service is installed, you can monitor it through the Task Manager app in the Services tab, or by opening the Services app directly.
You can also monitor as well as edit or remove your service with NSSM:
Edit a service, if you want to change a few things. This will open the same GUI as for the installation.
nssm edit <servicename>
Remove a service.
nssm remove <servicename>