Skip to main content
Skip table of contents

Access local services from Identity Manager in the cloud

This article is valid for Smart ID 20.11.4 and later.

When Smart ID Identity Manager is running in the cloud it does not have access to internal customer systems, like, for example, LDAP. It can not be guaranteed that a service in the customer's network can be accessed. To get access to customer systems, the Smart ID Agent (DataSyncProxy) is used.

Read more here: Smart ID Agent (DataSyncProxy) in Identity Manager.

Prerequisites

  • JAVA Runtime (Version 11)

  • Access to local services (in order to do the required read/write operations)

  • Internet connection (in order to access Nexus GO Service)

Step-by-step instructions

Enable the Smart ID Agent to Identity Manager

  1. In Identity Manager Admin, go to Home > Data pool.

  2. To edit an existing data pool, double-click the data pool name.

  3. In the Data sources tab, select one of the data sources in the Type drop-down list.

  4. Check Smart ID Identity Manager - Agent enabled.

  5. Click Save.

Configure Smart ID Agent in Identity Manager

In the Identity Manager file system.properties, these are the standard settings for response intervals and timeouts for Identity Manager (for executing searches, exporting data, and so on) and Identity Manager Admin (for testing connection, getting the scim resource types and getting the attribute lists). If needed, they can be configured.

Example: Configure Smart ID Agent in system.properties
CODE
dataSync.responsePollingIntervalInMs=200
dataSync.responsePollingTimeoutInMs=30000
 
# when the connection timeout above occurs, spring logs a message on error level. To disable this enter: (Note: if you want to be sure not to miss any other logs do not turn this on)
dataSync.suppressSpringMvcExceptionsWhileTimeout=true

# When set, sends a request at defined interval to keep the connection open.
# You'll need to set it if you observe multiple registrations occur before the configured timeout
dataSync.keepAliveIntervalInMs=10000

Configure Smart ID Agent in customer system

Unpack the ZIP file containing application.yaml.

Configure application.yaml with the service parameters, see the example below.

In the urls you can configure one or multiple Identity Manager or Identity Manager Admin services. For all of them, the same tenant id and authentication method will be used. You can use basic authentication by configuring the userName and password, or client certificate authentication by configuring a keyStore and it's password. If both are configured, client certificate authentication will be used. If one or multiple of the services use a server certificate, which is not trusted by default, you can configure a trustStore and it's password containing the certificate to trust the server certificate.

Example: application.yaml

CODE
logging.config: ./log4j2.xml # Custom logging configuration
prime:
    urls: # Urls of the servers the agent should connect to
        - https://localhost:18443/idm
        - https://localhost:18443/idm-admin
    tenantId: 1 # Tenant id to connect to

    # Basic Authentication
    userName: admin
    password: admin
    # Client certificate authentication
    # keyStore: <path/to/your/keystore>
    # keyStorePassword: <keystore password>

    # Truststore for not trusted server certificate
    # trustStore: <path/to/your/truststore> 
    # trustStorePassword: <truststore password> 

reconnectDelay: 15000 # The delay how often the agent checks if the connection is still active (in milliseconds)
heartBeatTimeout:10000
  1. To start the Smart ID Agent:

    1. On Windows, execute the startup.bat

    2. On Linux execute the startup.sh.

  2. Depending on your system configuration you might need to modify it to use a compatible JAVA Runtime, see Prerequisites.

Install Smart ID Agent as Windows Service

You can install Smart ID Agent as a Windows Service.

Since it is not possible to run a jar as a service, you must use a third party software that will run as a service and itself run the jar.

  1. Download and install NSSM (Non-Sucking Service Manager) http://nssm.cc/download .
    From the command line, you can get a list of commands by typing nssm --help.

  2. Run the command nssm install to open the GUI to create a new service.

  3. In the Application tab, enter this information:

    1. Path - the path to your java.exe (for example, C:\Program Files\Java\jdk-11.0.8\bin\java.exe)

    2. Startup directory - the directory in which the application starts. Match it with the folder where the jar file is located (for example C:\path\to\application)

    3. Arguments - the arguments you use when starting the jar (for example, -Xms4g -Xmx8g -jar "C:\path\to\application\app.jar")

  4. In NSSM, go to the Details tab and enter:

    1. Display name and Description - self-explanatory, enter something appropriate.

    2. Startup type - Automatic is the default and preferred choice, so that your service starts with Windows.

    3. Service name - Give your service a unique name (do not use spaces, this is an identifier).

  5. Click Install service to finish the creation process.

  6. Once the service is installed, you can monitor it through the Task Manager app in the Services tab, or by opening the Services app directly. 

    You can also monitor as well as edit or remove your service with NSSM:

    • Edit a service, if you want to change a few things. This will open the same GUI as for the installation.
      nssm edit <servicename>

    • Remove a service.
      nssm remove <servicename>

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.