inPoint.Server
Web.Config
This chapter describes the important settings of the web.config.
Location: "C:\Program Files (x86)\HS Europe\inPoint.Enterprise\inPoint.WebDav\web\web.config"
Archive configuration
<PamArchiveConfig ExternalFile="" />
- Path to inPoint.Archive.config
- This config contains also the database connection string
- Example:
../../inPoint.Archive/inPoint.Archive.config
LDAP/LDAPS & authentication settings
<add key="LDAPAuthenticationDomain" value=""/>
- Indicates the domain name(s) to connect to for synchronizing users from Active Directory. By default, the connection will use the LDAP port 389.
- Multiple domains can be added with a "," seperator.
- The domain name must be in fully qualified domain name (FQDN) format.
- Example:
domain.local, domain2.local
- Example:
- The domain name can also include a port number if the domain controller is listening on a non-standard port. The format is
<domain name in FQDN format>:<port number>.- Example:
domain.local:123
- Example:
- To use LDAPS, specify the
sslsuffix in theLDAPAuthenticationDomain. The format is<domain name in FQDN format>:ssl. This will use the default LDAPS port, which is 636.- Example:
domain.local:ssl
- Example:
- To configure LDAPS on a custom port, include also a port number after the domain name. The format is
<domain name in FQDN format>:<port number>:ssl.- Example:
domain.local:123:ssl
- Example:
<add key="LDAPAuthenticationUser" value=""/>
- Can be empty or contain the user account required for connecting to Active Directory.
- If provided, the user name must be in fully qualified domain name (FQDN) format.
- Example:
testUser@domain.local
<add key="LDAPAuthenticationPassword" value=""/>
- Can be empty or contain the user password required for connecting to Active Directory.
- If provided, the password must be encrypted.
NOTE:
When theLDAPAuthenticationUserandLDAPAuthenticationPasswordkeys are not set, the Pam.Archive service account's credentials will be used when accessing the Active Directory objects. If the system is configured to read deleted users from Active Directory, then it's accessing the Deleted Objects container in Active Directory, which requires specific permissions. In order to access Deleted Objects container with emptyLDAPAuthenticationUserandLDAPAuthenticationPasswordkeys, the service account must have the permission. For a detailed description please see the Reading the Active Directory Deleted Objects container section.
<add key="FallbackNTDomain" value=""/>
- When the inPoint server receives a "weak" user name without a domain = SamAccountName (not FQDN and not DOWNLEVEL_LOGON_NAME), this domain will be used for getting the DOWNLEVEL_LOGON_NAME to find the user in the PAM_USERREFERENCE table.
- Examples:
- User=TestUser, FallbackNTDomain=empty => Error
- User=TestUser, FallbackNTDomain=
domain.local=> User will be fully qualified and authenticated asTestUser@domain.local - User=
TestUser@domain.local=> FallbackNTDomain will be not used.
<add key="identityAuthority" value=""/>
- URL to the identity Server.
- Will be used for authentication.
- Example:
https://testServer.domain.local:5443
<add key="impersonationusers" value=""/>
- Users allowed to impersonate as any other user without the password.
- Multiple usernames are allowed and sparated with ';'
- Example:
Domain\testUser
Server connection URL
<add key="pam4url" value=""/>
- This value will be used by the server. (As example for the loader or WebDav)
- Example:
http://testMachine:80/Pam.Web/
WebDAV support
<add key="pamWebDavUrl" value="" />
This will be used for the WebDAV communication, it must be the external full name of the server.
If this value is empty the value of pam4url + "/webdav" will be used.
Example: https://testServer.domain.local/Pam.Web/webdav
'Office Forms Based Authentication' for WebDAV
When using Microsoft Office Forms Based Authentication the use of HTTPS is required and it has to be enabled in inPoint Identity
HTTPS support
The following binding must be added to the Unify.WCF & Pam.WCF service endpoints if the server connection should run with HTTPS:
"wsHttpBinding_PamWCF_wia_ssl"
Example:
<service behaviorConfiguration="PamWCFBehavior_wia" name="Pam.WCF.PamWCF">
<endpoint address="/wia" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_PamWCF_wia_ssl" contract="Pam.WCF.IPamWcf"/>
</service>
<service behaviorConfiguration="UnifyWCFBehavior_wia" name="Pam.Unify.WCF.UnifyWcf">
<endpoint address="/wia" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_PamWCF_wia_ssl" contract="Pam.Unify.WCF.IUnifyWcf"/>
</service>
Feeds (HTTPS connection): Add the following binding and service endpoint if the Feed connection should run with HTTPS.
Binding:
<webHttpBinding>
<binding name="wbBind_ssl">
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
Service endpoint:
<service behaviorConfiguration="UnifyWCFBehavior_wia" name="Pam.Unify.WCF.UnifyWcf">
<endpoint address="/feed" binding="webHttpBinding" bindingConfiguration="wbBind_ssl" behaviorConfiguration="RESTFeed" contract="Pam.Unify.WCF.IUnifyFeed" />
</service>
Notification service
<PamNotification Retries="5" TestRecipient="">
<SMTPSettings Server="" Port="25" EnableSsl="false" Sender="" SenderName="" User="" Password="" BulkMerge="" />
</PamNotification>
- Configuration section for sending emails.
Log4Net reference
<appSettings>
<add key="log4net.Config" value="..\log4net.config"/>
<add key="log4net.Config.Watch" value="True" />
</appSettings>
- Path to the log4net.config
- Must be not the same directory like "..\inPoint.Enterprise\inPoint.WebDav\web" otherwise the IIS will be reset after every change in the file.
Conversion service
<add key="PamConversionServiceWS" value="" />
- URL for the conversion service.
- Example:
net.tcp://TestServer:5100/Pam.Conversion.Service