This article describes how to configure different databases for Smart ID Digital Access component.
Sometimes In some cases the built-in database used by default in Digital Access component can be considered insufficient; , for example , when the storage requirements surpass the capabilities of the built-in database, or if more than one services service is used for load-balancing/high availability. It is then possible to change what which database the Digital Access component uses.
Digital Access uses four databases, they are:
- User database: for storing user specific information
- OATH database: for storing information specific to OATH authentication
- OAuth database: for storing Oauth specific information
- Reporting database: for storing information which is used for generating reports, notification events.
| Note |
|---|
To start Digital Access none of the above databases are mandatory. But to use all the functionality provided with Digital Access you need to set up and configure these databases. |
Configure databases| Note |
|---|
| title | Configure database settings in Digital Access Admin |
|---|
|
From Digital Access 6.4.0 and later versions, make sure to configure the database settings in Digital Access Admin only. A configuration already existing in customize.conf will be ignored after the upgrade and the settings should be stored in RemoteConfiguration.xml through Digital Access Admin instead. |
| Expand |
|---|
|
- Before you can configure the databases in Digital Access, you must create the databases manually in the desired database server. It is not required to create tables inside the databases. When Digital Access Admin service starts, it will do a lookup for all the tables and if not found it will create tables automatically.
|
Only to | is the default PostgreSQL database, which is already installed in Digital Access |
|
version version | 6.0.5. It is not recommended |
|
not | to use this database in production systems |
|
but to use some | . Use an external database instead. Read the vendor-specific documentation on how to properly create a database. |
|
You can configure a Digital Access database in two ways:
- in Digital Access Admin or
- in the configuration file customize.conf
Configure database | Expand |
|---|
|
Digital Access uses four databases: | Database | Description |
|---|
| User database | Used for storing user-specific information. | | OATH database | Used for storing information specific to OATH authentication. | | OAuth database | Used for storing Oauth-specific information. | | Reporting database | Used for storing information used for generating reports, notification events. |
|
| Expand |
|---|
title | Databases that can be configured You can configure all Digital Access databases in Digital Access Admin
User, OATH and OAuth databases can be configured using Digital Access Admin (this is the recommended way).
Reporting database can only be configured via customize.confas well as enable/disable databases that are not used. For example, if you are not using OAuth2 or Open ID Connect, you can disable the Oauth database. Similarly, all other databases can be disabled if they are not used.
For certain authentication methods where DA depends on user data, it is mandatory to have the User database set.
In case of a fresh setup, all the databases will be disabled by default and Digital Access will not log any errors or try connecting to any databases if they are not enabled. Make sure you enable and save the respective database settings in use.
| Expand |
|---|
| title | Configure User database |
|---|
|
Default The default database name and user for this database is “hag”. If you use another database name and user, then make sure to modify it in the configuration accordingly. - Log in to Digital Access Admin with an administrator account.
- Go to Manage System > User Database.
- In the Database drop-down list, select database. The list contains the default configurations for the databases. If you use other databases which are not listed or need to change the default settings like port, or database drivers to use, then click on Advanced Fields. See also step 6. Click “?” for more help.
- Enter Host and Name. The system will convert this information to the form shown in the Advanced Fields.
- Enter User, Password and Retry Attempts, click “? “For help.
- If you don't do not want to configure a database in the Database drop-down list, but need to change the default settings like port, or database drivers to use, click Toggle Advanced Fields and enter Dialect, Url and Driver. Click “?” for help.
When done, click Save. Check Copy all users when you want to copy all users from the current configuration to the one about to be saved. - When this page is saved it will save the information currently displayed. If the settings are saved while displaying the Standard Fields (Database, Host and Name) the information in the Standard Fields will be used, regardless of what manual changes has been made in the Advanced Fields. The same applies the other way around. If the page is saved while displaying the Advanced Fields the information in those fields will be used, regardless of what information might have been entered in the Standard Fields.
- Publish the configuration.
|
| Expand |
|---|
| title | Configure OATH database |
|---|
|
Default The default database name and user for this database is “oath”. If you use another database name and user, then make sure to modify it in the configuration accordingly. - Log in to Digital Access Admin with an administrator account.
- Go to Manage System and click OATH Configuration.
- In the Database drop-down list, select database. The list contains the default configurations for the databases. If you use other databases which are not listed or need to change the default settings like port, or database driver, then click on Advanced Fields.
See also step 6. Click “?” for more help. - Enter Host and Name, for help click “?”When saving, the system will convert this information to the form shown in the Advanced Fields.
- Enter User, Password and number of Retry Attempts. Click “?“For help.
- If you don't do not want to configure a database in the Database drop-down list, but need to change the default settings like port, or database drivers, click Toggle Advanced Fields and enter Dialect, URL and Driver. For help and examples, click “?”.
- When done, click Save.
When this page is saved it will save the information currently displayed. If the settings are saved while displaying the Standard Fields (Database, Host and Name) the information in the Standard Fields will be used, regardless of what manual changes has been made in the Advanced Fields. The same applies the other way around. If the page is saved while displaying the Advanced Fields the information in those fields will be used, regardless of what information might have been entered in the Standard Fields. - Publish the configuration.
After the changes to the database connectivity settings have been published, you must restart the Authentication service. This, A restart is needed since the Authentication service only reads its database settings on startup. |
| Expand |
|---|
| title | Configure OAuth database |
|---|
|
Default The default database name and user for this Database is “oauth”. If you use another database name and user, then make sure to modify it in the configuration accordingly. - Log in to Digital Access Admin with an administrator account.
- Go to Manage System > OpenID Connect (OAuth2) Configuration > Configure Database Connection.
- In the Database drop-down list, select database. The list contains the default configurations for the databases If you use other databases which is not listed or need to change the default settings like port, or database driver, then click on Advanced Fields. See also step 6. Click “?” for more help.
- Enter Host and Name, for help click “?”. When saving, the system will convert this information to the form shown in the Advanced Fields.
- Enter User, Password and number of Retry Attempts. Click “?“ for help.
- If you want to configure a database not in the Database drop-down list, or need to change the default settings like port, or database drivers, click Toggle Advanced Fields and enter Dialect, URL and Driver. For help and examples, click “?”.
- When done, click Save.
When this page is saved it will save the information currently displayed. If the settings are saved while displaying the Standard Fields (Database, Host and Name) the information in the Standard Fields will be used, regardless of what manual changes has been made in the Advanced Fields. The same applies the other way around. If the page is saved while displaying the Advanced Fields the information in those fields will be used, regardless of what information might have been entered in the Standard Fields. - Publish the configuration.
|
Configure database from customizeconf file| Expand |
|---|
| title | Important note regarding customize.conf |
|---|
|
Configuring databases using the customize.conf file is recommended only for Reporting database because it cannot be configured from Digital Access Admin. For User, OATH, and Oauth databases, it is always recommended to use Digital Access Admin. The purpose of configuring database other than Reporting from customize.conf should be for initial setup of Digital Access. Configuration done in customize.conf will be overwritten and ignored as soon as any of the database settings for User, OATH and Oauth are added/modified from Digital Access Admin. If the database values are configured via customize.conf, it will not be reflected in Digital Access Admin but the databases will still remain connected. |
| Expand |
|---|
| title | Configure Reporting database |
|---|
|
To configure the Reporting database, you edit the configuration file and add the required Java parameters.
Check if the file customize.conf exists in /opt/nexus/config/administration-service/config/. If so, continue to step 4.If customize.conf does not exist, copy the template file to create it. Type this at the prompt: cp customize-template.conf customize.confChange permissions of the file so it can be read by the Authentication service: chown pwuser:pwuser customize.confOpen customize.conf.In the section wrapper.java.additional, add the required parameters as listed below.
| Code Block |
|---|
| title | PostgreSQL DB server |
|---|
|
-Dcom.portwise.core.database.driver=org.postgresql.Driver
-Dcom.portwise.core.database.url=jdbc:postgresql://127.0.0.1/reporting
-Dcom.portwise.core.database.user=postgres
-Dcom.portwise.core.database.password=<password>
-Dcom.portwise.core.database.dialect=org.hibernate.dialect.PostgreSQL9Dialect |
| Code Block |
|---|
|
-Dcom.portwise.core.database.driver=oracle.jdbc.driver.OracleDriver
-Dcom.portwise.core.database.url=jdbc:oracle:thin:@10.0.0.1:1521:reporting
-Dcom.portwise.core.database.user=user4
-Dcom.portwise.core.database.password=<password>
-Dcom.portwise.core.database.dialect=org.hibernate.dialect.Oracle10gDialect |
| Code Block |
|---|
|
-Dcom.portwise.core.database.driver=com.microsoft.sqlserver.jdbc.SQLServerDriver
-Dcom.portwise.core.database.url=jdbc:sqlserver://10.0.0.1:1433;databaseName=reporting
-Dcom.portwise.core.database.user=sa
-Dcom.portwise.core.database.password=<password>
-Dcom.portwise.core.database.dialect=org.hibernate.dialect.SQLServer2008Dialect |
| Code Block |
|---|
|
-Dcom.portwise.core.database.driver=org.mariadb.jdbc.Driver
-Dcom.portwise.core.database.url=jdbc:mysql://127.0.0.1/reporting
-Dcom.portwise.core.database.user=root
-Dcom.portwise.core.database.password=<password>
-Dcom.portwise.core.database.dialect=org.hibernate.dialect.MariaDBDialect |
Restart the Administration Service.
| Expand |
|---|
| title | Configure User, OATH and OAuth databases |
|---|
|
To configure the User, OATH and Oauth database, you edit the configuration file and add the required Java parameters. - Check if the file customize.conf exists in /opt/nexus/config/administration-service/config/. If so, continue to step 4.
- If customize.conf does not exist, copy the template file to create it. Type at the prompt:
cp customize-template.conf customize.conf - Change permissions of the file so it can be read by the Authentication service:
chown pwuser:pwuser customize.conf - Open customize.conf.
In the section wrapper.java.additional, add the required parameters as listed below. If you are using another database, replace the url parameter jdbc:postgresql with jdbc:sqlserver or jdbc:mysql or jdbc:oracle | Code Block |
|---|
| wrapper.java.additional.33=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.hag_url=jdbc:postgresql://<IP>/hag
wrapper.java.additional.34=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.hag_pwd=password
wrapper.java.additional.35=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.hag_user=hag
wrapper.java.additional.36=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oath_url=jdbc:postgresql://<IP>/oath
wrapper.java.additional.37=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oath_pwd=password
wrapper.java.additional.38=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oath_user=oath
wrapper.java.additional.39=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oauth_url=jdbc:postgresql://<IP>/oauth
wrapper.java.additional.40=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oauth_pwd=password
wrapper.java.additional.41=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oauth_user=oauth |
Note: The numbering mentioned above should begin with whatever is the last number configured in customize.conf - Make similar changes to customize.conf file in the Authentication and Policy service.
- Restart the services.
|
| Configure Reporting database |
|
The default database name and user for this Database is “reporting”. If you use another database name and user, make sure to modify it in the configuration accordingly. - Log in to Digital Access Admin with an administrator account.
- Go to Manage System > Reporting Database
- In the Database drop-down list, select database. The list contains the default configurations for the databases If you use other databases which is not listed or need to change the default settings like port, or database driver, then click on Advanced Fields. See also step 6. Click “?” for more help.
- Enter Host and Name, for help click “?”. When saving, the system will convert this information to the form shown in the Advanced Fields.
- Enter User, Password and number of Retry Attempts. Click “?“ for help.
- If you want to configure a database not in the Database drop-down list, or need to change the default settings like port, or database drivers, click Toggle Advanced Fields and enter Dialect, URL and Driver. For help and examples, click “?”.
- When done, click Save.
When this page is saved it will save the information currently displayed. If the settings are saved while displaying the Standard Fields (Database, Host and Name) the information in the Standard Fields will be used, regardless of what manual changes has been made in the Advanced Fields. The same applies the other way around. If the page is saved while displaying the Advanced Fields the information in those fields will be used, regardless of what information might have been entered in the Standard Fields. - Publish the configuration.
- Restart the admin service after changes in the Reporting database.
|
