Versions Compared

Old Version 2

changes.mady.by.user Josefin Klang (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Josefin Klang (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This article includes updates for Digital Access 6.4.0.


This article describes how to configure different databases

...

for Smart ID Digital Access component.

...

In some cases the built-in database used by default in Digital Access component can be considered insufficient

...

, for example

...

when the storage requirements surpass the capabilities of the built-in database, or if more than one

...

service is used for load-balancing/high availability. It is then possible to change

...

which database the Digital Access component uses.

Types of databases

Digital Access uses four databases, they are:

  • User database: for storing user specific information
  • OATH database: for storing information specific to OATH authentication
  • OAuth database: for storing Oauth specific information
  • Reporting database: for storing information which is used for generating reports, notification events.
Note

To start Digital Access none of the above databases are mandatory.

But to use all the functionality provided with Digital Access you need to set up and configure these databases.

...

Note
titleConfigure database settings in Digital Access Admin

From Digital Access 6.4.0 and later versions, make sure to configure the database settings in Digital Access Admin only.

A configuration already existing in customize.conf will be ignored after the upgrade and the settings should be stored in RemoteConfiguration.xml through Digital Access Admin instead.


Expand
titlePrerequisites
  • Before you can configure the databases in Digital Access, you must create the databases manually in the desired database server. It is not required to create tables inside the databases. When Digital Access Admin service starts, it will do a lookup for all the tables and if not found it will create tables automatically.
Note

...

The only exception

...

is the default PostgreSQL database, which is already installed in Digital Access

...

versions prior to

...

6.0.5. It is not recommended

...

to use this database in production systems

...

. Use an external database instead. Read the vendor-specific documentation on how to properly create a database.

You can configure a Digital Access database in two ways:

  • in Digital Access Admin or
  • in the configuration file customize.conf

...

Database types in Digital Access

Expand
titleDatabase types

Digital Access uses four databases:

DatabaseDescription
User databaseUsed for storing user-specific information.
OATH databaseUsed for storing information specific to OATH authentication.
OAuth databaseUsed for storing Oauth-specific information.
Reporting database

Used for storing information used for generating reports, notification events.

Configure databases in Digital Access Admin

...

You can configure all Digital Access databases in Digital Access Admin

...

User, OATH and OAuth databases can be configured using Digital Access Admin (this is the recommended way).

...

as well as enable/disable databases that are not used. For example, if you are not using OAuth2 or Open ID Connect, you can disable the Oauth database. Similarly, all other databases can be disabled if they are not used.

For certain authentication methods where DA depends on user data, it is mandatory to have the User database set. 

In case of a fresh setup, all the databases will be disabled by default and Digital Access will not log any errors or try connecting to any databases if they are not enabled. Make sure you enable and save the respective database settings in use.

Expand
titleConfigure User database

...

The default database name and user for this database is “hag”. If you use another database name and user,

...

make sure to modify it in the configuration accordingly.

  1. Log in to Digital Access Admin with an administrator account.
  2. Go to Manage System > User Database.
  3. In the Database drop-down list, select database. The list contains the default configurations for the databases. If you use other databases which are not listed or need to change the default settings like port, or database drivers to use, then click on Advanced Fields. See also step 6. Click “?” for more help.
  4. Enter Host and Name. The system will convert this information to the form shown in the Advanced Fields.
  5. Enter UserPassword and Retry Attempts, click “? “For help.
  6. If you

...

  1. do not want to configure a database in the Database drop-down list, but need to change the default settings like port, or database drivers to use, click Toggle Advanced Fields and enter DialectUrl and Driver. Click “?” for help.

  2. When done, click Save.

    1. Check Copy all users when you want to copy all users from the current configuration to the one about to be saved.

    2. When this page is saved it will save the information currently displayed. If the settings are saved while displaying the Standard Fields (Database, Host and Name) the information in the Standard Fields will be used, regardless of what manual changes has been made in the Advanced Fields. The same applies the other way around. If the page is saved while displaying the Advanced Fields the information in those fields will be used, regardless of what information might have been entered in the Standard Fields.
  3. Publish the configuration.
Expand
titleConfigure OATH database

...

The default database name and user for this database is “oath”.  If you use another database name and user,

...

make sure to modify it in the configuration accordingly.

  1. Log in to Digital Access Admin with an administrator account.
  2. Go to Manage System and click OATH Configuration.
  3. In the Database drop-down list, select database. The list contains the default configurations for the databases. If you use other databases which are not listed or need to change the default settings like port, or database driver, then click on Advanced Fields. 
    See also step 6. Click “?” for more help.
  4. Enter Host and Name, for help click “?When saving, the system will convert this information to the form shown in the Advanced Fields.
  5. Enter UserPassword and number of Retry Attempts. Click “?“For help.
  6. If you

...

  1. do not want to configure a database in the Database drop-down list, but need to change the default settings like port, or database drivers, click Toggle Advanced Fields and enter DialectURL and Driver. For help and examples, click “?”.
  2. When done, click Save.
    When this page is saved it will save the information currently displayed. If the settings are saved while displaying the Standard Fields (Database, Host and Name) the information in the Standard Fields will be used, regardless of what manual changes has been made in the Advanced Fields. The same applies the other way around. If the page is saved while displaying the Advanced Fields the information in those fields will be used, regardless of what information might have been entered in the Standard Fields.
  3. Publish the configuration.

After the changes to the database connectivity settings have been published, you must restart the Authentication service.

...

A restart is needed since the Authentication service only reads its database settings on startup.

Expand
titleConfigure OAuth database

...

The default database name and user for this Database is “oauth”. If you use another database name and user,

...

make sure to modify it in the configuration accordingly.

  1. Log in to Digital Access Admin with an administrator account.
  2. Go to Manage System > OpenID Connect (OAuth2) Configuration > Configure Database Connection.
  3. In the Database drop-down list, select database. The list contains the default configurations for the databases If you use other databases which is not listed or need to change the default settings like port, or database driver, then click on Advanced Fields. See also step 6. Click “?” for more help.
  4. Enter Host and Name, for help click “?. When saving, the system will convert this information to the form shown in the Advanced Fields.
  5. Enter UserPassword and number of Retry Attempts. Click “?“ for help.
  6. If you want to configure a database not in the Database drop-down list, or need to change the default settings like port, or database drivers, click Toggle Advanced Fields and enter DialectURL and Driver. For help and examples, click  “?”.
  7. When done, click Save.
    When this page is saved it will save the information currently displayed. If the settings are saved while displaying the Standard Fields (Database, Host and Name) the information in the Standard Fields will be used, regardless of what manual changes has been made in the Advanced Fields. The same applies the other way around. If the page is saved while displaying the Advanced Fields the information in those fields will be used, regardless of what information might have been entered in the Standard Fields.
  8. Publish the configuration.

Configure database from customize.conf file

Expand
title

...

Configuring databases using the customize.conf file is recommended only for Reporting database because it cannot be configured from Digital Access Admin. For User, OATH, and Oauth databases, it is always recommended to use Digital Access Admin.

The purpose of configuring database other than Reporting from customize.conf should be for initial setup of Digital Access. Configuration done in customize.conf will be overwritten and ignored as soon as any of the database settings for User, OATH and Oauth are added/modified from Digital Access Admin. 

If the database values are configured via customize.conf, it will not be reflected in Digital Access Admin but the databases will still remain connected.

...

titleConfigure Reporting database

To configure the Reporting database, you edit the configuration file and add the required Java parameters.

...

In the section wrapper.java.additional, add the required parameters as listed below.

Code Block
titlePostgreSQL DB server
-Dcom.portwise.core.database.driver=org.postgresql.Driver

-Dcom.portwise.core.database.url=jdbc:postgresql://127.0.0.1/reporting

-Dcom.portwise.core.database.user=postgres

-Dcom.portwise.core.database.password=<password>

-Dcom.portwise.core.database.dialect=org.hibernate.dialect.PostgreSQL9Dialect
Code Block
titleOracle DB server
-Dcom.portwise.core.database.driver=oracle.jdbc.driver.OracleDriver

-Dcom.portwise.core.database.url=jdbc:oracle:thin:@10.0.0.1:1521:reporting

-Dcom.portwise.core.database.user=user4

-Dcom.portwise.core.database.password=<password>

-Dcom.portwise.core.database.dialect=org.hibernate.dialect.Oracle10gDialect
Code Block
titleMS SQL Server
-Dcom.portwise.core.database.driver=com.microsoft.sqlserver.jdbc.SQLServerDriver

-Dcom.portwise.core.database.url=jdbc:sqlserver://10.0.0.1:1433;databaseName=reporting

-Dcom.portwise.core.database.user=sa

-Dcom.portwise.core.database.password=<password>

-Dcom.portwise.core.database.dialect=org.hibernate.dialect.SQLServer2008Dialect
Code Block
titleMaria DB server
-Dcom.portwise.core.database.driver=org.mariadb.jdbc.Driver

-Dcom.portwise.core.database.url=jdbc:mysql://127.0.0.1/reporting

-Dcom.portwise.core.database.user=root

-Dcom.portwise.core.database.password=<password>

-Dcom.portwise.core.database.dialect=org.hibernate.dialect.MariaDBDialect

...

Expand
titleConfigure User, OATH and OAuth databases

To configure the User, OATH and Oauth database, you edit the configuration file and add the required Java parameters.

  1. Check if the file customize.conf exists in /opt/nexus/config/administration-service/config/. If so, continue to step 4.
  2. If customize.conf does not exist, copy the template file to create it. Type at the prompt: cp customize-template.conf customize.conf
  3. Change permissions of the file so it can be read by the Authentication service: chown pwuser:pwuser customize.conf
  4. Open customize.conf.

  5. In the section wrapper.java.additional, add the required parameters as listed below. If you are using another database, replace the url parameter jdbc:postgresql with jdbc:sqlserver or jdbc:mysql or jdbc:oracle

    Code Block
    titlePostgreSQL DB
    wrapper.java.additional.33=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.hag_url=jdbc:postgresql://<IP>/hag

wrapper.java.additional.34=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.hag_pwd=password

wrapper.java.additional.35=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.hag_user=hag

wrapper.java.additional.36=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oath_url=jdbc:postgresql://<IP>/oath

wrapper.java.additional.37=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oath_pwd=password

wrapper.java.additional.38=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oath_user=oath

wrapper.java.additional.39=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oauth_url=jdbc:postgresql://<IP>/oauth

wrapper.java.additional.40=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oauth_pwd=password

wrapper.java.additional.41=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oauth_user=oauth

    Note: The numbering mentioned above should begin with whatever is the last number configured in customize.conf

  6. Make similar changes to customize.conf file in the Authentication and Policy service.
  7. Restart the services.

...

Configure Reporting database

The default database name and user for this Database is “reporting”. If you use another database name and user, make sure to modify it in the configuration accordingly.

  1. Log in to Digital Access Admin with an administrator account.
  2. Go to Manage System > Reporting Database 
  3. In the Database drop-down list, select database. The list contains the default configurations for the databases If you use other databases which is not listed or need to change the default settings like port, or database driver, then click on Advanced Fields. See also step 6. Click “?” for more help.
  4. Enter Host and Name, for help click “?. When saving, the system will convert this information to the form shown in the Advanced Fields.
  5. Enter UserPassword and number of Retry Attempts. Click “?“ for help.
  6. If you want to configure a database not in the Database drop-down list, or need to change the default settings like port, or database drivers, click Toggle Advanced Fields and enter DialectURL and Driver. For help and examples, click  “?”.
  7. When done, click Save.
    When this page is saved it will save the information currently displayed. If the settings are saved while displaying the Standard Fields (Database, Host and Name) the information in the Standard Fields will be used, regardless of what manual changes has been made in the Advanced Fields. The same applies the other way around. If the page is saved while displaying the Advanced Fields the information in those fields will be used, regardless of what information might have been entered in the Standard Fields.
  8. Publish the configuration.
  9. Restart the admin service after changes in the Reporting database.


Related information

Links