Versions Compared

Old Version 22

changes.mady.by.user Ylva Andersson

Saved on

compared with

New Version Current

changes.mady.by.user Ylva Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Uploaded missing image.

...

The internal version number of the connector is shown as file- and product version of MSCAConnector.dll.

...

image2021-8-6_10-54-37.pngImage Added

In Smart ID 21.04, the MSCAConnector was released in sync with Identity Manager builds and you can deploy a matching version of the connector for your Identity Manager. Current connector versions can also be used with older Identity Manager releases. If any new release should break backwards-compatibility, it will be noted here.

...

  • Needs to be a Domain User

  • Needs to be member of the local group IIS_USRS on the IIS Server

  • Needs to have the following access in the ADCS CA, see the screenshot below.

    • Read

    • Issue and Manage Certificates

    • Request Certificates

...

  • Needs to have the following access in the Certificate Templates that Identity Manager will use, see the screenshot below.

    • Read

    • Enroll

...

Prepare certificates

  1. Export CA certificates: Export all the CA chain certificates to file, either encoded as DER or Base64. For example, export the Root CA, Intermediate, and Issuing CA. These certificates are needed for later purpose.

  2. Issue a web server certificate with server authentication. This is needed since the ADCS connector must have SSL/TLS enabled.

  3. Issue a Identity Manager Virtual Registration Officer (VRO) certificate: This is needed since when Identity Manager requests a certificate it will authenticate to the connector using a certificate. Set Extended key usage to Client Authentication. If needed, create a certificate template in ADCS for this purpose. In the certificate template, set that the Private Key may be exported.

  4. Export the Identity Manager VRO certificate and the key to a .PFX file.

...

  1. Unzip the installation package for the ADCS connector, for example in C:\Nexus\connector_adcs:
    Image Removed

    image2017-11-15_16-50-13.pngImage Added

  2. Create a temp folder in the installation folder of the ADCS connector.

  3. Copy the Identity Manager VRO certificate (not the key) into the folder cert.

  4. Open the file Web.config and edit the following part. Make sure to type the absolute path to the ClientcertFile.

    Example: web.config

    Code Block
    languagexml
    <appSettings>
    <add key="TempDir" value="C:\Nexus\connector_ADCS\temp\" />
    <!-- the loglevel entry is obsolete since IDM 21.04.2 -->
    <add key="ClientcertFile" value="C:\Nexus\connector_ADCS\cert\prime_officer1_adcs.cer" />
    <add key="KraDir" value="C:\Nexus\connector_ADCS\cert\" />
	<!-- further settings go here -->
</appSettings>

  5. Open the file MSCAConnector.dll.log4net.xml and edit it. It uses standard log4net syntax. Make sure you set the absolute path to the log-file, which has to be writable by the connector/IIS.

    MSCAConnector.dll.log4net.xml example

    Code Block
    languagexml
    <?xml version="1.0" encoding="utf-8" ?>
<log4net debug="false">
  
  <appender name="LogFileAppender" type="log4net.Appender.FileAppender" >
    <file value="c:\inetpub\ADCSConnector\logs\MSCAConnector.log" />
    <appendToFile value="true" />
    <layout type="log4net.Layout.PatternLayout">
      <conversionPattern value="(%d) %-5p [%t] (%logger) : %m%n" />
    </layout>
  </appender>
    
  <root>
    <level value="DEBUG" />
    <appender-ref ref="LogFileAppender" />  
  </root>
</log4net>

...

You should see this page:

...

Limitations

Supported DN attributes

...