Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

This article describes how to configure different databases for Smart ID Digital Access component.

Sometimes the built-in database used by default in Digital Access component can be considered insufficient; for example, the storage requirements surpass the capabilities of the built-in database, or if more than one services is used for load-balancing/high availability. It is then possible to change what database Digital Access component uses.

Types of databases

Digital Access uses four databases, they are:

  • User database: for storing user specific information
  • OATH database: for storing information specific to OATH authentication
  • OAuth database: for storing Oauth specific information
  • Reporting database: for storing information which is used for generating reports, notification events.

To start Digital Access none of the above databases are mandatory.

But to use all the functionality provided with Digital Access you need to set up and configure these databases.

Configure databases

Before you can configure the databases in Digital Access, you must create the databases manually in the desired database server. It is not required to create tables inside the databases. When Digital Access starts, it will do a lookup for all the tables and if not found it will create tables automatically.

Only exception to is the default PostgreSQL database, which is already installed in Digital Access version prior to version 6.0.5. It is recommended not to use this database in production systems but to use some external database. Read the vendor specific documentation on how to properly create a database.

You can configure a Digital Access database in two ways:

  • in Digital Access Admin or
  • in the configuration file customize.conf


Configure database in Digital Access Admin

 Databases that can be configured in Digital Access Admin

User, OATH and OAuth databases can be configured using Digital Access Admin (this is the recommended way).

Reporting database can only be configured via customize.conf.

 Configure User database

Default database name and user for this database is “hag”. If you use another database name and user, then modify it in the configuration accordingly.

  1. Log in to Digital Access Admin with an administrator account.
  2. Go to Manage System > User Database.
  3. In the Database drop-down list, select database. The list contains the default configurations for the databases. If you use other databases which are not listed or need to change the default settings like port, or database drivers to use, then click on Advanced Fields. See also step 6.  Click “?” for more help.
  4. Enter Host and Name. The system will convert this information to the form shown in the Advanced Fields.
  5. Enter UserPassword and Retry Attempts, click “? “For help.
  6. If you don't want to configure a database in the Database drop-down list but need to change the default settings like port, or database drivers to use, click Toggle Advanced Fields and enter DialectUrl and Driver. Click “?” for help.

  7. When done, click Save.

    1. Check Copy all users when you want to copy all users from the current configuration to the one about to be saved.

    2. When this page is saved it will save the information currently displayed. If the settings are saved while displaying the Standard Fields (Database, Host and Name) the information in the Standard Fields will be used, regardless of what manual changes has been made in the Advanced Fields. The same applies the other way around. If the page is saved while displaying the Advanced Fields the information in those fields will be used, regardless of what information might have been entered in the Standard Fields.
  8. Publish the configuration.
 Configure OATH database

Default database name and user for this database is “oath”.  If you use another database name and user, then modify it in the configuration accordingly.

  1. Log in to Digital Access Admin with an administrator account.
  2. Go to Manage System and click OATH Configuration.
  3. In the Database drop-down list, select database. The list contains the default configurations for the databases. If you use other databases which are not listed or need to change the default settings like port, or database driver, then click on Advanced Fields. 
    See also step 6. Click “?” for more help.
  4. Enter Host and Name, for help click “? When saving, the system will convert this information to the form shown in the Advanced Fields.
  5. Enter UserPassword and number of Retry Attempts. Click “?“For help.
  6. If you don't want to configure a database in the Database drop-down list, but need to change the default settings like port, or database drivers, click Toggle Advanced Fields and enter DialectURL and Driver. For help and examples, click “?”.
  7. When done, click Save.
    When this page is saved it will save the information currently displayed. If the settings are saved while displaying the Standard Fields (Database, Host and Name) the information in the Standard Fields will be used, regardless of what manual changes has been made in the Advanced Fields. The same applies the other way around. If the page is saved while displaying the Advanced Fields the information in those fields will be used, regardless of what information might have been entered in the Standard Fields.
  8. Publish the configuration.

After the changes to the database connectivity settings have been published, you must restart the Authentication service. This, since the Authentication service only reads its database settings on startup.

 Configure OAuth database

Default database name and user for this Database is “oauth”. If you use another database name and user, then modify it in the configuration accordingly.

  1. Log in to Digital Access Admin with an administrator account.
  2. Go to Manage System > OpenID Connect (OAuth2) Configuration > Configure Database Connection.
  3. In the Database drop-down list, select database. The list contains the default configurations for the databases If you use other databases which is not listed or need to change the default settings like port, or database driver, then click on Advanced Fields. See also step 6. Click “?” for more help.
  4. Enter Host and Name, for help click “?. When saving, the system will convert this information to the form shown in the Advanced Fields.
  5. Enter UserPassword and number of Retry Attempts. Click “?“ for help.
  6. If you want to configure a database not in the Database drop-down list, or need to change the default settings like port, or database drivers, click Toggle Advanced Fields and enter DialectURL and Driver. For help and examples, click  “?”.
  7. When done, click Save.
    When this page is saved it will save the information currently displayed. If the settings are saved while displaying the Standard Fields (Database, Host and Name) the information in the Standard Fields will be used, regardless of what manual changes has been made in the Advanced Fields. The same applies the other way around. If the page is saved while displaying the Advanced Fields the information in those fields will be used, regardless of what information might have been entered in the Standard Fields.
  8. Publish the configuration.

Configure database from customize.conf file

 Important note regarding customize.conf

Configuring databases using the customize.conf file is recommended only for Reporting database because it cannot be configured from Digital Access Admin. For User, OATH, and Oauth databases, it is always recommended to use Digital Access Admin.

The purpose of configuring database other than Reporting from customize.conf should be for initial setup of Digital Access. Configuration done in customize.conf will be overwritten and ignored as soon as any of the database settings for User, OATH and Oauth are added/modified from Digital Access Admin. 

If the database values are configured via customize.conf, it will not be reflected in Digital Access Admin but the databases will still remain connected.

 Configure Reporting database

To configure the Reporting database, you edit the configuration file and add the required Java parameters.

  1. Check if the file customize.conf exists in /opt/nexus/config/administration-service/config/. If so, continue to step 4.
  2. If customize.conf does not exist, copy the template file to create it. Type this at the prompt: cp customize-template.conf customize.conf
  3. Change permissions of the file so it can be read by the Authentication service: chown pwuser:pwuser customize.conf
  4. Open customize.conf.

  5. In the section wrapper.java.additional, add the required parameters as listed below.

    PostgreSQL DB server
    -Dcom.portwise.core.database.driver=org.postgresql.Driver

-Dcom.portwise.core.database.url=jdbc:postgresql://127.0.0.1/reporting

-Dcom.portwise.core.database.user=postgres

-Dcom.portwise.core.database.password=<password>

-Dcom.portwise.core.database.dialect=org.hibernate.dialect.PostgreSQL9Dialect
    Oracle DB server
    -Dcom.portwise.core.database.driver=oracle.jdbc.driver.OracleDriver

-Dcom.portwise.core.database.url=jdbc:oracle:thin:@10.0.0.1:1521:reporting

-Dcom.portwise.core.database.user=user4

-Dcom.portwise.core.database.password=<password>

-Dcom.portwise.core.database.dialect=org.hibernate.dialect.Oracle10gDialect
    MS SQL Server
    -Dcom.portwise.core.database.driver=com.microsoft.sqlserver.jdbc.SQLServerDriver

-Dcom.portwise.core.database.url=jdbc:sqlserver://10.0.0.1:1433;databaseName=reporting

-Dcom.portwise.core.database.user=sa

-Dcom.portwise.core.database.password=<password>

-Dcom.portwise.core.database.dialect=org.hibernate.dialect.SQLServer2008Dialect
    Maria DB server
    -Dcom.portwise.core.database.driver=org.mariadb.jdbc.Driver

-Dcom.portwise.core.database.url=jdbc:mysql://127.0.0.1/reporting

-Dcom.portwise.core.database.user=root

-Dcom.portwise.core.database.password=<password>

-Dcom.portwise.core.database.dialect=org.hibernate.dialect.MariaDBDialect
  6. Restart the Administration Service.
 Configure User, OATH and OAuth databases

To configure the User, OATH and Oauth database, you edit the configuration file and add the required Java parameters.

  1. Check if the file customize.conf exists in /opt/nexus/config/administration-service/config/. If so, continue to step 4.
  2. If customize.conf does not exist, copy the template file to create it. Type at the prompt: cp customize-template.conf customize.conf
  3. Change permissions of the file so it can be read by the Authentication service: chown pwuser:pwuser customize.conf
  4. Open customize.conf.

  5. In the section wrapper.java.additional, add the required parameters as listed below. If you are using another database, replace the url parameter jdbc:postgresql with jdbc:sqlserver or jdbc:mysql or jdbc:oracle

    PostgreSQL DB
    wrapper.java.additional.33=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.hag_url=jdbc:postgresql://<IP>/hag

wrapper.java.additional.34=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.hag_pwd=password

wrapper.java.additional.35=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.hag_user=hag

wrapper.java.additional.36=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oath_url=jdbc:postgresql://<IP>/oath

wrapper.java.additional.37=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oath_pwd=password

wrapper.java.additional.38=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oath_user=oath

wrapper.java.additional.39=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oauth_url=jdbc:postgresql://<IP>/oauth

wrapper.java.additional.40=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oauth_pwd=password

wrapper.java.additional.41=-Dcom.portwise.administrator.pages.setup_system.ApplianceSetup.oauth_user=oauth

    Note: The numbering mentioned above should begin with whatever is the last number configured in customize.conf

  6. Make similar changes to customize.conf file in the Authentication and Policy service.
  7. Restart the services.

This article includes updates for Digital Access 6.3.1.

Related information

Links

  • No labels

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions