Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Die primedocs.config-Datei ist die zentrale Konfigurationsdatei für die serverseitige primedocs Applikationen.

Sie befindet sich im Installationsverzeichnis (standardmässig unter C:\inetpub\wwwroot\primedocs\primedocs.config).

Über die primedocs.config können Features aktiviert und deaktiviert werden.

Beachten Sie, dass eine falsche Konfiguration zu Fehlern führen kann und das gewisse Features auch lizenztechnisch relevant sind - fragen Sie hierfür unseren Support an!

Nachfolgend befinden sich Beispiele:

Die GUIDs, Passwörter, Secrets, URLs und ConnectionStrings sollten nicht vom obigen Beispiel übernommen werden.
Bei der Installation werden die GUIDs, Passwörter und Secrets automatisch zufällig erstellt.

Standard-Installation

Die Standard OnPrem Installation setzt auf die Windows Authentication.

<primedocs operationDbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=primedocs_Prod_Operation;User ID=primedocsuser;Password=password_here;MultipleActiveResultSets=True"
           databaseLoggingEnabled="false">
  <datasources>
    <add id="9e769582-b411-43fa-b8f6-d15ea3d83dde" isPrimary="true" dbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=primedocs_Prod;User ID=primedocsuser;Password=password_here;MultipleActiveResultSets=True;Encrypt=False" name="primedocs" />
  </datasources>
  <clients>
    <!-- Windows Client OIDC Settings -->
    <add id="710be047-475a-4991-90b3-351ea93d6908" oidcClientId="DefaultClient" oidcClientSecret="G754ePPG0SBC" userAuthType="FromLogin" />
    <!-- WebApi to invoke the Connect (DCS) -->
    <add id="84234199-5448-4d73-8182-b5623e51e99c" basicAuth="CONNECT-USER:izieAoETHS04" mappedToPrimarySid="CONNECT-USER" />
  </clients>
  <apps>
    <add id="e185dddd-2cb4-43e2-a6fe-cf4272dd3401" name="Service" url="https://your-url.local/service/" logFilePath="Service\" type="Service" />
    <add id="9ef34d3a-13b5-4f06-b437-b300474beb6d" name="IdentityServer" url="https://your-url.local/ids/" logFilePath="IdS\" type="IdentityServer" />
    <add id="c74a324d-7c36-4d2f-b422-f2fdad41f81e" name="HealthMonitor" url="https://your-url.local/healthmonitor/" type="HealthMonitor" />
    <add id="f7199131-de81-4d40-a254-39e7db9660f0" name="DataSourceAdminApp" url="https://your-url.local/datasourceadminapp/" logFilePath="DataSourceAdminApp\" type="DataSourceAdminApp" />
    <add id="279b5480-27e5-4a09-bf9f-4c10d1770c76" name="App" url="https://your-url.local/app/" logFilePath="App\" type="App" />    
    <add id="f25dc7b9-d989-4d03-89ff-3ee17bf7d020" name="JobHost" logFilePath="JobHost\" type="JobHost" />
    <add id="1cdca9fc-780b-477e-af20-29be64bf8dae" name="Connect" url="https://your-url.local/connect/" logFilePath="Connect\" type="Connect" />
    <add id="1d28ed6f-74d4-4942-b254-b287db6e1cf9" name="AddressService" url="https://your-url.local/addressservice/" logFilePath="AddressService\" type="AddressService" />
    <add id="a7ee7e49-b0eb-472c-aecb-cc0ca5257342" name="WebApi" url="https://your-url.local/webapi/" logFilePath="WebApi\" type="WebApi" />
    <add id="822a4c62-ed2d-4165-9bb1-eb979632c0aa" name="AdminApp" url="https://your-url.local/adminapp/" logFilePath="AdminApp\" type="AdminApp" />
  </apps>
  <identity signingCertFilePath="cert.pfx"
            signingCertPassword="kWFgDhRAMgKk"
            introspectionSecret="1Ubp4Efp6H3G">
    <providers>
      <winAuth authority="https://your-url.local/IdSWindowsAuth" 
               clientId="winauth" clientSecret="winauth-L2VDmPzm7PbK" />
    </providers>	
  </identity>
  <service streamBufferSizeInBytes="81920">
    <syncBehavior maxConcurrentClients="30" initialAverageSyncTimeInSeconds="10" timeoutInSeconds="120" />
  </service>
  <healthMonitor basicAuth="user:YHBAe5oAwsi2" clientSecret="healthmonitor-s5iZRGCWZ7ZE" intervalInSeconds="600"/>
</primedocs>

Standard-Installation mit Entra ID

Möchten Sie anstelle der Windows Authentifizierung sich über Ihr Entra ID (ehemals Azure Active Directory) anmelden, folgen Sie den Schritten unter Entra ID Apps.
Die clientId/clientSecret für die “Benutzer-Anwendung” als auch die clientId/clientSecret für den Zugriff auf die DataSourceAdminApp muss in der primedocs.config hinterlegt werden:

<primedocs operationDbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=primedocs_Prod_Operation;User ID=primedocsuser;Password=password_here;MultipleActiveResultSets=True"
           databaseLoggingEnabled="false">
  <datasources>
    <add id="9e769582-b411-43fa-b8f6-d15ea3d83dde" isPrimary="true" dbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=primedocs_Prod;User ID=primedocsuser;Password=password_here;MultipleActiveResultSets=True;Encrypt=False" name="primedocs" 
         allowedForTenant="{TENANTGUID}"
    />
  </datasources>
  <clients>
    <!-- Windows Client OIDC Settings -->
    <add id="710be047-475a-4991-90b3-351ea93d6908" oidcClientId="DefaultClient" oidcClientSecret="G754ePPG0SBC" userAuthType="FromLogin" />
    <!-- WebApi to invoke the Connect (DCS) -->
    <add id="84234199-5448-4d73-8182-b5623e51e99c" basicAuth="CONNECT-USER:izieAoETHS04" mappedToPrimarySid="CONNECT-USER" />
  </clients>
  <apps>
    <add id="e185dddd-2cb4-43e2-a6fe-cf4272dd3401" name="Service" url="https://your-url.local/service/" logFilePath="Service\" type="Service" />
    <add id="9ef34d3a-13b5-4f06-b437-b300474beb6d" name="IdentityServer" url="https://your-url.local/ids/" logFilePath="IdS\" type="IdentityServer" />
    <add id="c74a324d-7c36-4d2f-b422-f2fdad41f81e" name="HealthMonitor" url="https://your-url.local/healthmonitor/" type="HealthMonitor" />
    <add id="f7199131-de81-4d40-a254-39e7db9660f0" name="DataSourceAdminApp" url="https://your-url.local/datasourceadminapp/" logFilePath="DataSourceAdminApp\" type="DataSourceAdminApp" />
    <add id="279b5480-27e5-4a09-bf9f-4c10d1770c76" name="App" url="https://your-url.local/app/" logFilePath="App\" type="App" />    
    <add id="f25dc7b9-d989-4d03-89ff-3ee17bf7d020" name="JobHost" logFilePath="JobHost\" type="JobHost" />
    <add id="1cdca9fc-780b-477e-af20-29be64bf8dae" name="Connect" url="https://your-url.local/connect/" logFilePath="Connect\" type="Connect" />
    <add id="1d28ed6f-74d4-4942-b254-b287db6e1cf9" name="AddressService" url="https://your-url.local/addressservice/" logFilePath="AddressService\" type="AddressService" />
    <add id="a7ee7e49-b0eb-472c-aecb-cc0ca5257342" name="WebApi" url="https://your-url.local/webapi/" logFilePath="WebApi\" type="WebApi" />
    <add id="822a4c62-ed2d-4165-9bb1-eb979632c0aa" name="AdminApp" url="https://your-url.local/adminapp/" logFilePath="AdminApp\" type="AdminApp" />
  </apps>
  <identity signingCertFilePath="cert.pfx"
    signingCertPassword="kWFgDhRAMgKk"
    introspectionSecret="1Ubp4Efp6H3G">
    <providers>
      <office365Auth authority="
https://login.microsoftonline.com/{TENANTGUID}"
        clientId="{CLIENTID}"
        clientSecret="{CLIENTSECRET}"
        microsoftAppDelegateScopes="email openid profile User.Read offline_access" />
      <!-- AzureAD App for authentication instead of hardcoded admins -->
      <dataSourceAdminAppAuth clientId="{CLIENTID-DATASOURCEADMINAPP}"
        clientSecret="{CLIENTSECRET-DATASOURCEADMINAPP}"
        authority="
https://login.microsoftonline.com/{TENANTGUID}"
        microsoftAppDelegateScopes="email openid profile offline_access" />
    </providers>
  </identity>
  <service streamBufferSizeInBytes="81920">
    <syncBehavior maxConcurrentClients="30" initialAverageSyncTimeInSeconds="10" timeoutInSeconds="120" />
  </service>
  <healthMonitor basicAuth="user:YHBAe5oAwsi2" clientSecret="healthmonitor-s5iZRGCWZ7ZE" intervalInSeconds="600"/>
</primedocs>

Beachten Sie, dass die {TENANTGUID} durch die Id vom Entra ID auszutauschen.

Without-IdS-Variante

<primedocs>
  <datasources>
    <add id="26735c39-3d6e-44c6-b701-f5ab6cc429fd" isPrimary="true" dbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=primedocs_Prod;User ID=primedocsuser;Password=password_here;MultipleActiveResultSets=True;Encrypt=False" name="primedocs" />
  </datasources>
  <apps>
    <add id="7e132bcb-b088-4cb2-b717-30174884b8f4" name="Service" url="https://your-url.local/service/" logFilePath="Service\" type="Service" />
    <add id="60e0654e-9e62-4df2-8b24-4d00f2677cfa" name="HealthMonitor" url="https://your-url.local/healthmonitor/" type="HealthMonitor" />
    <add id="80e85dff-e533-42df-b8f3-930598d9b955" name="JobHost" logFilePath="JobHost\" type="JobHost" />
    <add id="f7199131-de81-4d40-a254-39e7db9660f0" name="DataSourceAdminApp" url="https://your-url.local/datasourceadminapp/" logFilePath="DataSourceAdminApp\" type="DataSourceAdminApp" />
    <add id="c5667157-6cce-4da6-93ce-464b68947349" name="Connect" url="https://your-url.local/connect/" logFilePath="Connect\" type="Connect" />
    <add id="7ee9d094-e728-4e36-91ea-8fb64aa6b765" name="AddressService" url="https://your-url.local/addressservice/" logFilePath="AddressService\" type="AddressService" />
  </apps>
  <service streamBufferSizeInBytes="81920">
    <syncBehavior maxConcurrentClients="30" initialAverageSyncTimeInSeconds="10" timeoutInSeconds="120" />
  </service>
  <healthMonitor basicAuth="user:iPvKHKDmvlwP" clientSecret="healthmonitor-k9VBA5TXke9P" intervalInSeconds="600"/>
</primedocs>

cert.pfx

Das in der primedocs.config angegebene cert.pfx dient der Signierung der Authentifizierungstokens und hat keinen Bezug zu TLS/SSL Zertifikaten.

Generiert wird das Zertifikat während der Installation, grundsätzlich wird hierbei das Zertifikat mit diesen Parametern generiert:

function randomString([int]$length) {
    $characters = "abcdefghiklmnoprstuvwxyzABCDEFGHKLMNOPRSTUVWXYZ0123456789".ToCharArray()
    For ($loop = 1; $loop -le $length; $loop++) {
        $randomString += ($characters | Get-Random)
    }
    return $randomString
}

$certPath = "C:\Temp\cert.pfx"
$certificatePassword = randomString(12)
$certificatePasswordSecureString  = ConvertTo-SecureString -String $certificatePassword -Force -AsPlainText
$certificateDefaultName = "PrimeDocsIdSCert"

$HT = @{
    Subject="CN=$certificateDefaultName";
    KeyLength = 2048;
    HashAlgorithm = 'SHA256';
    KeyUsage = 'DigitalSignature';
    KeyExportPolicy = 'Exportable';
    KeySpec = 'Signature';
    NotAfter = (Get-Date).AddYears(10) ;
    TextExtension = '2.5.29.37={text}1.3.6.1.5.5.7.3.3';
    CertStoreLocation='cert:\localmachine\my';
}
$certificate = New-SelfSignedCertificate @HT

$certificatePath = 'cert:\localMachine\my\' + $certificate.thumbprint

Export-PfxCertificate -cert $certificatePath -FilePath $certPath -Password $certificatePasswordSecureString

Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -match $certificateDefaultName } | Remove-Item

Write-Host "Created certificate file with password '$certificatePassword' created as $certPath"
  • No labels

PrimeSoft AG, Bahnhofstrasse 4, 8360 Eschlikon, Switzerland