User Portal Configuration

From idenprotect Knowledge Base
Revision as of 15:07, 30 September 2020 by Aisteshah (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

If you have not made any configuration changes yet, please see How to make configuration changes


By default, the idenprotect User Portal is configured to work with the idenprotect Core Platform and idenprotect Authentication Portal all installed on the same server.

This article discusses the configuration of the idenprotect User Portal and is primarily focussed on how it communicates with the idenprotect Core Platform. Note that changes made to this configuration will require the idenprotect User Portal to be restarted in order to pick up the new changes.

User Portal Configuration

These settings are configured under: -

  • Server file system in /etc/idenprotect/userportal/
User Portal Configuration
Parameter in Properties File Description
target.domain The target base URL of idenprotect Core Platform where the User Portal will direct traffic. Defaulted to http://localhost:8081
target.username The username used to communicate with the target
target.password The password used to communicate with the target
target.enforceSSL Whether or not the target enforces SSL. Defaulted to false
target.ssl.protocol The SSL protocol to use when communicating with the target. Defaulted to TLSv1.2
target.devices_backend_sync 1000

Proxy Configuration

The idenprotect User Portal can be set up to act as a proxy, such that all mobile connections to the idenprotect Core Platform are routed through the User Portal. In order to do this, configuration changes must be made on the idenprotect Core Platform itself.

Setting The Server URL

To route all traffic through User Portal login to your iDENprotecctserver</server>, navigate to the following:

Config -> User Enrollment Policies.

Update the server URL to the User Portal URL, this can be done by changing to https://{userPortalHost} or https://{host}/user

This will now route all traffic, including enrollment through the proxy. Please note that if devices are currently enrolled onto the server, changing the server URL will not affect the enrolled devices. They will still connect to the server URL that was defined during enrollment. A future update will resolve this issue.

Proxy APIs

The following list of API properties are also present in the file. These properties, when concatenated with the target.domain are used to direct the traffic from the User Portal (when being used as a Proxy) to the idenprotect Core Platform. In general, these should not be modified unless you have third party software which is further redirecting traffic onwards to these APIs.

  • target.enrolment_initiate_endpoint=/api/enrollment/initiate
  • target.server.certificate.details_endpoint=/api/certificate/server/details
  • target.enrolment_identification_endpoint=/api/enrollment/identification
  • target.enrolment_completion_endpoint=/api/enrollment/completion
  • target.enrolment_email_endpoint=/api/user/registerEmail
  • target.enrolment_session_endpoint=/api/user/enrollment/session/
  • target.enrolment_create_session_by_attribute_endpoint=/api/user/createSessionByAttribute/
  • target.enrolment_endpoint=/api/user/enroll
  • target.enrolment_extra_cert_endpoint=/api/signedenrollment/extraCert/{tag}
  • target.enrolment_unsigned_extra_cert_endpoint=/api/enrollment/extraCert/
  • target.register_device_endpoint=/api/devices/register1
  • target.authentication.session=/api/authentication/session
  • target.authentication.device.session=/api/authentication/session/device
  • target.authentication.certify=/api/authentication/certify
  • target.devices=/api/devices
  • target.devices_time_sync=/api/time/sync
  • target.user.password.reset=/api/ldap/passwordReset
  • target.enrolment.policies=/api/userpolicies/policies
  • target.devices.remove=/api/device/remove
  • target.devices.list=/api/devices/list
  • target.devices.addP12=/api/good/devices/{serialNumber}/certificates/{tag}