WebSocket Configuration

From iDENprotect Knowledge Base
Jump to: navigation, search

If you have not made any configuration changes yet, please see How to make configuration changes

Introduction

When using the idenprotect Active Directory Agent, you will need to configure the Secure WebSocket connection. This is done in two parts as the idenprotect Active Directory Agent will act as the WebSocket Client and the idenprotect Core Platform will act as the WebSocket Server.


Configuring the WebSocket Server

These properties can be found in:

  • WebSocket Configuration section in the idenprotect Core Platform Admin Console Config Tab
  • Server file system in /etc/idenprotect/websocket.properties
Parameters for Websocket
Parameter in Config Tab Parameter in Properties File Description
Active Directory Sync Agent Port ws.adsync.port Port on which to run the WebSocket (default 8444)
Should Send Settings ws.send.settings Set to true to send out LDAP properties/settings to the AD Sync Client on the connection to the WebSocket
Is WebSocket In Debug Mode ws.server.debug Set to true to log all of the debug information for each connection/message/disconnection. 'Important this may write to logs sensitive data such as user password'
Is Secure WebSocket? ws.ssl.enabled Set to true to use a secure WebSocket connection with TLS
Key Store Path ws.keystore.path /etc/idenprotect/keystore.jks - KeyStore Path for the Secure WebSocket
Key Store Type ws.keystore.type KeyStore type (default JKS)
Key Store Password ws.keystore.pass Password for the KeyStore


Configuring the WebSocket Client

These properties can be found in:

  • Server file system in /etc/idenprotect/adsync/websocket.properties
Parameters for Websocket
Parameter in Properties File Description
adsync.trustStore Location of the Trust Store (For the WebSocket connection to the Server and LDAP if needed) (default = /etc/idenprotect/truststore.jks)
adsync.trustStoreType Trust store Type (default = JKS)
adsync.trustStorePassword Trust store Password (default = pass)
adsync.node.name Ad Sync Client Node name (used for the idenprotect Core Platform to determine which idenprotect Active Directory Agent to trigger). See the LDAP Synchronization process on What is the idenprotect Active Directory Agent for more information
websocket.uri WebSocket Server URI (idenprotect Core Platform WebSocket URI) (default = wss://10.0.57.57:8444/)
websocket.check.cron WebSocket connection cron to check if we are connected to the WebSocket (default = 0 * * * * * (every minute))