SRM | CIAM Environment Setup Configuration for Single sign-on (SSO)
Summary: Steps to generate a secret key and configure the CIAM server environment for Linux (vApp and Binary) and Windows Binary SRM deployments.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Follow the steps below on the SRM Frontend CLI/PuTTY to configure and start the CIAM service.
Steps for vApp/Linux Binary:
- Log in to the SRM Frontend VM using PuTTY session
- Navigate to
<SRM-INSTALLED-PATH>/APG/binfolder and create"my_config.env"configuration file, then copy and paste the below properties and save the fileCIAM_SERVER_ADDR=localhost:8000DB_HOST=localhost:8000DB_PORT=5432DB_USER=admincmfaDB_PASSWORD=DB_NAME=pacificdbDB_TYPE=sqliteDB_MAX_CON=100DB_MAX_IDLE_CON=10CRL_CACHE_SIZE=50MAX_CRL_URLS=15MAX_CRL_FILE_SIZE=20DB_FOLDER=db - Navigate to
<SRM-INSTALLED-PATH>/APG/binand change the permissions of"ciam-service-plain"and"generate-secret.sh"# chmod 777 ciam-service-plain# chmod 777 generate-secret.sh - Generate the secret key required to start the CIAM service in a secure mode
# <SRM-INSTALLED-PATH>/APG/bin/generate-secret.sh - Set the environment variables for the CIAM service
# export CIAM_CLIENT_NAME=<username># export CIAM_CLIENT_SECRET=<generated key from step 4>
Ex:# export CIAM_CLIENT_NAME=admin# export CIAM_CLIENT_SECRET=ytWlcSZTntLSmXU9/HUuclnQe17sAEdaQlDqPra2eGE=
- Copy and use the secret key to generate the config file required for starting the CIAM service
# echo <generated key from step 4> | <SRM-INSTALLED-PATH>/APG/bin/ciam-service-plain -mode=encrypt-config -config=<SRM-INSTALLED-PATH>/APG/bin/my_config.env
Ex:# echo ytWlcSZTntLSmXU9/HUuclnQe17sAEdaQlDqPra2eGE= | /opt/APG/bin/ciam-service-plain -mode=encrypt-config -config=/opt/APG/bin/my_config.env
- Start the CIAM service using the secret key and the config file generated above, outside your runtime environment, using the command below:
# echo <generated key from step 4> | <SRM-INSTALLED-PATH>/APG/bin/ciam-service-plain -mode=start -config=<SRM-INSTALLED-PATH>/APG/bin/config_enc.env
Ex:# echo ytWlcSZTntLSmXU9/HUuclnQe17sAEdaQlDqPra2eGE= | /opt/APG/bin/ciam-service-plain -mode=start -config=/opt/APG/bin/config_enc.env
OR
Run the CIAM service in the background using the command below:# nohup bash -c 'echo <generated from step 4> | <SRM-INSTALLED-PATH>/APG/bin/ciam-service-plain -mode=start -config=config_enc.env' &
Ex:# nohup bash -c 'echo ytWlcSZTntLSmXU9/HUuclnQe17sAEdaQlDqPra2eGE= | /opt/APG/bin/ciam-service-plain -mode=start -config=config_enc.env' &
Note:
- The CIAM service must be in running state for SSO to function.
CIAM_CLIENT_NAME - CIAMclient identifier for CIAM serverconfig_enc.env- encrypted configuration file created at step 6- Execution logs will be available under
<SRM-INSTALLED-PATH>/APG/bin/ - The SSO settings are stored in a temporary database (SQLite), so the configuration must be entered manually one time. After clicking SAVE, the configuration parameters will not be visually displayed in the SRM SSO settings UI.
- Since the DB used is temporary, the SSO must be reconfigured if any of the below activities are performed:
- System Reboot
- SRM upgrade or patch
- Temporary DB cleared or migrated
Refer to the SRM Administration Guide under "Troubleshooting CIAM Service" for detailed reconfiguration steps.
Steps for Windows Binary:
- Log in to the SRM Frontend server remotely.
- Navigate to
<SRM-INSTALLED-PATH>\APG\ binfolder and create"my_config.env"configuration file (using cmdprompt >> notepad my_config.env), then copy and paste the below properties and save the file.CIAM_SERVER_ADDR=localhost:8000DB_HOST=localhostDB_PORT=5432DB_USER=admincmfaDB_PASSWORD=DB_NAME=pacificdbDB_TYPE=sqliteDB_MAX_CON=100DB_MAX_IDLE_CON=10CRL_CACHE_SIZE=50MAX_CRL_URLS=15MAX_CRL_FILE_SIZE=20DB_FOLDER=db - Open the Windows command prompt and navigate to
<SRM-INSTALLED-PATH>\APG\binfolder to generate the secret key required to start the CIAM service in a secure mode# generate-secret.cmd - Set the environment variables for the CIAM service
# set CIAM_CLIENT_NAME=<username># set CIAM_CLIENT_SECRET=<generated from step 3>
Ex:# set CIAM_CLIENT_NAME=admin# set CIAM_CLIENT_SECRET=ytWlcSZTntLSmXU9/HUuclnQe17sAEdaQlDqPra2eGE= - Copy and use the secret key to generate the config file required for starting the CIAM service
# echo <generated key from step 3> | ciam-service-plain.exe -mode=encrypt-config -config=my_config.env - Start the CIAM service using the secret key and the config file generated above
# start cmd /c "echo <generated key from step 3> | ciam-service-plain.exe -mode=start -config=config_enc.env"
OR
Run the CIAM service in the background using the command below:# start cmd /c "echo <generated key step 3> | ciam-service-plain.exe -mode=start -config=config_enc.env“ >> ciam.log
Note:
- The CIAM service must be in running state for SSO to function.
CIAM_CLIENT_NAME - CIAMclient identifier for CIAM serverconfig_enc.env- encrypted configuration file created at step 6- Execution logs will be available under
<SRM-INSTALLED-PATH>/APG/bin/ - The SSO settings are stored in a temporary database (SQLite), so the configuration must be entered manually one time. After clicking SAVE, the configuration parameters will not be visually displayed in the SRM SSO settings UI.
- Since the DB used is temporary, the SSO must be reconfigured if any of the below activities are performed:
- System Reboot
- SRM upgrade or patch
- Temporary DB cleared or migrated
Refer to the SRM Administration Guide under "Troubleshooting CIAM Service" for detailed reconfiguration steps.
Affected Products
SRMArticle Properties
Article Number: 000379566
Article Type: How To
Last Modified: 25 جمادى الآخرة 1447
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.