Overview:
You have multiple user bases. The users and roles for the different user bases must be stored separately. An instance of Identity Server can only have a single membership and role provider.
For example, suppose you use SQL Server to store users and roles for employees, and you want to use Identity Server's default membership and role providers for contractors. Either Identity Server uses the default membership and role providers, or it uses SQL Server—it cannot use both.
Solution:
Install a standalone instance of Geocortex Identity Server for each additional user base.
In the scenario described above, one instance of Identity Server would use the default membership and role providers, and the other instance would point to SQL Server.
There are four main steps to install a standalone instance of Identity Server:
Step 1: Create an application pool (optional)
Step 2: Configure and run the installation script
Step 3: Create the web application
Step 4: Configure Essentials to use the standalone instance
This article also provides instructions for uninstalling a standalone instance of Identity Server.
Before you Begin
Before you begin the installation, you should:
- Decide where you want to install Identity Server.
For example: C:\Program Files (x86)\Latitude Geographics\Geocortex Identity Server 2 - Decide how you want Identity Server hosted in IIS.
- Where in IIS will Identity Server be hosted?
For example: https://server.domain.com/Geocortex/IdentityServer2 - Will you create a new application pool for Identity Server or use an existing one?
- What is the name of the application pool that Identity Server will use?
- Will the web server support SSL?
- Where in IIS will Identity Server be hosted?
- Decide what certificate Identity Server will use to sign message content.
- Make sure you have the Identity Server installer, Geocortex.IdentityServer.msi.
You can find the installer in your existing Essentials installation. If Essentials is installed in the default location, the installer is here:C:\Program Files (x86)\Latitude Geographics\Geocortex Essentials\<Instance>\Post Install\Geocortex.IdentityServer.msi
Step 1: Create an Application Pool
If you want Identity Server to use an existing application pool, you can skip this step.
- Open IIS Manager.
- In the Connections side panel, right-click Application Pools and select Add Application Pool.
- Configure the application pool settings:
- Name: For example: IdentityServer2AppPool
- .NET Framework version: v4.0.30319
- Managed pipeline mode: Integrated
- Click OK.
Step 2: Configure and Run the Installation Script
Location of variables in the Install.bat file
- Create a new file in a text editor and paste the contents of the default Install.bat file into it.
- Save the file as Install.bat and place it in the temporary folder with the Identity Server installer.
- Open Install.bat in a text editor.
- Change the following variable values to match your environment and desired deployment:
- POSTINSTALL_DIR: The directory where the Geocortex.IdentityServer.msi file is located.
For example: INSTALL_DIR=C:\Program Files (x86)\Latitude Geographics\Geocortex Identity Server 2 (if you have a named instance it will be: C:\Program Files (x86)\Latitude Geographics\Geocortex Essentials\<Instance>\Post Install - INSTALL_DIR: The directory where you want to install Identity Server.
For example: INSTALL_DIR=C:\Program Files (x86)\Latitude Geographics\Geocortex Identity Server 2 - ISSUER_URI: A unique identifier for this instance of Identity Server. The convention is to use the URL of the Identity Server web application.
For example: ISSUER_URI=http://server.domain.com/Geocortex/IdentityServer2 - APPPOOL_NAME: The name of the application pool for Identity Server to use.
For example: APPPOOL_NAME=IdentityServer2AppPool - SIGNING_CERTIFICATE_NAME: If a default instance of Identity Server is already installed on this machine from an Essentials installation, you do not need to change this value—the installer will find the existing certificate. This is the recommended approach.
Otherwise, change the value to the subject name of a certificate that the Identity Server application pool identity has read access to.
For example: SIGNING_CERTIFICATE_NAME=CN=Geocortex, CN=Signing, CN=%COMPUTERNAME% - DISABLE_SSL: If the web server does not have a valid SSL certificate, set DISABLE_SSL to true. Otherwise set it to false.
For example: DISABLE_SSL=true - LOG_OUTPUT_FILE: The log file for the output of the installation script. Changing the log file is optional.
For example: LOG_OUTPUT_FILE=InstallLog.txt
- POSTINSTALL_DIR: The directory where the Geocortex.IdentityServer.msi file is located.
- Save the file.
- Run Install.bat as an administrator.
When Install.bat completes, it opens the LOG_OUTPUT_FILE in Notepad. - Record the value of ServiceSecret—you will need it in Step 4.
Step 3: Create the Web Application
- Open IIS Manager.
- In the Connections side panel, right-click Default Web Site, right click on the "Geocortex" folder and select Add Application.
- Configure the application settings:
- Alias: For example: IdentityServer2
- Physical path: For example: C:\Program Files (x86)\Latitude Geographics\Geocortex Identity Server 2\Web
- Application pool: For example: IdentityServer2AppPool
The URL of this web application will be something like:
http://server.domain.com/Geocortex/IdentityServer2, or https://server.domain.com/Geocortex/IdentityServer2
Step 4: Configure Essentials to use the standalone instance
- Open Geocortex Essentials Manager.
- Click the Security tab.
- In the left side panel, click Providers.
- Click Add Identity Server.
- Configure Identity Server's settings:
- Display Name: For example: Geocortex Identity Server 2
- URL: From Step 3.
- Secret: The ServiceSecret from Step 2.
- Click OK.
- To test the configuration, click the Users and Roles icon beside the standalone Identity Server, and then try adding and removing users and roles.
Upgrade a Standalone Instance of Identity Server
- Make a backup of any configuration changes you made.
- Install a new copy of Identity Server
- The web.config will be overwritten.
- Most of the configuration files (membership.config, roleManager.config, connectionStrings.config) and databases (IdentityServerConfiguration.sdf, IdentityServerUsers.sdf) will be preserved.
- Custom assemblies will be preserved.
- Re-run the steps above in Configure and run the installation script.
- Reapply any config settings that were overwritten.
Uninstall a Standalone Instance of Identity Server
Standalone instances of Identity Server are not added to the Programs and Features list of Windows.
- Remove the web application:
- Open IIS Manager.
- In the Connections side panel, expand the Default Web Site.
- Right-click the Identity Server web application and select Remove.
- Remove the application pool:
If the application pool is used by other web applications, skip this step.- In IIS Manager, click Application Pools in the Connections side panel.
- Right-click the application pool and select Remove.
- Remove the application files:
- In the file system, navigate to the Identity Server installation directory and delete it.
- Remove the security provider:
- Open Geocortex Essentials Manager.
- Click the Security tab.
- In the left side panel, click Providers.
- Click the Remove icon beside the standalone Identity Server.
Comments
0 comments
Article is closed for comments.