0
Answered

Configuring IIS Security in 4.0

Matthew Woolnough 5 months ago • updated by anonymous 5 months ago 3

The EvB IIS security page contains the following example:

<? xml version="1.0" encoding="utf-8" ?>
<ConnectEngine>
    <roleAuthorizations>
        <roleAuthorization role="Unify.Event.Service.Read">
            <anonymous action="Allow" />
        </roleAuthorization>
        <roleAuthorization role="Unify.Event.User">
            <group action="Allow" groupName="Users"/>
        <roleAuthorization>
        <roleAuthorization role="Unify.Event.Administrator">
            <user action="Allow" userName="ExampleAdministrator_01" />
        </roleAuthorization>
        <roleAuthorization role="Unify.Event.Agents.Write">
            <user action="Deny" userName="UserWithDeniedAccess_03" />
        </roleAuthorization>
    </roleAuthorizations>
</ConnectEngine>

However, the Unify.Product.EventBroker.EventBrokerPlugInKey.extensibility.config.xml file contains:

<?xml version="1.0" encoding="utf-8" ?> <EventEngine changeId="{025F5A02-200E-4BA3-B74F-72623FAD3731}" />


Has the XML structure changed in 4.0?


Answer

Answer
Answered

In the web.config, update owin:AutomaticAppStartup = true and AuthorizeSetting = OpenId

Then add the following:

  • ida:ClientId = your client id
  • ida:AADInstance = the id for you instance of AAD
  • ida:TenantId = the id for your tenant
  • ida:PostLogoutRedirectUri = the redirect on sign-out url
As Matthew mentioned, the page will be updated to reflect this.
Under review

Hi Matthew,

That doco page was incorrect - the configuration for access control is now done a different way. We'll write up a doco page in the next day or two and link it here when it's completed - apologies for that.


You may also run into an issue with Event Broker throwing an error on the UI about a missing DLL. If this happens, please try clearing the ASP.net temp cache and restarting the service. More information on doing this can be found here

Answer
Answered

In the web.config, update owin:AutomaticAppStartup = true and AuthorizeSetting = OpenId

Then add the following:

  • ida:ClientId = your client id
  • ida:AADInstance = the id for you instance of AAD
  • ida:TenantId = the id for your tenant
  • ida:PostLogoutRedirectUri = the redirect on sign-out url
As Matthew mentioned, the page will be updated to reflect this.

Matthew, are you still experiencing the Yellow Screen of Death on the UI that mentions Unify.Framework.Collections.dll or one of its dependencies missing? If so, please create another issue so that we can track it properly.