security.manager - Enterprise Edition
|
This section refers exclusively to the connection of smart.finder with security.manager Enterprise Edition. |
The following possibilities arise through a connection with security.manager:
-
Assigning roles for using the Job Manager.
-
Assignment of roles for the use of the Solr Admin Client.
-
Assignment of roles for the user-sensitive restriction of the search index.
Establishing a connection between smart.finder and security.manager
Running smart.finder and security.manager under the same host
The following parameters must be added or changed in the global configuration.
security.mode=ONLY_AUTHN
# security.manager adminstration service location
security.administration.url=https://<yourserver>/administration
# Key Store Location.
# This is the path to the keystore (`.keystore` file) shared by security.manager and {product-name}
security.keystore.location=C:/data/conterra/.keystoreIf further keystore settings are changed in security.manager (e.g. password), these must also be added to the smart.finder configuration.
Operation of smart.finder and security.manager on different hosts
If security.manager is installed on a different server than smart.finder, the keystore file must be copied to the smart.finder server.
In addition to the settings described in the previous section, the following parameter must also be added or changed in the security.manager configuration (where example.com is the name of the host where map.apps is installed).
security.allowed.hostnames=example.comFor smart.finder it is also necessary to configure the cors.request.trustedServers option.
# Comma separated list of servers:
cors.request.trustedServers=https://securitymanager.example.com:8443Using the Job Manager
In order to use the Job Manager in an SSO scenario with security.manager, it is necessary to assign a smart.finder administration role.
To do this, the roles solrAdmin and maAdmin must be created in security.manager and assigned to the account with which the smart.finder Job Manager is to be used.