Setup ProvisioningSystem to authenticate with Key
This guide deals with how to change the authentication method of your Zervicepoint ProvisioningSystem (the worker) from using ADFS to instead use a Key. This is useful in an environment where you do not have access to an ADFS service. This guide has two parts; Generating the key and configuring ProvisioningSystem to use this key.
Follow these steps to change the authentication method to Key.
You will need access to the server running the ProvisioningSystem to complete this setup
- Go to AdminWeb, Edit Store, Worker Authentication tab
- Click the Authentication method dropdown and select Key
- Click on Generate key and the following modal will be shown
- Make sure you copy the Key as it will only be shown once
Make sure you click Save
You now need to connect to the server running the ProvisioningSystem. Either through RDP or if you can access the file system remotely
Open the following file in an editor as Administrator
Configure the following keys in the config file:
<add key="AuthenticationMethod" value="Key" />
This tells the ProvisioningSystem to use Key when authenticating towards Zervicepoint
<add key="CredentialIdentifier" value="ZervicepointProvisioning"/>
This specifies the name of the credential that stores the Key on the ProvisioningSystem server. More about this below
<add key="StsAppliesTo" value="https://zervicepoint.dev.local/"/>
This specifies URL to the Zervicepoint instance the ProvisioningSystem belongs to
The CredentialIdentifier above can have any value as long as there exists a corresponding credential on the server. The credential needs to be created using the service account that runs the ProvisioningSystem. To create this credential you have three options:
Use the PowerFrame cmdlet. You need to run PowerShell as the service account that runs the ProvisioningSystem
New-PFCredential -Name ZervicepointProvisioning -Username ZervicepointProvisioning -Password (Actual key generated above)
Logon to the server running the ProvisioningSystem with the service account that runs the ProvisioningSystem and create the credential manually. Name must match the config above and the password must be the generated key
- The third option is using our Zervicepoint Powershell API which is described in steps 10 and 11 below
Run the following line of code to import the module Zervicepoint Powershell Management API (assuming the module is installed in the default location). You need to run PowerShell as the service account that runs the ProvisioningSystem. Import the module
Import-Module "C:\Program Files\Zipper\ZervicePoint\Powershell\ZervicePoint.WebApi.PowerShell"
Then run the following code to put the key you just generate into a credential called ProvisioningKey (needs to match the name specified in the config file above) Configure the key on the local machine
Set-ZPKeyCredential -Name "ZervicepointProvisioning" -Key "Un+cfCbIAYT69bZwz6MR8TJd9LJ0iCFwh6/r/RY3H5M="
Repeat steps 7 and 8 for ProvisioningSystemInvetory. The config file that needs to be updated is located here:
The credential identifier and the other two configuration nodes should match the one in ProvisioningSystem
Now you need to restart both ProvisioningSystem and ProvisioningSystemInventory for the change to have affect. To do this with PowerShell run the following line