Prerequisites
- The FireStart server and Process Portal are hosted on the same machine (eg.: sho-dev-pc.prologics.at:8443)
- The IdentityServer is hosted with the reverse proxy (eg.: bld-agent.firestart.com:443)
Setup
Install the FireStart server
Configure the public and internal names/ports:
Make sure that the server name/port in the init.json for the Process Portal points to the reverse proxy. You may also check the PROLOGICS/Urls Key in the registry. The screenshot below shows an example of what the entries in the registry look like.
Caution: Do not start the FireStart server before authentication has been successfully configured.
Deploy the IdentityServer to the reverse proxy
The reverse proxy configuration needs to rewrite URLs to the internal FireStart server but not the authentication requests. A valid regular expression for the IIS UrlRewrite is ^(?!auth).*$ . Below is an example of what the action looks like when using the mentioned regular expression.
XML
|
<?xml version="1.0" encoding="UTF-8"?> |
Then copy the PROLOGICS FireStart IdentityServer from the installed server to the folder on the reverse proxy server. Make sure that the .NET Core hosting bundle is installed.
Create the authentication subsite in IIS
The physical path is the PROLOGICS FireStart IdentityServer folder you copied. There you have to enable Windows authentication for the subsite. Make sure the IS app pool has access to the physical path.
Configure the IdentityServer via app settings
The following tasks have to be performed:
- adapt the "path:" for the log file in the Serilog section to contain an existing folder, where the app pool has full control to create log files
- settings: Adapt the BaseUrl to contain the address of the IdentityServer (e.g. https://bld-agent.firestart.com:443/auth)
- adapt the name to the public server (e.g. bld-agent.firestart.com)
- adapt the port to the public reachable port (e.g. 443)
- adapt the DB path to contain an existing folder where the app pool has full control to create SQLite databases
- make sure the selected certificate for JWT signing is available and the app pool has permissions to read the key
- perform an IIS reset
- try accessing the authentication site from the browser and logging in, which should work now (on the reverse proxy and the FireStart server)
JSON
|
{ |