Management Console

Axidian Management Console (Management Console) is a web application that runs on the basis of IIS. It allows you to administer the system and user settings.

How to open Management Console

In the browser: http(s)://server dns/am/mc
In IIS: <machine name>\sites\Default Web Site\am\mc

Set up Management Console:

Install the module.
Create an HTTPS binding in the IIS settings.
Set up authentication.
If required, configure optional settings.

Install Management Console

System requirements

To install Management Console, run Axidian.ManagementConsole-version number.x64.ru-ru.msi located at Axidian version number\Axidian Management Console version number.
When the installation is complete, you will be prompted to generate a new IDP certificate. This is an optional setting.
info
The certificate is required for authentication in Management Console using Identity Provider. This certificate is not intended for establishing the SSL connection.
If this certificate was generated earlier, disable the option.
If this option is enabled, a new self-signed certificate is generated and installed in the Local Machine → Personal certificate store. The certificate is used to encrypt data transmitted between the authentication server and the client application.

Create HTTPS binding

If during the installation the requirement for SSL certificate is enabled in the IIS settings, you must create an HTTPS binding as follows:

In IIS Services Manager, in the left menu, navigate to Axidian Access → sites → Default Web Site.
In the Actions section of the right menu, click Bindings.
Click Add and set the following parameters in the window that appears:
- In the Type field, select https.
- In the Port field, specify 443.
- In the SSL Certificate field, select the Core Server certificate.
Click OK to save the link.

If you do not plan to use the HTTPS protocol, disable the SSL certificate requirement in the IIS settings for Management Console.

Also, in C:\inetpub\wwwroot\am\mc\Web.config, change the value of the requireSSL parameter to false as follows:

<httpCookies httpOnlyCookies="true" requireSSL="false" />

Configure authentication

You can set different authentication methods to log in to Management Console.

Windows Authentication
Identity Provider

Authentication using Windows Authentication

To set up authentication using Windows Password, enable Windows Authentication and edit the console configuration file.

Enable Windows authentication

Open IIS Services Manager and in the left menu, expand the Axidian Access → sites → Default Web Site → am → mc node.
Click Authentication.
Turn on the Impersonation ASP.NET and Windows authentication. Disable all other authentication methods.

Modify the configuration file

Open C:\inetpub\wwwroot\am\mc\Web.config for editing.
In the amAuthServer section, in the Url parameter, specify the address for connecting to Core Server, such as http(s)://full_dns_name of the server/am/core/.

<amAuthServer Url="https://amcore.test.local/am/core/">

In the LogServer section, in the Url parameter, specify the address for connecting to Log Server, such as http(s)://full_dns_name of the server/ls/api.

<logServer Url="http://amcore.test.local/ls/api/">

If multiple servers are used, specify the address of the load balancer.

Save the changes and restart the IIS server.

Management Console will be available at: http(s)://full_dns_name of the server/am/mc/.

Note

To ignore server certificate errors when logging in to the console, in C:\inetpub\wwwroot\am\mc\Config\applicationSettings.config change the value of the isIgnoreCertErrors parameter to true.

To set up a secure login to Management Console using Identity Provider:

Install and configure the Identity Provider module.
Install and configure an authentication provider.
Set up authentication in IIS Service Manager.
Edit the Management Console and Identity Provider configuration files.

You can also configure logging out of Management Console using Identity Provider.

Set up authentication

In IIS Services Manager, in the left menu, expand the Axidian Access → sites → Default Web Site → am → mc node.
Click Authentication.
Enable options Anonymous authentication and Authentication using forms. Disable all other authentication methods.

Change the Management Console configuration file

Open C:\inetpub\wwwroot\am\mc\Web.config for editing.
In the amAuthServer section, in the Url parameter, specify the address for connecting to Core Server, such as http(s)://full_dns_name of the server/am/core/.

<amAuthServer Url="https://amcore.test.local/am/core/">

In the LogServer section, in the Url parameter, specify the address for connecting to Log Server, such as http(s)://full_dns_name of the server/ls/api.

<logServer Url="http://amcore.test.local/ls/api/">

If multiple servers are used, specify the address of the load balancer.

Make the following changes in the amAuthentication section:
- In the mode parameter, specify the Saml value.
- In the loginUrl parameter, specify the Identity Provider address, such as http(s)://full_dns_name of the server/am/idp/.
```
<amAuthentication mode="Saml" loginUrl="https://amcore.test.local/am/idp/>
```
- In the identityProviderCertificateThumbprint parameter, specify the fingerprint of the Identity Provider certificate.
```
Get-Childitem Cert:\LocalMachine\My\ | Where-Object {$_.Subject -eq "CN=idp"}
```
  Tip
  If Identity Provider and Management Console are installed on different servers, export the certificate without the private key from the server with the Identity Provider module to the server with Management Console. Add the certificate to the certificate store in the Local Machine → Personal section.
- In the serviceProviderCertificateThumbprint parameter, specify the fingerprint of the Management Console certificate that was generated during the installation. The certificate is installed in the Local Machine → Personal certificate store with the common name mcsp.
```
Get-Childitem Cert:\LocalMachine\My\ | Where-Object {$_.Subject -eq "CN=mcsp"}
```
Save the changes and restart IIS.

Management Console will be available at: http(s)://full_dns_name of the server/am/mc/.

Note

To ignore server certificate errors when logging in to the console, change the value of the isIgnoreCertErrors parameter to true in the C file.:\inetpub\wwwroot\am\mc\Config\applicationSettings.config.

Change the Identity Provider configuration file

Open C:\inetpub\wwwroot\am\idp\app-settings.json for editing.
In the PartnerServiceProviderConfigurations section, make the following changes:
- In the SingleLogoutServiceUrl parameter, specify the address of the server with the Management Console component installed, such as http(s):/full_dns_name of the server/am/mc/Account/SLOService.
- In the Thumbprint parameter, specify the fingerprint of the Management Console certificate that was generated during the installation of the package.
  Tip
  If Identity Provider and Management Console were installed on different servers, export the certificate without the private key from the server with Management Console to the server with the Identity Provider module. Add the certificate to the certificate store in the Local Machine → Personal section.
```
Get-Childitem Cert:\LocalMachine\My\ | Where-Object {$_.Subject -eq "CN=mcsp"}
```

Example

  "PartnerServiceProviderConfigurations":
              "Name": "urn:axidianid:emc",
              //highlight-grey-next-line
              "SingleLogoutServiceUrl": "https://server.axidian.local/am/mc/Account/SLOService",
              "PartnerCertificates":
                  //highlight-grey-next-line
                  "Thumbprint": "C77EDF29EA05B468BDAF553DE3D804DA4B139C1E"

Save the changes and restart IIS.

Install Management Console​

Create HTTPS binding​

Configure authentication​

Authentication using Windows Authentication​

Enable Windows authentication​

Modify the configuration file​

Authentication using Identity Provider​

Set up authentication​

Change the Management Console configuration file​

Change the Identity Provider configuration file​