Configuring reseller root domains

Tags: 454 views 4

How to set up your Atomia environment to allow different domain names for different resellers.

Setting up bindings in IIS

  1. Import certificate for new domain(s) to IIS.
  2. Set up site bindings on separate IPs in IIS for each domain that should be supported in Hosting Control Panel, Billing and Identity.
  3. Add web.config for reseller redirect sites, e.g. C:\Program Files (x86)\Atomia\ResellerDomainRedirection\HostingControlPanel\web.config.
  4. Add redirect sites to IIS based on already existing redirect sites.

Configuring Identity

  1. All services must use a ServiceHostFactory that filters baseAddress, since service host only supports single https baseAddress.
  2. The host that should be used for https baseAddress is added to web.config by default.
  3.   <configuration>
          <atomiaSTSConfig>
              <baseHttpsAddress address="https://identity.reseller1.com" />
          </atomiaSTSConfig>
      </configuration>
    
  4. Add claim type resellerRootDomain to passiveRpClaimRequests in web.config. The domains should share realm, e.g. the “primary” domain, so each claim type should only be added once.
  5.   <configuration>
          <atomiaSTSConfig>
              <passiveRpClaimRequests>
                  <realm address="https://hcp.reseller1.com">
                      <add claimType="http://schemas.atomia.com/atomia/2009/04/identity/claims/identityData/resellerRootDomain" />
                  </realm>
                  <realm address="https://billing.reseller1.com">
                      <add claimType="http://schemas.atomia.com/atomia/2009/04/identity/claims/identityData/resellerRootDomain" />
                  </realm>
                  <realm address="https://admin.reseller1.com">
                      <add claimType="http://schemas.atomia.com/atomia/2009/04/identity/claims/identityData/resellerRootDomain" />
                  </realm>
              </passiveRpClaimRequest>
          </atomiaSTSConfig>
      </configuration>
    

Important!

The Admin Panel needs the claim even if it is only run on a single domain, or login to customer accounts from the admin panel will not work.

  1. Reseller templates for email sent on forgotten password need a couple of resource strings to be added in ForgotPassword.aspx.*.resx for each reseller domain.
    1. mailBody-<resellerDomain>, e.g. mailBody-reseller1.com
    2. MailSubject-<resellerDomain>, e.g. MailSubject-reseller1.com
  2. From address for identity emails can be configured per reseller. The reseller that uses the “base” identity domain uses the regular emailConfiguration from setting. Resellers that should use another from address need to be added to the resellerFromEmailList.
  3.   <pasiveStsConfiguration xmlns="http://schemas.atomia.com/2009/06/configuration/identity">
          <eMailConfiguration from="[email protected]" host="10.0.2.2" password="" port="25" ssl="false" username="" />
          <resellerFromEmailList>
              <resellerFromEmail rootDomain="reseller2.com" from="[email protected]" />
          </resellerFromEmailList>
      </pasiveStsConfiguration>
    

Confguring WebFrame applications: Hosting Control Panel and Billing Customer Panel

  1. Add domain(s) to audienceUris in web.config.
  2.   <configuration>
          <microsoft.identityModel>
              <service saveBootstrapTokens="true">
                  <audienceUris>
                      <add value="https://billing.reseller1.com/">
                      <add value="https://billing.reseller2.com/">
                  </audienceUris>
              </service>
          </microsoft.identityModel>
      </configuration>
    
  3. Add cookie handler to web.config.
  4.  <configuration>
          <microsoft.identityModel>
              <service saveBootstrapTokens="true">
                  <federatedAuthentication>
                      <cookieHandler requireSsl="true" domain="reseller.com" path="/" mode="Custom">
                          <customCookieHandler type="Atomia.Identity.CookieHandlers.ResellerDomainsCookieHandler, Atomia.Identity.CookieHandlers" />
                      </cookieHandler>
                  </federatedAuthentication>
              </service>
          </microsoft.identityModel>
      </configuration>
    
  5. Add AuthorizeResellerDomain to appConfig.config global settings, so resellerRootDomain claims are checked to access pages in the control panel.
  6. <appConfig>
          <globalSettingsList>
              <globalSetting name="AuthorizeResellerDomain" value="true" />
          </globalSettingsList>
      </appConfig>
    
  7. Add ResellerDomainRewriteEnabled to appConfig.config global settings to make links in the control panel point to reseller domain instead of the default domain.
  8.   <appConfig>
          <globalSettingsList>
              <globalSetting name="ResellerDomainRewriteEnabled" value="true" />
          </globalSettingsList>
      </appConfig>
    
  9. Each setting that should be rewritten for reseller domains also needs to have the attribute useResellerDomain set globalSettings menuItems, where this is applicable have it set to false by default.
  10.   <globalSetting name="HostingControlPanelUrl" value="https://hcp.reseller1.com" useResellerDomain="true" />
    
  11. Where this is applicable, useResellerDomain can be set as pluginSetting in individual plugin config files, e.g. Atomia.Web.Plugin.PaymentForm.dll.config and Atomia.Web.Plugin.Domains.dll.config.

Configuring Reseller Domain Claims in Billing

  1. Each reseller should have a ResellerCustomAttribute with name ResellerRootDomain and value the appropriate domain, e.g. reseller1.com or reseller2.com.
  2. When a new customer is added in Billing, the customer will from the reseller configuration get all configured values for ResellerRootDomain added to AtomiaIdentity.dbo.identity_properties.
  3. Adding resellerRootDomain with a value * (wildcard) to AtomiaIdentity.dbo.identity_properties for a user, e.g. for Administrators, will give them access to all domains.
  4. The resellerRootDomain identity property needs to be added manually to all existing users, including Administrators, for them to be able to login to the control panels. This can be done with the following SQL query:
  5. insert into AtomiaIdentity..identity_properties (username, property, value) select l.username, 'resellerRootDomain', rrd.value from AtomiaBilling..reseller_configuration_custom_attribute rrd inner join AtomiaBilling..reseller_configuration rc on rc.id = rrd.fk_reseller_configuration_id inner join AtomiaBilling..account_details ad on ad.fk_reseller_configuration_id = rc.id inner join AtomiaAccount..account a on a.fk_parent_account_id = ad.account_id inner join AtomiaAccount..login l on l.fk_account_id = a.id left join AtomiaIdentity..identity_properties ip on ip.property = 'resellerRootDomain' where rrd.name = 'ResellerRootDomain' and ip.id is null 
    
  1. To configure from and reply-to for emails the following should be added for each reseller:
    1. ResellerCustomAttributes
    2. DispatcherEmailAddress
    3. DispatcherReplyToEmailAddress
  2. To activate reseller from and reply-to addresses the Maildispatcher configuration mailDispatcherConfiguration / mailPlugin also needs to have the attribute useResellerDispatcherEmailAddresses="true".
  3. OnlinePaymentUrl and ResetPasswordUrl in emails are rewritten based on the ResellerCustomAttribute of the ResellerRootDomain. If the attribute exists for a reseller the links will be rewritten.
  4. Other email links, e.g. HcpUrl, are set as AccountDetailsCustomAttribute for each reseller.

Misc

  1. Make sure each reseller have their own plugin configuration for e.g. payment plugins with callback URLs set to the correct domain.

Was this helpful?