Installing Atomia Identity.
Before you begin
To install Atomia Identity the system must meet following requirements:
- Microsoft Windows Vista or Microsoft Windows Server 2008 or newer.
- Microsoft .NET Framework 3.5 SP1.
- Microsoft SQL Server 2008 (Express)
- Internet Information Services 7 (IIS 7)
- Installed Windows, Basic and Anonymous authentication features.
- ASP, ASP.NET, .NET Extensibility, ISAPI extensions, ISAPI filters features installed.
Firewall requirements
Identity communicates with Provisioning service, Hosting control panel, Billing control panel and AtomiaAccountApi services. Firewall should allow communications in both ways with servers where those applications/services are installed. Communication is done over http protocol on port 80.
System and domain accounts requirements
For provisioning services there must be domain account with following rights:
- full domain rights
- elevated system privileges
This account will be used for accessing MSSQL server database and IIS7 administration.
Installing Atomia Identity
- Download and start AtomiaIdentitySetup.exe application. Window shown on Image 1 will be shown.
- To proceed with installation click the Next button.
- Window with the license text will be shown. To continue with setup click on the Next button.
- Click Next to proceed.
- The next step is installation of Microsoft SQL Server Express and databases. Enter the name of the server and choose the type of authentication. Click Next.
- In the next step provide an account that will be used to run the Atomia Identity service and click Next to proceed.
- Select whether to install the Atomia Identity for current user only or for all users of the computer.
- Select the destination folder where the Atomia Identity is going to be installed. Click Next to continue with installation.
- Select the Start Menu folder where to install the shortcuts for the Atomia Identity..
- Click Next and the installation process begins. The following window will be shown.
- Wait until installation is finished. You should be able to see the window as the one shown on Image 10. Click Next.
- The installation procedure ends with the window shown in Image 10. Click Finish.
Installing Atomia Provisioning separately
If Atomia Provisioning Service is installed separately, then some manual changes must be made to the web.configuration files of Atomia Provisioning and Atomia Identity. Also, some of the certificates must be added from one machine to another.
Certificates
From the machine where Atomia Provisioning is installed, take AtomiaProvisioningCer.cer from the installation folder and on the Atomia Identity machine import this certificate (under the Local computer) into the following stores: Personal, Trusted root certificate authorities and Trusted people.
Changes to the Atomia provisioning WebConfig file
- Change the connection string for the Atomia Indentity databases (AtomiaUserManagement and AtomiaIdentity):
- Change certificate thumbprint for the Atomia Indentity certificate.
<connectionStrings> <add name="IdentityProviderConnectionString" connectionString="Data Source=localhost\SQLEXPRESS;Initial Catalog=AtomiaIdentity;Integrated Security=SSPI;" providerName="" /> <add name="UserManagementConectionString" connectionString="Data Source=localhost\SQLEXPRESS;Initial Catalog=AtomiaUserManagement;Integrated Security=True;" providerName="System.Data.SqlClient" /> </connectionStrings>
... <microsoft.identityModel> <service> <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=0.6.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <trustedIssuers> <add name="CN=Atomia Identity" thumbprint="0B1801359CD5F0787E38AF9820544E76B6F9772A" /> </trustedIssuers> </issuerNameRegistry> ...
Changes to the Atomia test client App.Config file
- All addresses which point to the location of the AtomiaIdentitySts service, ie “http://localhost/AtomiaIdentityStS/…” should be changed to point to the real location of the Atomia Indeity Sts service.
- All addresses which point to the Atomia Provisioning service should point to the localhost Atomia provisioning service “http://localhost/AtomiaProvisioning/…”