- Getting Started
- Requirements
- Best Practices
- Installation
- Updating
- Identity Server
- High Availability Add-on
Identity Server Scripts
Publish-IdentityServer.ps1
.
Parameter |
Description |
---|---|
|
Mandatory. Indicates the type of scenario you want to start. The following options are available:
|
|
Mandatory. The Azure service principal ID. Please note that the used service principal needs to be assigned the Contributor role to the app service at the subscription scope. |
|
Mandatory. The Azure token password for the service principal ID. |
|
Mandatory. The Azure subscription ID for the App Service that hosts Orchestrator. |
|
Mandatory. The Azure tenant ID. |
|
Mandatory. The name of the Azure Resource Group that contains the Identity Server App Service. |
|
Mandatory. The Identity Server Azure App Service name. Note that it should be different from your Orchestrator App Service name. |
|
Mandatory. The URL of the Orchestrator instance. |
|
Mandatory. Indicate the full path or relative path of the
UiPath.IdentityServer.Web.zip archive.
|
|
Mandatory. Indicate the full path or relative path of the
UiPath.IdentityServer.Migrator.Cli.zip archive.
|
|
Optional. It can be used only if the Identity Server App Service deployment slot is different from the default Production App Service Slot set by Azure. |
|
Optional. If present, it stops the application before deployment and it starts it after the deployment is completed. |
|
Optional. If present, the deployment continues without any user confirmation. |
|
Optional. Enables the specification of a directory where needed files are downloaded and unzipped. |
Publish-IdentityServer.ps1
script is used for the initial deployment or update of Identity Server. The script assumes that the web app already has the
DefaultConnection
database connection string configured.
.\Publish-IdentityServer.ps1 `
-action Deploy `
-orchestratorUrl "<orchestrator_address>" `
-azureSubscriptionId "<subscription_id>" `
-azureAccountTenantId "<azure_tenant_id>" `
-azureAccountApplicationId "<azure_application_id>" `
-azureAccountPassword "<azure_account_password>" `
-package "UiPath.IdentityServer.Web.zip" `
-cliPackage "UiPath.IdentityServer.Migrator.Cli.zip" `
-stopApplicationBeforePublish `
-resourceGroupName "<resourcegroup_name>" `
-appServiceName "<appservice_name>" `
-unattended
.\Publish-IdentityServer.ps1 `
-action Deploy `
-orchestratorUrl "<orchestrator_address>" `
-azureSubscriptionId "<subscription_id>" `
-azureAccountTenantId "<azure_tenant_id>" `
-azureAccountApplicationId "<azure_application_id>" `
-azureAccountPassword "<azure_account_password>" `
-package "UiPath.IdentityServer.Web.zip" `
-cliPackage "UiPath.IdentityServer.Migrator.Cli.zip" `
-stopApplicationBeforePublish `
-resourceGroupName "<resourcegroup_name>" `
-appServiceName "<appservice_name>" `
-unattended
After publishing Identity Server, perform the following steps:
- Go to Azure Portal.
- Select your Identity Server App Service.
- Under TLS/SSL Settings menu, go to Private Key Certificates tab.
- Upload a private key certificate
.pfx
file with a valid password.Note: This certificate is used to sign the access tokens and the ID tokens. - Under Configuration menu, add the following application settings exactly as written in the Application Settings column:
Application Setting
Value
Description
AppSettings__IdentityServerAddress
https://[IdentityServer]/identity
The public URL of the Identity Server.
Important: The URL must contain the address of Identity Server + the suffix/identity
.AppSettings__SigningCredentialSettings__StoreLocation__Location
CurrentUser
This has to point to CurrentUser.
AppSettings__SigningCredentialSettings__StoreLocation__Name
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
The thumbprint of your certificate that you've uploaded earlier.
AppSettings__SigningCredentialSettings__StoreLocation__NameType
Thumbprint
EnterThumbprint
as the type of the previous field.WEBSITE_LOAD_CERTIFICATES
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
The thumbprint value of your certificate that you've uploaded earlier.
WEBSITE_LOAD_USER_PROFILE
1
The user profile.
- Save the changes.
Find more details in the Microsoft Azure documentation.
MigrateTo-IdentityServer.ps1
.
Parameter |
Description |
---|---|
|
This parameter is a hash table that contains the following values:
|
|
This parameter is a hash table that contains the following values:
|
|
This parameter is a hash table that contains the following values:
|
|
Mandatory. The public address of the Identity Server. Important: The Url must contain the address of Identity Server + the suffix
/identity . Example:
|
|
Mandatory. The public address of the Orchestrator. |
|
Optional. Enables the specification of a directory where needed files are downloaded and unzipped. |
MigrateTo-IdentityServer.ps1
script is used to migrate user data from Orchestrator to Identity Server and set the configurations for both. It sets the
identity authority of Orchestrator to Identity Server and it creates client configuration for Orchestrator in Identity Server.
The script assumes that Orchestrator and Identity Server are already published.
.\MigrateTo-IdentityServer.ps1 `
-cliPackage "UiPath.IdentityServer.Migrator.Cli.zip" `
-azureDetails @{azureSubscriptionId = "<subscription_id>"; azureAccountTenantId = "<azure_tenant_id>"; azureAccountApplicationId = "<azure_application_id>"; azureAccountPassword = "<azure_account_password>" } `
-orchDetails @{ resourceGroupName = "<resourcegroup_name>"; appServiceName = "<appservice_name>"; targetSlot = "Production" } `
-identityServerDetails @{ resourceGroupName = "<resourcegroup_name>"; appServiceName = "<appservice_name>"; targetSlot = "Production" } `
-identityServerUrl "https://<IdentityServerURL>/identity" `
-orchestratorUrl "https://<OrchestratorURL>"
.\MigrateTo-IdentityServer.ps1 `
-cliPackage "UiPath.IdentityServer.Migrator.Cli.zip" `
-azureDetails @{azureSubscriptionId = "<subscription_id>"; azureAccountTenantId = "<azure_tenant_id>"; azureAccountApplicationId = "<azure_application_id>"; azureAccountPassword = "<azure_account_password>" } `
-orchDetails @{ resourceGroupName = "<resourcegroup_name>"; appServiceName = "<appservice_name>"; targetSlot = "Production" } `
-identityServerDetails @{ resourceGroupName = "<resourcegroup_name>"; appServiceName = "<appservice_name>"; targetSlot = "Production" } `
-identityServerUrl "https://<IdentityServerURL>/identity" `
-orchestratorUrl "https://<OrchestratorURL>"