Setup - STS Configuration
Overview
To install or update the environment and to configure their Secure Token Service (STS), administrators will need the page in Setup and API to provide the necessary settings.
Configure STS with Setup Wizard
Security Configuration is done via the Configuration wizard.
Since 10.0.1, STS is the only possible option. Disabling STS is not possible. Administrators can regenerate security keys and provide the hostname.
The SPS.config contains the enableSts attribute which indicates that STS is enabled.
Data that is related to the security keys regenerating is stored in the Matrix42 Workplace Management\bin\Matrix42.Auth.STS.dll.config file.
Starting from ESMP v.12.1.1 the configuration can be checked as follows:
- Matrix42 Workplace Management\bin\Matrix42.Auth.STS.dll.config file is removed. The keys and other attribute values from this file are moved to the following database tables:
- SPSGlobalConfigurationClassSecurity
-
PDRStsAudiences
-
PDRStsAlternativeHosts
- To verify if the STS is enabled, check the value of the update4u.SPS.Console-enableSts Key in PDRDwpConfigurationClass table in the database.
Clientsecret and audiencesecret attribute values are encrypted and shouldn’t be changed if there is no request to regenerate keys via the Configuration Wizard.
Configure STS with powershell API
Administrators can configure STS with API. It is possible to regenerate security keys and provide hostname using api.
For more information, see also Secure Token Service configuration page.