Versions Compared

Old Version 4

changes.mady.by.user Kim Landis

Saved on

compared with

New Version 5

changes.mady.by.user Kim Landis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Div
classbreadcrumbs

/wiki/spaces/E2D/pages/29982926  /  Installation and Configuration / Configuring EmpowerID  /  Connecting to Directory Systems  /  Current: Configuring Identity Forge for EmpowerID

This topic describes how to configure Identity Forge for use with EmpowerID. Once you have followed the steps outlined in this topic, you can connect EmpowerID to your AS/400 directories. Configuring Identity Forge for EmpowerID involves the following:

  • File preparation and downloads
    • Installing and configuring

     




    To install and configure the Java environment

  • Installing the IdentityForge as400.properties file
  • Unpacking the IdentityForge environment
  • Configuring the Front-End LDAP Administrative Account
  • Configuring the Back-End LDAP Administrative Account
  • Configuring SSL for the IdentityForge LDAP Server
  • Configuring SSL for the AS/400
  • Packaging the IdentityForge environment
  • Configuring the IdentityForge Windows wrappers server
  • Troubleshooting and monitoring the IdentityForge server

    • To install and configure the Java environment

  • Execute the Java JDK installer and click Next.
  • On the optional features page, change Public JRE to This feature will not be available and changeSource Code to This feature will not be available.
  • Click Development Tools and then click the Change button.
  • Change C:\Program Files (x86)\Java\jdk1.7.0_25 to a shorter path without spaces in it, such as C:\software\jdk1.7.0_25\.
  • Click Next to begin the installation.
  • Click Close when finished.
  • Open Control Panel by clicking Start, typing Control and pressing ENTER.
  • From Control Panel, navigate to System > Advanced system settings and then click Environment Variables.
  • In the System variables pane of the Environment Variables window that appears, click New.
  • In the New System Variable dialog that appears, do the following:
    1. Type JAVA_HOME in the Variable name field
    2. Type the installation path of the Java JDK, such as C:\software\jdk1.7._25, in the Variable value field
    3. Click OK to close the dialog.
  • Close the Environment Variables and System Properties windows and then close Control Panel.
  • Extract i5_advanced_adapter_5.0.0.4_enterprise.zip to the root of the partition (C:\ in our example) and then navigate toC:\i5_Advanced_Adapter_5.0.0.4_Enterprise\etc\LDAP Gateway.
  • Extract ldapgateway.zip to the root of the partition (C:\ in our example).
  • Extract jtopen_7_10.zip to a folder named jtopen_7_10 in the root of the partition (C:\ in our example).
  • Navigate to C:\jtopen_7_10\lib\ and copy jt400.jar and util400.jar to C:\ldapgateway\lib.
    • Navigate to C:\ldapgateway\bin and open run.bat in
    1. Execute the Java JDK installer and click Next.
    2. On the optional features page, change Public JRE to This feature will not be available and changeSource Code to This feature will not be available.
    3. Click Development Tools and then click the Change button.
    4. Change C:\Program Files (x86)\Java\jdk1.7.0_25 to a shorter path without spaces in it, such as C:\software\jdk1.7.0_25\.
    5. Click Next to begin the installation.
    6. Click Close when finished.
    7. Open Control Panel by clicking Start, typing Control and pressing ENTER.
    8. From Control Panel, navigate to System > Advanced system settings and then click Environment Variables.
    9. In the System variables pane of the Environment Variables window that appears, click New.
    10. In the New System Variable dialog that appears, do the following:
      1. Type JAVA_HOME in the Variable name field
      2. Type the installation path of the Java JDK, such as C:\software\jdk1.7._25, in the Variable value field
      3. Click OK to close the dialog.
    11. Close the Environment Variables and System Properties windows and then close Control Panel.
    12. Extract i5_advanced_adapter_5.0.0.4_enterprise.zip to the root of the partition (C:\ in our example) and then navigate toC:\i5_Advanced_Adapter_5.0.0.4_Enterprise\etc\LDAP Gateway.
    13. Extract ldapgateway.zip to the root of the partition (C:\ in our example).
    14. Extract jtopen_7_10.zip to a folder named jtopen_7_10 in the root of the partition (C:\ in our example).
    15. Navigate to C:\jtopen_7_10\lib\ and copy jt400.jar and util400.jar to C:\ldapgateway\lib.
    16. Navigate to C:\ldapgateway\bin and open run.bat in the text editor of your choice.

    17. Adjust the following line to the installation path of the Java JDK:


      Code Block
      languagejava
      themeDJango
      set JAVA_HOME=\software\jdk1.6.0_16


      In our example, this line would be changed to the following:


      Code Block
      languagejava
      themeDJango
      set JAVA_HOME=C:\software\jdk1.7.0_25


    To configure the IdentityForge as400.properties file

    1. Navigate to C:\ldapgateway\conf and open as400.properties in the text editor of your choice.

    2. From the text editor, change the following parameter to true:


      Code Block
      languagejava
      themeDJango
      _isSSL_


    3. Adjust the following parameters with the IP address of your target iSeries:


      Code Block
      languagejava
      themeDJango
      _host_ 
_agentHost_


    4. Adjust the following parameters with the UID of the administrative AS/400 account:


      Code Block
      languagejava
      themeDJango
      _adminId_            
_agentAdminId_


    5. Place a '#' in front of the following parameters to comment them out:


      Code Block
      languagejava
      themeDJango
      _adminPwd_           
_agentAdminPwd_


    6. Remove the '#' from the following parameters to uncomment them:


      Code Block
      languagejava
      themeDJango
      _adminPwdEncrypt_            
_agentAdminPwdEncrypt_


    7. Copy C:\i5_Advanced_Adapter_5.0.0.4_Enterprise\scripts\propertyEncrypt.bat to C:\ldapgateway\dist and then open C:\ldapgateway\dist\propertyEncrypt.bat in the text editor of your choice.

    8. Adjust the following line to the installation path of the Java JDK:


      Code Block
      languagejava
      themeDJango
      set JAVA_HOME=C:\software\jdk1.
    6
    1. 5.0_
    16
    1. 15


      In our example, this line would be changed to the following:


      Code Block
      languagejava
      themeDJango
      set JAVA_HOME=C:\software\jdk1.7.0_25

    To configure the IdentityForge as400.properties file

  • Navigate to C:\ldapgateway\conf and open as400.properties in the text editor of your choice.
    • From the text editor, change the following parameter to true


    1. Scroll through the propertyEncrypt.bat file until you see the following line:


      Code Block
      languagejava
      themeDJango
    _isSSL_
    Adjust the following parameters with the IP address of your target iSeries
    1. SET CLASSPATH=C:\software\identityforge\ldapgateway\dist\idfserver.jar


      This path needs to point to the IdentityForge installation directory. In our example, this line would be changed to the following:


      Code Block
      languagejava
      themeDJango
    _host_ 
_agentHost_
    Adjust the following parameters with the UID of the administrative AS/400 account
    1. SET CLASSPATH=C:\ldapgateway\dist\idfserver.jar


    2. Scroll to the end of the propertyEncrypt.bat file until you see the following lines:


      Code Block
      languagejava
      themeDJango
    _adminId_
    1. rem Start Property Encrypt Utility %JAVACMD%  %JVM_OPTS%  -cp %CLASSPATH% 
    _agentAdminId_

    Place a '#' in front of the following parameters to comment them out:

    Code Block
    languagejava
    themeDJango
    _adminPwd_           
_agentAdminPwd_
    Remove the '#' from the following parameters to uncomment them
    1. com.identityforge.idfserver.util.AESCipherUtil idfRacfPwd


    2. Change the bolded text to the password of the AS/400 administrative account, then save the propertyEncrypt.bat file.

    3. Double-click propertyEncrypt.bat. You should see something similar to the following output:


      Code Block
      languagejava
      themeDJango
    _adminPwdEncrypt_
    1. New encrypted string as
    _agentAdminPwdEncrypt_Copy C:\i5_Advanced_Adapter_5.0.0.4_Enterprise\scripts\propertyEncrypt.bat to C:\ldapgateway\dist and then open C:\ldapgateway\dist\propertyEncrypt.bat in 
    1. HEX: 10902AA71C4DF819C965E8B5B7DF0208


    2. Copy this value (in our example, 10902AA71C4DF819C965E8B5B7DF0208) to the clipboard.
    3. Navigate to C:\ldapgateway\conf and open as400.properties in the text editor of your choice.
    Adjust

    1. Paste the value into the following

    line to the installation path of the Java JDK

    1. parameters:


      Code Block
      languagejava
      themeDJango
    set JAVA_HOME=
    1. _adminPwdEncrypt_
_agentAdminPwdEncrypt_


    To unpack the IdentityForge environment

    1. Navigate to C:\
    software\jdk1.5.0_15

    In our example, this line would be changed to the following:

    Code Block
    languagejava
    themeDJango
    set JAVA_HOME=C:\software\jdk1.7.0_25

    Scroll through the propertyEncrypt.bat file until you see the following line:

    Code Block
    languagejava
    themeDJango
    SET CLASSPATH=C:\software\identityforge\ldapgateway\dist\idfserver.jar
    This path needs to point to the IdentityForge installation directory. In our example, this line would be changed to the following
    1. ldapgateway\dist and rename idfserver.jar to idfserver.zip.
    2. Extract the contents of idfserver.zip to C:\ldapgateway\dist\idfserver.

    To configure the Front-End LDAP Administrative Account

    The next step is to set the Front-End LDAP administrative account and password. This is the account used by EmpowerID to bind to the IdentityForge LDAP server.

    1. Open C:\ldapgateway\dist\idfserver\beans.xml in the text editor of you choice and scroll to the below section. We will be changing the value for theFront-End LDAP administrative account listed in bold:


      Code Block
      language
    java
    1. xml
      themeDJango
    SET CLASSPATH=C:\ldapgateway\dist\idfserver.jar
    Scroll to the end of the propertyEncrypt.bat file until you see the following lines:
    1. <bean name="as400" singleton="true" class="com.identityforge.idfserver.backend.as400.As400Module">


      Code Block
      language
    java

    Paste the value into the following parameters:

    Code Block
    languagejava
    themeDJango
    _adminPwdEncrypt_
_agentAdminPwdEncrypt_

    To unpack the IdentityForge environment

    1. Navigate to C:\ldapgateway\dist and rename idfserver.jar to idfserver.zip.
    2. Extract the contents of idfserver.zip to C:\ldapgateway\dist\idfserver.

    To configure the Front-End LDAP Administrative Account

    The next step is to set the Front-End LDAP administrative account and password. This is the account used by EmpowerID to bind to the IdentityForge LDAP server.

    1. Open C:\ldapgateway\dist\idfserver\beans.xml in the text editor of you choice and scroll to the below section. We will be changing the value for theFront-End LDAP administrative account listed in bold
      xml
      themeDJango
    rem Start Property Encrypt Utility %JAVACMD%  %JVM_OPTS%  -cp %CLASSPATH%  com.identityforge.idfserver.util.AESCipherUtil idfRacfPwd
  • Change the bolded text to the password of the AS/400 administrative account, then save the propertyEncrypt.bat file.

    • Double-click propertyEncrypt.bat. You should see something similar to the following output:

    Code Block
    languagejava
    themeDJango
    New encrypted string as HEX: 10902AA71C4DF819C965E8B5B7DF0208
  • Copy this value (in our example, 10902AA71C4DF819C965E8B5B7DF0208) to the clipboard.
  • Navigate to C:\ldapgateway\conf and open as400.properties in the text editor of your choice.
    1. <property name="suffix" value="dc=as400,dc=com"/>    
<property name="workingDirectory" value="../as400"/>    
<property name="adminUserDN" value="cn=idfAs400Admin, dc=as400,dc=com"/>     
<property name="adminUserPassword" value="idfAs400Pwd"/>    
<property name="altAdminUserDN" value="cn=oimAs400Admin, dc=as400,dc=com"/>    
<property name="altAdminUserPassword" value="oimAs400Pwd"/>    
<property name="allowAnonymous" value="false"/>    
<property name="entryCacheSize" value="1000"/>    
<property name="defaultUacc" value="read"/>    
<property name="searchUsersType" value="user"/>



      IdentityForge provides the ability to have two Front-End LDAP administrative accounts, but for our purposes we only need one.


    2. Change the adminUserDN and altAdminUserDN property values to the DN of the Front-End account you wish to use to bind to LDAP. For example:


      Code Block
      languagexml
      themeDJango
      <bean name="as400" singleton="true" class="com.identityforge.idfserver.backend.as400.As400Module">


      Code Block
      languagexml
      themeDJango
      <property name="suffix" value="dc=as400,dc=com"/>    
<property name="workingDirectory" value="../as400"/>    
<property name="adminUserDN" value="cn=idfAs400AdminEIDIDF, dc=as400,dc=com"/>    

<property name="adminUserPassword" value="idfAs400Pwd"/>   

<property name="altAdminUserDN" value="cn=oimAs400AdminEIDIDF, dc=as400,dc=com"/>   

<property name="altAdminUserPassword" value="oimAs400Pwd"/>    
<property name="allowAnonymous" value="false"/>    
<property name="entryCacheSize" value="1000"/>    
<property name="defaultUacc" value="read"/>    
<property name="searchUsersType" value="user"/>
      IdentityForge provides the ability to have two Front-End LDAP administrative accounts, but for our purposes we only need one.
      Change the adminUserDN and altAdminUserDN property values to the DN of the Front-End account you wish to use to bind to LDAP. For example


    3. Open C:\ldapgateway\dist\propertyEncrypt.bat in the text editor of yur choice.

    4. Scroll to the end of the propertyEncrypt.bat file until you see the following lines:


      Code Block
      languagexmlbash
      themeDJango
      <bean name="as400" singleton="true" class="rem Start Property Encrypt Utility
%JAVACMD%  %JVM_OPTS%  -cp %CLASSPATH%  com.identityforge.idfserver.backend.as400.As400Module">.util.AESCipherUtil idfRacfPwd


    5. Change the bolded text to the password of the Front-End LDAP administrative account and then save the propertyEncrypt.bat file.

    6. Double-click propertyEncrypt.bat. You should see something similar to the following output:


      Code Block
      languagexmlbash
      themeDJango
      <property name="suffix" value="dc=as400,dc=com"/>    
<property name="workingDirectory" value="..New encrypted string as HEX: 10902AA71C4DF819C965E8B5B7DF0208


    7. Copy the value (in our example, 10902AA71C4DF819C965E8B5B7DF0208) to the clipboard.

    8. Change the adminUserPassword and altAdminUserPassword property values to the encrypted password string in the clipboard. For example:


      Code Block
      languagexml
      themeDJango
      <bean name="as400" singleton="true" class="com.identityforge.idfserver.backend.as400.As400Module">


      Code Block
      languagexml
      themeDJango
      <property name="suffix" value="dc=as400,dc=com"/>    
<property name="workingDirectory" value="../as400"/>    
<property name="adminUserDN" value="cn=EIDIDF, dc=as400,dc=com"/>   

<property name="adminUserPassword" value="idfAs400Pwd"10902AA71C4DF819C965E8B5B7DF0208”/>    
<property name="altAdminUserDN" value="cn=EIDIDF, dc=as400,dc=com"/>    
<property name="altAdminUserPassword" value="oimAs400Pwd10902AA71C4DF819C965E8B5B7DF0208"/>    
<property name="allowAnonymous" value="false"/>    
<property name="entryCacheSize" value="1000"/>    
<property name="defaultUacc" value="read"/>    
<property name="searchUsersType" value="user"/>
      Open C:\ldapgateway\dist\propertyEncrypt.bat in the text editor of yur


    To configure the Back-End LDAP Administrative Account

    The next step is to set the Back-End LDAP administrative password. This is the account used by EmpowerID to bind to the IdentityForge LDAP server and sync inventory to the Back-End.

    1. Open C:\ldapgateway\dist\idfserver\beans.xml in the text editor of your choice.

    2. Scroll to the end of the propertyEncrypt.bat file until you see the following linessection shown below. We will be changing the Back-End LDAP administrative account password listed in bold:


    Code Block
    languagexml
    themeDJango
    <bean name="hpbe2" singleton="true" class="com.identityforge.idfserver.backend.hpbe.HPBEModule">
<property name="suffix" value="dc=system,dc=backend"/>
<property name="workingDirectory" value="../system"/>
<property name="schema" ref="schemas"/>
<property name="adminUserDN" value="cn=Directory Manager, dc=system,dc=backend"/>
<property name="adminUserPassword" value="10902AA71C4DF819C965E8B5B7DF0208"/>
<property name="altAdminUserDN" value="cn=Directory Manager, dc=system,dc=backend"/>
<property name="altAdminUserPassword" value=”10902AA71C4DF819C965E8B5B7DF0208"/>
<property name="entryCacheSize" value="1000"/>

    To configure SSL for the IdentityForge LDAP server

    1. To configure secure communications between EmpowerID and the IdentityForge LDAP server we will need a PFX copy of the certificate being used by EmpowerID and an installed copy of OpenSSL to convert the PFX to a format usable by Java keystores.
    2. Install the Microsoft Visual C++ 2008 Redistributable Package (x86) by running vcredist_x86.exe.
    3. Next, install Win32 OpenSSL v1.0.1e Light by running Win32OpenSSL_Light-1_0_1e.exe. In our example, we are choosing an installation path of C:\software\OpenSSL-Win32.
    4. Click Next. When prompted where to copy the OpenSSL DLLs, choose The OpenSSL binaries (/bin) directory.
    5. Click Next and finish the installation.
    6. Copy the PFX certificate (named EIDcert.pfx in our example) to the root of the partition (C:\ in our example).
    7. Open a Command Prompt window and navigate to C:\software\OpenSSL-Win32\bin.

      8. Execute the following command to convert the PFX file to a PEM file.

      Code Block
      languagebash
      themeDJango
      openssl pkcs12 -in C:\EIDcert.pfx -out C:\EIDcert.pem
      The OpenSSL toolkit will ask you to enter the import password; this is the pass phrase currently set on the PFX certificate. If you exported the certificate from the MMC snap-in, this will be the password you set on the certificate during the export.
    8. Enter the password for the certificate and press ENTER.
    9. Next OpenSSL will prompt for the PEM pass phrase. We are setting a new pass phrase here—make sure to remember this value! You can use the same password as the import password if you want. Enter the pass phrase and press ENTER, then enter the pass phrase again to confirm and press ENTER once more. We now have a PEM file available at C:\EIDcert.pem.
    10. Using a text editor of your choice, open the PEM file (C:\EIDcert.pem in our example). We need to extract the private key and place it in a separate file.

      11. Find the following lines below:

      Code Block
      languagexml
      themeDJango
      -----BEGIN ENCRYPTED PRIVATE KEY-----
            DATA HERE
-----END ENCRYPTED PRIVATE KEY-----
    11. Copy everything from the beginning of the-----BEGIN ENCRYPTED PRIVATE KEY----- line to the end of the-----END ENCRYPTED PRIVATE KEY----- line and paste them into a new text file namedC:\encrypted.pem. Make sure there are no extra line breaks or spaces at the beginning or end of the file.

      12. Next, we need to pull out the public key and put it into a separate file. Find the following lines below:

      Code Block
      languagexml
      themeDJango
      -----BEGIN CERTIFICATE-----
        DATA HERE
-----END CERTIFICATE-----
    12. Copy everything from the beginning of the -----BEGIN CERTIFICATE----- line to the end of the -----END CERTIFICATE----- line and paste them into a new text file named C:\cert.pem. Make sure there are no extra line breaks or spaces at the beginning or end of the file.
    13. Next, we need to decrypt the RSA private key.
    14. Open a Command Prompt window and navigate to C:\software\OpenSSL-Win32\bin.

      15. Execute the following command:

      Code Block
      languagebash
      themeDJango
      openssl rsa -in C:\encrypted.pem -out C:\key.pem
    15. When OpenSSL prompts you for the pass phrase, enter the PEM password you created earlier.
    16. Next, we need to convert the PEM files to DER files
      Code Block
      languagebash
      themeDJango
      rem Start Property Encrypt Utility
%JAVACMD%  %JVM_OPTS%  -cp %CLASSPATH%  com.identityforge.idfserver.util.AESCipherUtil idfRacfPwd
    17. Change the bolded text to the password of the Front-End LDAP administrative account and then save the propertyEncrypt.bat file.

      18. Double-click propertyEncrypt.bat. You should see something similar to the following output:

      Code Block
      languagebash
      themeDJango
      New encrypted string as HEX: 10902AA71C4DF819C965E8B5B7DF0208
    18. Copy the value (in our example, 10902AA71C4DF819C965E8B5B7DF0208) to the clipboard.

      19. Change the adminUserPassword and altAdminUserPassword property values to the encrypted password string in the clipboard. For example:

      Code Block
      languagexml
      themeDJango
      <bean name="as400" singleton="true" class="com.identityforge.idfserver.backend.as400.As400Module">
      Code Block
      languagexml
      themeDJango
      <property name="suffix" value="dc=as400,dc=com"/>    
<property name="workingDirectory" value="../as400"/>    
<property name="adminUserDN" value="cn=EIDIDF, dc=as400,dc=com"/>   
<property name="adminUserPassword" value="10902AA71C4DF819C965E8B5B7DF0208”/>    
<property name="altAdminUserDN" value="cn=EIDIDF, dc=as400,dc=com"/>    
<property name="altAdminUserPassword" value="10902AA71C4DF819C965E8B5B7DF0208"/>    
<property name="allowAnonymous" value="false"/>    
<property name="entryCacheSize" value="1000"/>    
<property name="defaultUacc" value="read"/>    
<property name="searchUsersType" value="user"/>

    To configure the Back-End LDAP Administrative Account

    The next step is to set the Back-End LDAP administrative password. This is the account used by EmpowerID to bind to the IdentityForge LDAP server and sync inventory to the Back-End.

  • Open C:\ldapgateway\dist\idfserver\beans.xml in the text editor of your choice.

    • Scroll to the section shown below. We will be changing the Back-End LDAP administrative account password listed in bold:

    Code Block
    languagexml
    themeDJango
    <bean name="hpbe2" singleton="true" class="com.identityforge.idfserver.backend.hpbe.HPBEModule">
<property name="suffix" value="dc=system,dc=backend"/>
<property name="workingDirectory" value="../system"/>
<property name="schema" ref="schemas"/>
<property name="adminUserDN" value="cn=Directory Manager, dc=system,dc=backend"/>
<property name="adminUserPassword" value="testpass"/>
<property name="altAdminUserDN" value="cn=Directory Manager, dc=system,dc=backend"/>
<property name="altAdminUserPassword" value="testpass"/>
<property name="entryCacheSize" value="1000"/>
  • Open C:\ldapgateway\dist\propertyEncrypt.bat in the text editor of your choice.

    • Scroll to the end of the propertyEncrypt.bat file until you see the following lines:

    Code Block
    languagebash
    themeDJango
    rem Start Property Encrypt Utility
%JAVACMD%  %JVM_OPTS%  -cp %CLASSPATH%  com.identityforge.idfserver.util.AESCipherUtil idfRacfPwd
  • Change the bolded text to the password of the Back-End LDAP administrative account and then save the propertyEncrypt.bat file.

    • Double-click propertyEncrypt.bat. You should see something similar to the following output:

    Code Block
    languagebash
    themeDJango
    New encrypted string as HEX: 10902AA71C4DF819C965E8B5B7DF0208
  • Copy the value (in our example, 10902AA71C4DF819C965E8B5B7DF0208) to the clipboard.

    • Change the adminUserPassword and altAdminUserPassword property values to the encrypted password string in the clipboard. For example:

    1. xml
      themeDJango
      <bean name="hpbe2" singleton="true" class="com.identityforge.idfserver.backend.hpbe.HPBEModule">
<property name="suffix" value="dc=system,dc=backend"/>
<property name="workingDirectory" value="../system"/>
<property name="schema" ref="schemas"/>
<property name="adminUserDN" value="cn=Directory Manager, dc=system,dc=backend"/>
<property name="adminUserPassword" value="testpass"/>
<property name="altAdminUserDN" value="cn=Directory Manager, dc=system,dc=backend"/>
<property name="altAdminUserPassword" value="testpass"/>
<property name="entryCacheSize" value="1000"/>


    2. Open C:\ldapgateway\dist\propertyEncrypt.bat in the text editor of your choice.

    3. Scroll to the end of the propertyEncrypt.bat file until you see the following lines:


      Code Block
      languagebash
      themeDJango
      rem Start Property Encrypt Utility
%JAVACMD%  %JVM_OPTS%  -cp %CLASSPATH%  com.identityforge.idfserver.util.AESCipherUtil idfRacfPwd


    4. Change the bolded text to the password of the Back-End LDAP administrative account and then save the propertyEncrypt.bat file.

    5. Double-click propertyEncrypt.bat. You should see something similar to the following output:


      Code Block
      languagebash
      themeDJango
      New encrypted string as HEX: 10902AA71C4DF819C965E8B5B7DF0208


    6. Copy the value (in our example, 10902AA71C4DF819C965E8B5B7DF0208) to the clipboard.

    7. Change the adminUserPassword and altAdminUserPassword property values to the encrypted password string in the clipboard. For example:


      Code Block
      languagexml
      themeDJango
      <bean name="hpbe2" singleton="true" class="com.identityforge.idfserver.backend.hpbe.HPBEModule">
<property name="suffix" value="dc=system,dc=backend"/>
<property name="workingDirectory" value="../system"/>
<property name="schema" ref="schemas"/>
<property name="adminUserDN" value="cn=Directory Manager, dc=system,dc=backend"/>
<property name="adminUserPassword" value="10902AA71C4DF819C965E8B5B7DF0208"/>
<property name="altAdminUserDN" value="cn=Directory Manager, dc=system,dc=backend"/>
<property name="altAdminUserPassword" value=”10902AA71C4DF819C965E8B5B7DF0208"/>
<property name="entryCacheSize" value="1000"/>


    To configure SSL for the IdentityForge LDAP server

    1. To configure secure communications between EmpowerID and the IdentityForge LDAP server we will need a PFX copy of the certificate being used by EmpowerID and an installed copy of OpenSSL to convert the PFX to a format usable by Java keystores.
    2. Install the Microsoft Visual C++ 2008 Redistributable Package (x86) by running vcredist_x86.exe.
    3. Next, install Win32 OpenSSL v1.0.1e Light by running Win32OpenSSL_Light-1_0_1e.exe. In our example, we are choosing an installation path of C:\software\OpenSSL-Win32.
    4. Click Next. When prompted where to copy the OpenSSL DLLs, choose The OpenSSL binaries (/bin) directory.
    5. Click Next and finish the installation.
    6. Copy the PFX certificate (named EIDcert.pfx in our example) to the root of the partition (C:\ in our example).
    7. Open a Command Prompt window and navigate to C:\software\OpenSSL-Win32\bin.

    8. Execute the following two commands:command to convert the PFX file to a PEM file.


      Code Block
      languagebash
      themeDJango
      openssl pkcs8 -topk8 -nocryptopenssl pkcs12 -in C:\keyEIDcert.pempfx -inform PEM -out C:\key.der -outform DER
openssl x509 -in C:\cert.pem -inform PEM -out C:\cert.der -outform DER
      Once these commands are completed, you will have two DER files. At this time it is recommended to delete the PFX and PEM files.
    9. Next, copy ImportKey.class to the Java JDK bin folder (C:\software\jdk1.7.0_25\bin in our example).

      10. Open a Command Prompt, navigate to C:\software\jdk1.7.0_25\bin and execute the following command to merge the two DER certificate files into a single Java keystore.

      Code Block
      languagebash
      themeDJango
      java ImportKey C:\key.der C:\cert.der
      Note the following line: Using keystore-file : C:\Users\USERNAME\keystore.ImportKey.
    10. Navigate to the above directory, rename the keystore.ImportKey file to as400.jks and then copy it to the IdentityForge \conf directory (C:\ldapgateway\conf in our example).
    11. Finally, we need to configure IdentityForge to point to this Java keystore. Open C:\ldapgateway\dist\idfserver\beans.xml in the text editor of your choice and scroll to the following section. We will be changing the Java keystore filename listed in bold
      EIDcert.pem


      The OpenSSL toolkit will ask you to enter the import password; this is the pass phrase currently set on the PFX certificate. If you exported the certificate from the MMC snap-in, this will be the password you set on the certificate during the export.

    12. Enter the password for the certificate and press ENTER.
    13. Next OpenSSL will prompt for the PEM pass phrase. We are setting a new pass phrase here—make sure to remember this value! You can use the same password as the import password if you want. Enter the pass phrase and press ENTER, then enter the pass phrase again to confirm and press ENTER once more. We now have a PEM file available at C:\EIDcert.pem.
    14. Using a text editor of your choice, open the PEM file (C:\EIDcert.pem in our example). We need to extract the private key and place it in a separate file.

    15. Find the following lines below:


      Code Block
      languagexml
      themeDJango
      -----BEGIN ENCRYPTED PRIVATE KEY-----
            DATA HERE
-----END ENCRYPTED PRIVATE KEY-----


    16. Copy everything from the beginning of the-----BEGIN ENCRYPTED PRIVATE KEY----- line to the end of the-----END ENCRYPTED PRIVATE KEY----- line and paste them into a new text file namedC:\encrypted.pem. Make sure there are no extra line breaks or spaces at the beginning or end of the file.

    17. Next, we need to pull out the public key and put it into a separate file. Find the following lines below:


      Code Block
      languagexml
      themeDJango
      <bean id="sslChannelFactory" class="com.identityforge.idfserver.nio.ssl.SSLChannelFactory">
<constructor-arg><value>false</value></constructor-arg>
<constructor-arg><value>../conf/testnew.jks</value></constructor-arg>
<constructor-arg><value>abc123</value></constructor-arg>
<constructor-arg><value>false</value></constructor-arg>
</bean>
      Change the second constructor-arg value to the name of the Java keystore we created earlier. For example
      -----BEGIN CERTIFICATE-----
        DATA HERE
-----END CERTIFICATE-----


    18. Copy everything from the beginning of the -----BEGIN CERTIFICATE----- line to the end of the -----END CERTIFICATE----- line and paste them into a new text file named C:\cert.pem. Make sure there are no extra line breaks or spaces at the beginning or end of the file.
    19. Next, we need to decrypt the RSA private key.
    20. Open a Command Prompt window and navigate to C:\software\OpenSSL-Win32\bin.

    21. Execute the following command:


      Code Block
      languagexmlbash
      themeDJango
      <bean id="sslChannelFactory" class="com.identityforge.idfserver.nio.ssl.SSLChannelFactory">
<constructor-arg><value>false</value></constructor-arg>
<constructor-arg><value>../conf/as400.jks</value></constructor-arg>
<constructor-arg><value>abc123</value></constructor-arg>
<constructor-arg><value>false</value></constructor-arg>
</bean>
      The final step is to set the Java keystore password. We will be changing the Java keystore password listed inbold
      openssl rsa -in C:\encrypted.pem -out C:\key.pem


    22. When OpenSSL prompts you for the pass phrase, enter the PEM password you created earlier.
    23. Next, we need to convert the PEM files to DER files.
    24. Open a Command Prompt window and navigate to C:\software\OpenSSL-Win32\bin.

    25. Execute the following two commands:


      Scroll to the end of the propertyEncrypt.bat file until you see the following lines of code:
      Code Block
      languagexmlbash
      themeDJango
      <bean id="sslChannelFactory" class="com.identityforge.idfserver.nio.ssl.SSLChannelFactory">
<constructor-arg><value>false</value></constructor-arg>
<constructor-arg><value>../conf/as400.jks</value></constructor-arg>
<constructor-arg><value>abc123</value></constructor-arg>
<constructor-arg><value>false</value></constructor-arg>
</bean>
    26. Open C:\ldapgateway\dist\propertyEncrypt.bat in the text editor of your choice.
    27. openssl pkcs8 -topk8 -nocrypt -in C:\key.pem -inform PEM -out C:\key.der -outform DER
openssl x509 -in C:\cert.pem -inform PEM -out C:\cert.der -outform DER


      Once these commands are completed, you will have two DER files. At this time it is recommended to delete the PFX and PEM files.

    28. Next, copy ImportKey.class to the Java JDK bin folder (C:\software\jdk1.7.0_25\bin in our example).

    29. Open a Command Prompt, navigate to C:\software\jdk1.7.0_25\bin and execute the following command to merge the two DER certificate files into a single Java keystore.


      Code Block
      languagebash
      themeDJango
      remjava Start Property Encrypt Utility
%JAVACMD%  %JVM_OPTS%  -cp %CLASSPATH%  com.identityforge.idfserver.util.AESCipherUtil
idfRacfPwd
    30. Change the bolded text to the password of the Java keystore. The default password is “importkey� without the quotes – if you changed the keystore password earlier, please enter that value here instead. When finished, save the propertyEncrypt.bat file.
    31. Double-click propertyEncrypt.bat. You should see something similar to the following output
      ImportKey C:\key.der C:\cert.der



      Note the following line: Using keystore-file : C:\Users\USERNAME\keystore.ImportKey.

    32. Navigate to the above directory, rename the keystore.ImportKey file to as400.jks and then copy it to the IdentityForge \conf directory (C:\ldapgateway\conf in our example).

    33. Finally, we need to configure IdentityForge to point to this Java keystore. Open C:\ldapgateway\dist\idfserver\beans.xml in the text editor of your choice and scroll to the following section. We will be changing the Java keystore filename listed in bold:


      Code Block
      languagebashxml
      themeDJango
      New encrypted string as HEX: 10902AA71C4DF819C965E8B5B7DF0208
      Copy this value (in our example, 10902AA71C4DF819C965E8B5B7DF0208) to the clipboard. Change the Java keystore password listed in bold to the encrypted password string in the clipboard
      <bean id="sslChannelFactory" class="com.identityforge.idfserver.nio.ssl.SSLChannelFactory">
<constructor-arg><value>false</value></constructor-arg>
<constructor-arg><value>../conf/testnew.jks</value></constructor-arg>
<constructor-arg><value>abc123</value></constructor-arg>
<constructor-arg><value>false</value></constructor-arg>
</bean>


    34. Change the second constructor-arg value to the name of the Java keystore we created earlier. For example:


      Code Block
      languagexml
      themeDJango
      <bean id="sslChannelFactory" class="com.identityforge.idfserver.nio.ssl.SSLChannelFactory">
<constructor-arg><value>false</value></constructor-arg>
<constructor-arg><value>../conf/as400.jks</value></constructor-arg>
<constructor-arg><value>10902AA71C4DF819C965E8B5B7DF0208<arg><value>abc123</value></constructor-arg>
<constructor-arg><value>false</value></constructor-arg>
</bean>
      Finally, since we are using an encrypted password for the Java keystore, we need to change the last constructor-arg value to true. For example
      bean>


    35. The final step is to set the Java keystore password. We will be changing the Java keystore password listed inbold:


      Code Block
      languagexml
      themeDJango
      <bean id="sslChannelFactory" class="com.identityforge.idfserver.nio.ssl.SSLChannelFactory">
<constructor-arg><value>false</value></constructor-arg>
<constructor-arg><value>../conf/as400.jks</value></constructor-arg>
<constructor-arg><value>10902AA71C4DF819C965E8B5B7DF0208</value></constructor-arg>
<constructor-arg><value>true</value></constructor-arg>
</bean>

    To configure SSL for the AS/400

    To configure secure communications between the IdentityForge server and the AS/400 we will need to retrieve the SSL certificate from the OS/400 Certificate Manager.

  • From a web browser, navigate to the Digital Certificate Manager on http://OS400domain:2001, where OS400domain is the OS/400 target system. Use the same user account and password that you use to access the OS/400.
  • In the left panel, select Create Certificate Authority. If the Create Certificate Authority setting is not an option, select Install Local CA Certificate on Your PC.
  • Select Install Certificate and copy the certificate to a text file. In our example we are copying the cert to the root of the partition, to C:\cert.cer.
    • Open a Command Prompt and navigate to the Java JDK bin folder. In our example, this is C:\software\jdk1.7.0_25\bin. Execute the following commandTo verify the presence of the certificate in the certificate store, run the following command
    1. arg><value>abc123</value></constructor-arg>
<constructor-arg><value>false</value></constructor-arg>
</bean>


    2. Open C:\ldapgateway\dist\propertyEncrypt.bat in the text editor of your choice.

    3. Scroll to the end of the propertyEncrypt.bat file until you see the following lines of code:


      Code Block
      languagebash
      themeDJango
      rem Start Property Encrypt Utility
%JAVACMD%  %JVM_OPTS%  -cp %CLASSPATH%  com.identityforge.idfserver.util.AESCipherUtil
idfRacfPwd


    4. Change the bolded text to the password of the Java keystore. The default password is “importkey� without the quotes – if you changed the keystore password earlier, please enter that value here instead. When finished, save the propertyEncrypt.bat file.

    5. Double-click propertyEncrypt.bat. You should see something similar to the following output:


      Code Block
      languagebash
      themeDJango
    keytool -importcert -file C:\cert.cer -alias arbitraryaliashere -keystore C:\software\jdk1.7.0_25\jre\lib\security\cacerts
  • The alias is just a text string used to reference the certificate—you can enter any value. Enter the default JDK keystore password (changeit) to confirm the addition.
    1. New encrypted string as HEX: 10902AA71C4DF819C965E8B5B7DF0208


    2. Copy this value (in our example, 10902AA71C4DF819C965E8B5B7DF0208) to the clipboard. Change the Java keystore password listed in bold to the encrypted password string in the clipboard. For example:


      Code Block
      language
    bashthemeDJango
    keytool -list -keystore C:\software\jdk1.7.0_25\jre\lib\security\cacerts
    Enter the defaukt JDK keystore password (changeit) to view the contents of the Java keystore.
    InfoTo allow IdentityForge and AS/400 to communicate through a firewall, the following ports may need to be opened between the IdentityForge server and the AS/400:
  • Port 446 (TCP)  DDM
  • Port 448 (TCP)  Secure DDM
  • Port 449 (TCP)  Server mapper
  • Port 8470 (TCP)  Central server
  • Port 8475 (TCP) Remote command and program call server
  • Port 8476 (TCP) Signon server
  • Port 9470 (TCP) Secure central server
  • Port 9475 (TCP) Secure remote command/ Program call server
    • Port 9476 (TCP)  Secure signon server

    For more information, please see the following JTOpen and IBM iSeries documentation pages:

    To package the IdentityForge environment

    Navigate to C:\ldapgateway\dist\idfserver, press CTRL+A to select all of files and folders in this location, then right click and choose Send to > Compressed (zipped) folder. This will create a .zip file in the C:\ldapgateway\dist\idfserver directory. Rename the .zip file to idfserver.jar. Copy idfserver.jar to C:\ldapgateway\dist. Overwrite the existing file.

    To configure the IdentityForge windows service wrapper

  • Execute C:\ldapgateway\bin\run.bat to start the IdentityForge server.
  • To host the IdentityForge java executable as a windows service, navigate to C:\ldapgateway\win_service and open IDF-Win-Server.bat in the text editor of your choice.

    • Scroll to the section shown below. We will be changing the JAVA_HOME and JVM path variables listed in bold:

    Code Block
    languagebash
    themeDJango
    set JAVA_HOME=C:\Program Files\Java\jre7
set JVM=C:\Program Files\Java\jre7\bin\client\jvm.dll

    This path needs to point to the installation path of the Java JDK. In our example, this line would be changed to the following:

    Code Block
    languagejava
    themeDJango
    set JAVA_HOME=C:\software\jdk1.7.0_25 set JVM=
    1. xml
      themeDJango
      <bean id="sslChannelFactory" class="com.identityforge.idfserver.nio.ssl.SSLChannelFactory">
<constructor-arg><value>false</value></constructor-arg>
<constructor-arg><value>../conf/as400.jks</value></constructor-arg>
<constructor-arg><value>10902AA71C4DF819C965E8B5B7DF0208</value></constructor-arg>
<constructor-arg><value>false</value></constructor-arg>
</bean>


    2. Finally, since we are using an encrypted password for the Java keystore, we need to change the last constructor-arg value to true. For example:


      Code Block
      languagexml
      themeDJango
      <bean id="sslChannelFactory" class="com.identityforge.idfserver.nio.ssl.SSLChannelFactory">
<constructor-arg><value>false</value></constructor-arg>
<constructor-arg><value>../conf/as400.jks</value></constructor-arg>
<constructor-arg><value>10902AA71C4DF819C965E8B5B7DF0208</value></constructor-arg>
<constructor-arg><value>true</value></constructor-arg>
</bean>


    To configure SSL for the AS/400

    To configure secure communications between the IdentityForge server and the AS/400 we will need to retrieve the SSL certificate from the OS/400 Certificate Manager.

    1. From a web browser, navigate to the Digital Certificate Manager on http://OS400domain:2001, where OS400domain is the OS/400 target system. Use the same user account and password that you use to access the OS/400.
    2. In the left panel, select Create Certificate Authority. If the Create Certificate Authority setting is not an option, select Install Local CA Certificate on Your PC.
    3. Select Install Certificate and copy the certificate to a text file. In our example we are copying the cert to the root of the partition, to C:\cert.cer.

    4. Open a Command Prompt and navigate to the Java JDK bin folder. In our example, this is C:\software\jdk1.7.0_25\

      jre\bin\client\jvm.dll

      Scroll through the IDF-Win-Service.bat file until you see the HOME and APPLICATION_SERVICE_HOME variables listed in boldbin. Execute the following command:


      Code Block
      languagebash
      themeDJango
      set HOME=keytool -importcert -file C:\ldfService\ldapgateway
set APPLICATION_SERVICE_HOME=C:\ldfService\ldapgateway\win_service
      This path needs to point to the IdentityForge installation directory. In our example, this line would be changed to the following
      cert.cer -alias arbitraryaliashere -keystore C:\software\jdk1.7.0_25\jre\lib\security\cacerts


    5. The alias is just a text string used to reference the certificate—you can enter any value. Enter the default JDK keystore password (changeit) to confirm the addition.

    6. To verify the presence of the certificate in the certificate store, run the following command:


      Code Block
      languagebash
      themeDJango
      set HOME=keytool -list -keystore C:\ldapgateway
set APPLICATION_SERVICE_HOME=C:\ldapgateway\win_service

      Scroll through the IDF-Win-Service.bat file until you see the SERVICE_NAME value listed in bold:

      Code Block
      languagebash
      themeDJango
      set SERVICE_NAME=IdentityForgeService
      This variable can be changed to a name of your choosing. This will be the name of the Windows service as shown in Service Manager.

      Scroll through the IDF-Win-Service.bat file until you see the CG_STDOUTPUT variable listed below:

      Code Block
      languagebash
      themeDJango
      set CG_STDOUTPUT=%CG_LOGPATH%\IDFServiceOut.log

      In order to disable verbose logging, this line should be changed to the following:

      Code Block
      languagebash
      themeDJango
      REM -- set CG_STDOUTPUT=%CG_LOGPATH%\IDFServiceOut.log

      Scroll through the IDF-Win-Service.bat file until you see the CG_DESCRIPTION and CG_DISPLAY_NAME values listed in bold:

      Code Block
      languagebash
      themeDJango
      Set CG_DESCRIPTION=”Identity Forge Service for LDAP Gateway”
set CG_DISPLAY_NAME=IdentityForgeService

      These variables can be changed as you see fit. The text will become the description and the display name of the Windows service as shown in Service Manager, respectively.

      Open a Command Prompt window and 
      software\jdk1.7.0_25\jre\lib\security\cacerts


    7. Enter the defaukt JDK keystore password (changeit) to view the contents of the Java keystore.

      Info

      To allow IdentityForge and AS/400 to communicate through a firewall, the following ports may need to be opened between the IdentityForge server and the AS/400:

      • Port 446 (TCP)  DDM
      • Port 448 (TCP)  Secure DDM
      • Port 449 (TCP)  Server mapper
      • Port 8470 (TCP)  Central server
      • Port 8475 (TCP) Remote command and program call server
      • Port 8476 (TCP) Signon server
      • Port 9470 (TCP) Secure central server
      • Port 9475 (TCP) Secure remote command/ Program call server
      • Port 9476 (TCP)  Secure signon server

      For more information, please see the following JTOpen and IBM iSeries documentation pages:


    To package the IdentityForge environment

    1. Navigate to C:\ldapgateway\dist\idfserver, press CTRL+A to select all of files and folders in this location, then right click and choose Send to > Compressed (zipped) folder. This will create a .zip file in the C:\ldapgateway\dist\idfserver directory. 
    2. Rename the .zip file to idfserver.jar. Copy idfserver.jar to C:\ldapgateway\dist. 
    3. Overwrite the existing file.

    To configure the IdentityForge windows service wrapper

    1. Execute C:\ldapgateway\bin\run.bat to start the IdentityForge server.
    2. To host the IdentityForge java executable as a windows service, navigate to C:\ldapgateway\win_service and open IDF-Win-Server.Execute the following commandbat in the text editor of your choice.

    3. Scroll to the section shown below. We will be changing the JAVA_HOME and JVM path variables listed in bold:


      Code Block
      languagebash
      themeDJango
      IDF-Win-Service.bat install
      If you wish to remove the service at a later date, execute the following command
      DJango
      set JAVA_HOME=C:\Program Files\Java\jre7
set JVM=C:\Program Files\Java\jre7\bin\client\jvm.dll


      This path needs to point to the installation path of the Java JDK. In our example, this line would be changed to the following:


      Code Block
      languagebashjava
      themeDJango
      IDF-Win-Service.bat remove

    Troubleshooting and monitoring the IdentityForge server

    To check and monitor the IdentityForge log files, look for the log files located in C:\ldapgateway\logs.

    To enable Java debugging do the following:

    Open C:\ldapgateway\bin\run.bat in the text editor of your choice and scroll down to the following linesAdd -javax.net.debug=all directly after the %CLASSPATH% variable. Once completed, it should look like the following
    1. DJango
      set JAVA_HOME=C:\software\jdk1.7.0_25
set JVM=C:\software\jdk1.7.0_25\jre\bin\client\jvm.dll


    2. Scroll through the IDF-Win-Service.bat file until you see the HOME and APPLICATION_SERVICE_HOME variables listed in bold:


      Code Block
      languagebash
      themeDJango
    rem Start Ldap Gateway Server
%JAVACMD% %DEBUG% %JVM_OPTS% %SECURE% -cp %CLASSPATH% com.identityforge.idfserver.Main %1 %2 %3 %4 %5 %6 %7 %8 %9
  • Execute C:\ldapgateway\bin\run.bat to start the IdentityForge server with Java debugging enabled.

    • To increase the memory available to the Java JVM, do the following:

    Open C:\ldapgateway\bin\run.bat in the text editor of your choice and scroll down to the following lines
    1. set HOME=C:\ldfService\ldapgateway
set APPLICATION_SERVICE_HOME=C:\ldfService\ldapgateway\win_service


      This path needs to point to the IdentityForge installation directory. In our example, this line would be changed to the following:


      Code Block
      languagebash
      themeDJango
      set HOME=C:\ldapgateway
set APPLICATION_SERVICE_HOME=C:\ldapgateway\win_service


    2. Scroll through the IDF-Win-Service.bat file until you see the SERVICE_NAME value listed in bold:


      Code Block
      languagebash
      themeDJango
    rem Start Ldap Gateway Server
%JAVACMD% %DEBUG% %JVM_OPTS% %SECURE% -cp %CLASSPATH% -Djavax.net.debug=all com.identityforge.idfserver.Main %1 %2 %3 %4 %5 %6 %7 %8 %9
    Add -Xms512>m -Xmx1024m directly after the %CLASSPATH% variable. Once completed, it should look like 
    1. set SERVICE_NAME=IdentityForgeService


      This variable can be changed to a name of your choosing. This will be the name of the Windows service as shown in Service Manager.


    2. Scroll through the IDF-Win-Service.bat file until you see the CG_STDOUTPUT variable listed below:


      Code Block
      languagebash
      themeDJango
    rem Start Ldap Gateway Server
%JAVACMD% %DEBUG% %JVM_OPTS% %SECURE% -cp %CLASSPATH% com.identityforge.idfserver.Main %1 %2 %3 %4 %5 %6 %7 %8 %9
    1. set CG_STDOUTPUT=%CG_LOGPATH%\IDFServiceOut.log


      In order to disable verbose logging, this line should be changed to the following:


      Code Block
      languagebash
      themeDJango
    rem
    1. REM
    Start
    1. --
    Ldap Gateway Server %JAVACMD% %DEBUG% %JVM_OPTS% %SECURE% -cp %CLASSPATH% -Xms512m -Xmx1024m com.identityforge.idfserver.Main %1 %2 %3 %4 %5 %6 %7 %8 %9Execute C:\ldapgateway\bin\run.bat to start the IdentityForge server with the specified minimum and maximum memory available to the Java JVM.
    1. set CG_STDOUTPUT=%CG_LOGPATH%\IDFServiceOut.log


    2. Scroll through the IDF-Win-Service.bat file until you see the CG_DESCRIPTION and CG_DISPLAY_NAME values listed in bold:


      Code Block
      languagebash
      themeDJango
      Set CG_DESCRIPTION=”Identity Forge Service for LDAP Gateway”
set CG_DISPLAY_NAME=IdentityForgeService


      These variables can be changed as you see fit. The text will become the description and the display name of the Windows service as shown in Service Manager, respectively.

    3. Open a Command Prompt window and navigate to C:\ldapgateway\win_service.

    4. Execute the following command:


      Code Block
      languagebash
      themeDJango
      IDF-Win-Service.bat install


    5. If you wish to remove the service at a later date, execute the following command:


      Code Block
      languagebash
      themeDJango
      IDF-Win-Service.bat remove





    Div
    stylefloat: left; position: fixed; top: 70px; padding: 5px;
    idtoc
    classtopicTOC


    Div
    stylemargin-left: 40px; margin-bottom: 40px;

    Live Search
    spaceKeyE2D
    placeholderSearch the documentation
    typepage


    Div
    stylefont-size: 1rem; margin-bottom: -15px; margin-left: 40px;text-transform: uppercase;

    In this article



    Table of Contents
    stylenone