Introduction
AuditProxy and Data Connectors
LDAP Authentication
Web Server settings
Mailer settings
Access settings
Role settings
Hello. In this video, you will learn about AuditProxy — what it is, where it’s used, and how to configure it. To redirect requests from HTTP or HTTPS — from specific endpoints to appropriate ports that are used by different services — ACDI uses its ACDI Proxy service.
For example, if you use the endpoint “/opensearch,” it will redirect you to a port, defined as a local port for OpenSearch.
If you need Opensearch dashboards or the ACDI server, all these services and ports have a direction table from the endpoint to the internal port.
This means that only one local port should be opened for external connections. For HTTP, by default, it is 3191 and for HTTPS it's 3190. So let's go to the Core Engine configuration page.
Go to “Administration,” then to “Core Engine.” Here you see cards with stand for settings components.
This first one is a list of all LDAP connections that are used to collect data from data connectors and by history browser to display the current state of objects.
When you create a new data connector, the LDAP connection will be automatically added to this list of connections.
Here you can define a connection’s name, select connection type, eDirectory or Active Directory, and check if we will use this connection for the LDAP authentication.
You can also configure URL, timeout, define a user which is used to connect to the LDAP server, and TLS options.
The next Core Engine settings component is “LDAP authentication settings.” You can learn about how to configure the LDAP authentication in the respective video in SKyPRO Academy.
The next one is “Web Server settings.” Here you can set if you need to use both HTTPS and HTTP. Ports, internal host names, timeouts, and level of debug are to be defined on this page as well as if you need logs to be sent to the console or to be saved to a file. These settings are extremely helpful for troubleshooting events in ACDI.
Also here you can find the path to a keystore with a certificate used by AuditProxy for HTTPS connection, its password, and a folder where you will store your JavaScript functions which can be used for data transformation.
Additionally, there are “Self-test settings” on this page.
Results of “Self-test settings” can be found in dashboards — ACDI System Health Dashboard.
Here you are able to check the amount of used disk space, RAM, CPU, and all other parameters enabled and configured in the self-test settings.
The “OpenSearch Stats settings” are to be found on this page. They are configured and used to monitor the health status of your OpenSearch.
Results of the OpenSearch status health checks are in the OpenSearch Health Dashboard.
And the last setting here is Bypass bodyParser URLs.
The next settings component is “Mailer settings” where you can configure a mailer, which is used by the Reporting service to send scheduled reports and in-system notifications.
Here are also “Scheduled tasks,” and “Session settings” that include such settings as “Cookies name,” “Secret word” and “Session max age.” If you want to store some LDAP attributes of current users in the session, you can also add them here.
“Web Proxies list” is a list of endpoints and ports used to redirect requests.
You can add custom headers if you need and configure each proxy endpoint.
In case you need WS proxies, it’s possible to add them to the “WS Proxies list.”
The settings component “Local Access list” contains a list of local users who have access to ACDI.
Here you can add a new local account and define a list of allowed proxies, users’ roles, and allowed APIs.
In the “List of Rule presents” settings there is a list of rules that are used for advanced role configurations and only here can you configure a data transformation — in appropriate calls for appropriate users.
Additionally, you define endpoints here for the rules and a path when a rule will execute your JavaScript function and transform data.
“AuditProxy API list” — this and previous settings components are used for advanced role configuration.
The very last Core Engine settings component is the “Roles list.” Here you have a list of roles defined to authenticate to ACDI. For each role, you can add or modify a list of allowed rules and a list of allowed APIs.
Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch