General Configuration
Overview
Apart for the older enabling of Windows Authentication (which we want to move away from), all settings for PRIS are put into appSettings.config.
This can be found under the config subfolder of the PRIS installation, for example:
C:\inetpub\wwwroot\PRIS\config
appSettings.config is NEVER overwritten on upgrade (web.config is), so we do not need to back it up.
If there are new settings added to appSettings.config, then an upgrade will NOT add these, but any new setting will always have a default it will take on if the element is not present in appSettings.
Only if we need to adjust away from the default, will we need to (manually) add the newer setting.
appSettings.config vs web.config
appSettings.config is NEVER overwritten on upgrade (web.config is), so do not need to back it up.
web.config IS overwritten, but now all settings (apart if using windows auth) are ont in here.
If using windows authentication, we will need to re enter them into web,.config. NEVER backup web.config and then overwrite the newly installed file with an older one, as there may be many other new items in there that PRIS needs to run.
In general, we want all settings in appSettings.config.
Editing appSettings / PRIS restart
After editing appSettings.config, we need to get IIS to restart the PRIS process.
The best way to do this is to perform a "null edit" (i.e. add a space and then remove it) on web.config, and then save. IIS will always restart if web,config is edited (but unfortunately not when we edit appSettings)
You could also do an iisreset, but this is a lot heavier, and could interrupt other applications running under IIS. Editing web.config is a lot better, as we install PRIS to run under its own IIS process (i.e. its own application pool), so we can individually just restart this.
Configuration items summary
| Setting | Default Value | Description | Across domains | Matching Configuration location for target service |
|---|---|---|---|---|
| BmsIpAddress | localhost | ip for BMS connection | yes | N/A |
| BmsWebServicesPort | 825 | tcp port to BMS | yes | ServerCommunicationsConfigurationRemoting_BusinessModelServer.xml |
| DomeIpAddress | localhost | ip for Dome Connector connection | yes | N/A |
| DomeWebServicesPort | 826 |
tcp port to Dome Connector Note this needs to be manually set - is not currently set be default |
yes |
Manage connectors | Production |
| ShiftPlannerPort | 890 | (not used - was for SP 2 - probably soon to be removed) | N/A | N/A |
| ShiftPlannerIpAddress | localhost | (not used - was for SP 2 - probably soon to be removed) | N/A | N/A |
| IISDomeIpAddress | localhost | ip for Dome Web client | yes | N/A |
| IISDomePath | dome | Virtual directory to Dome (ie what is put into browser URL) | yes | N/A |
| IISDomeUseHttps | false |
Set to true to use https (TLS) when connecting to Dome web See Security Configuration & Troubleshooting for more info |
yes | Dome web.config |
| IISDomeSecurityServiceMessageEncryption | true |
Windows domain based encryption if not using https (https the better solution) See Security Configuration & Troubleshooting for more info |
No | |
| IISDomeClientCertificateSubjectName | "" | Only if using client side certificates / MFA | see doco | see doco |
| BmsWebServicesIntegratedAuthentication | true |
Enable windows authentication between PRIS and BMS See Security Configuration & Troubleshooting |
No | BmsWebServicesConfiguration.xml |
| DomeWebServicesIntegratedAuthentication | true |
Enable windows authentication between PRIS and Dome connector |
No | (Currently hard wired on) |
| MaxAllowedBatchEvents | 2000 | Max events allowed in batched events | N/A | N/A |
| EnableHttpDebugTracing | false | Used for extra debugging | N/A | N/A |
| SecurityType | none |
Set PRIS security type See Security Configuration & Troubleshooting |
none: yes token: yes windows: no |
N/A |
| AudienceId | PRIS | OAuth2 setting if using token authentication. Usually leave as default | yes | N/A |
| AudienceSecret | "" |
See instructions in the config. Must be set if using token authentication. Must be unique per site and be kept "secret" See Security Configuration & Troubleshooting |
yes | N/A |
| AccessTokenExpiryMins | 1440 |
Security token expiry (see OAuth2 doco) for more info Normally leave as default |
yes | N/A |
| RefreshTokenExpiryDays | 256 |
Refresh token expiry (see OAuth2 doco) Normally leave as default |
yes | N/A |
| AllowedSwaggerTryItOutVerbs | GET | Space delimited http verbs to allow in the Swagger "Try it out! | yes | N/A |
| Serilog:using:File1 | Serilog.Sinks.File | Sets Serilog to log to a file | N/A | N/A |
| Serilog:write-to:File.rollingInterval1 | Day | Sets the rolling interval for Serilog file logging to a day (new log file everyday) | N/A | N/A |
| Serilog:write-to:File.path1 | -> | %PROGRAMDATA%\Micromine\PRIS\Logs\PRISLogs.log The location of where Serilog log file is stored | N/A | N/A |
| Serilog:write-to:File.outputTemplate1 | -> | {Timestamp:yyyy-MM-dd HH:mm:ss.fff zzz} [{Level:u3}] Message:{Message:lj}{NewLine} The template format of the Serilog log | N/A | N/A |
| Serilog:minimum-level1 | Information | What logs to include. Verbose, Debug, Information, Warning, Error and Fatal are viable. Debug and below includes request and response post body content | N/A | N/A |
1 If PRIS detects any key with "serilog" then it will use appSettings to setup it's Serilog configuration (no default values will be used at all). PRIS will only use default Serilog settings if there are no "serilog" keys detected in appSettings. Make sure to include all appropriate Serilog settings in appSettings if using appSettings to setup Serilog configuration.
Authentication/Security Settings
The following tables describe the new authentication/security settings in appSettings.xml:
| BmsWebServicesIntegratedAuthentication | |
|---|---|
| Description: | Turn on/off integrated authentication to BMS (only when hosting machines on the same domain). |
| Possible Values: | true | false |
| Default Value: | true |
| Example: |
<add key="BmsWebServicesIntegratedAuthentication" value="true" /> |
| DomeWebServicesIntegratedAuthentication | |
|---|---|
| Description: | Turn on/off integrated authentication to Dome Connector (only when hosting machines on the same domain). |
| Possible Values: | true | false |
| Default Value: | true |
| Example: |
<add key="DomeWebServicesIntegratedAuthentication" value="true" /> |
| IISDomeUseHttps | |
|---|---|
| Description: | http scheme to use when communicating with Dome Web Client. |
| Possible Values: | true | false |
| Default Value: | false |
| Example: |
<add key="IISDomeUseHttps" value="true" /> |
| IISDomeSecurityServiceMessageEncryption | |
|---|---|
| Description: | If we are using the http scheme, we can turn on message encryption for the token endpoint, so we still have secure username/password data. This will only work if PRIS and the Dome web client are on the Windows domain. Note that this is not used if we are using https (as this will then do the encryption). |
| Note that if IISDomeUseHttps is set, this setting is ignored (since we already have message encryption when we are using https). | |
| Possible Values: | true | false |
| Default Value: | true |
| Example: |
<add key="IISDomeSecurityServiceMessageEncryption" value="true" /> |