Automatically assign and remove keys in Key Store

[JustAnotherGuy]

Hello

I have installed Sparks Systems Key Store on a server i wanted to manage Enterprise Architect keys by adding and removing users from an Active Directory Group. i have managed to get a working connection between the application and the AD server and the group i choose to use is SSKS_USERGROUP. I added a user to that one group but he is not assigned a key automatically and i wonder if this is even possible to do this way or is the add connection only there to remotly manage the keys with the program?

Here is the config i currently have

Code: [Select]

# =============================================================================
# Sparx Systems Keystore Service (SSKS) configuration file.
#
# This file is used to configure settings on the Sparx Systems Keystore Service.
# Settings are read in on service startup, therefore any changes made to the
# file will not take effect until the service is restarted.
#
# For further details, please consult the SSKS user manual.
# =============================================================================

# ============================================
# SERVER OPTIONS
# ============================================
# SERVER_PORT - The port the Keystore service will listen for connections on
SERVER_PORT=7770

# KEYSTORE_PATH - The path to the keystore file
KEYSTORE_PATH=%SERVICE_PATH%\sskeys.dat

# MINIMUM_EA_BUILD - The minimum build of EA that will be serviced by the
# keystore. You can use this keystore server setting to deny older builds of
# EA shared keys from this keystore.
MINIMUM_EA_BUILD=851

# ============================================
# AUTHENTICATION
# ============================================
# The following values specify the method used to authenticate SSKS users connecting to the service.
# See subsections below for examples of how to configure these properties.
#AUTHMETHOD=AM_GLOBALPASSWORD
#AUTHMETHOD_OPTIONS=

#---------------------------------------------
# 1. Global Password Authentication
#---------------------------------------------
# Users authenticate with a single, global password. The password is specified in the
# AUTHMETHOD_OPTIONS property and may be left blank.
#
# Example:
# AUTHMETHOD=AM_GLOBALPASSWORD
# AUTHMETHOD_OPTIONS=

#---------------------------------------------
# 2. Active Directory Authentication
#---------------------------------------------
# Users authenticate according to Active Directory group membership. The permitted group is specified
# by common name in the AUTHMETHOD_OPTIONS property.
#
# Example:
AUTHMETHOD=AM_ACTIVEDIRECTORY
AUTHMETHOD_OPTIONS=SSKS_USERGROUP

#---------------------------------------------
# 3. Extended Active Directory Authentication
#---------------------------------------------
# Users authenticate according to Active Directory group membership. The file containing the
# configuration of permitted groups and their respective entitlements is specified in the
# AUTHMETHOD_OPTIONS property (See example.adconfig for configuration examples).
#
# Example:
# AUTHMETHOD=AM_ACTIVEDIRECTORYEX
# AUTHMETHOD_OPTIONS=%SERVICE_PATH%\example.adconfig

#---------------------------------------------
# 4. SSKS Group Authentication
#---------------------------------------------
# Users authenticate to the keystore with a group name and password. The file containing the
# configuration groups and their respective entitlements is specified in the AUTHMETHOD_OPTIONS
# property (see example.ssksgroupconfig for configuration examples).
#
# Example:
# AUTHMETHOD=AM_SSKSGROUP
# AUTHMETHOD_OPTIONS=%SERVICE_PATH%\example.ssksgroupconfig

# ============================================
# AUDITING
# ============================================
# AUDIT_TIME_PERIOD - The time period (in seconds) to wait between logging an
# audit report. Audit reports will be logged at the INFO level. To turn auditing
# off, set this value to 0 (zero).
AUDIT_TIME_PERIOD=3600
 
# ============================================
# LOGGING OPTIONS
# ============================================
# LOG_LEVEL - The level of messages that will be written to the log file. Higher
# log levels include messages from the lower levels that precede them. Valid
# log levels, from lowest to highest, are:
#
# 1. FATAL
# 2. WARNING
# 3. REPORT
# 4. INFO
# 5. SYSTEM
#
LOG_LEVEL=SYSTEM

# LOG_DIRECTORY - The path to where the log files will be written (Please note,
# this directory must already exist at runtime).
LOG_DIRECTORY=%SERVICE_PATH%\Logs

# LOG_FILECOUNT - The number of rolling log files that the service will keep.
# Log files are kept in First-In-First-Out order, with the oldest log file being
# deleted once the LOG_FILECOUNT threshold is reached.
LOG_FILECOUNT=10

# LOG_FILESIZE - The size (in bytes) a log file may reach before it the logging
# framework rolls the log files over.
LOG_FILESIZE=1048576
 



[Geert Bellekens]

You still have to tell the EA client application where to find the key store service.
You can do that

- manually in the GUI
- in the registry
- in a .ini file

Geert

[JustAnotherGuy]

Worked like a charm. thanks!

You still have to tell the EA client application where to find the key store service.
You can do that

- manually in the GUI
- in the registry
- in a .ini file

Geert