Security Apps Installation¶

Component installation for Sequel Security components.

Documentation automatically generated from ApplicationMetadata.xml

Products¶

This installation is organized around different product:

Security web services. Install the services that are part of Sequel Security Services. Modules in this product are:

Global settings¶

Global settings allow to define values that are reused across the different modules of the installation.

Environment Settings¶

Server level settings. Below table summarizes the available parameters under this category.

Parameter	Description
`ServerName`	The name of the web server where the application will be installed. Default value: `{var:CurrentMachine}`.
`ServerNameExternal` Public Server Name	The public name of the web server where the application will be installed (subdomain.domain.tld). Default value: `{var:CurrentMachine}`.
`ServerUrl`	The URI of the web server where the application will be installed (subdomain.domain.tld). Default value: {var:CurrentMachine}.{var:USERDNSDOMAIN}.
`ServerUrlExternal` Public Server URL	The public URI of the web server where the application will be installed (subdomain.domain.tld). Default value: {var:CurrentMachine}.{var:USERDNSDOMAIN}.
`AuthenticationServer`	URI where the Sequel Authentication Server is (or will be) available (subdomain.domain.tld). Default value: {var:CurrentMachine}.{var:USERDNSDOMAIN}.
`AuthenticationServerExternal` Public Authentication Server	Public URI where the Sequel Authentication Server is (or will be) available (subdomain.domain.tld). Default value: {var:CurrentMachine}.{var:USERDNSDOMAIN}.
`SecurityApiServer`	URI where the Sequel Security API Server is (or will be) available (subdomain.domain.tld). Default value: {var:CurrentMachine}.{var:USERDNSDOMAIN}.
`SecurityApiServerExternal` Public Security API Server	Public URI where the Sequel Security API Server is (or will be) available (subdomain.domain.tld). Default value: {var:CurrentMachine}.{var:USERDNSDOMAIN}.
`AuthorizationServer`	URI where the Sequel Authorization Server is (or will be) available (subdomain.domain.tld). Default value: {var:CurrentMachine}.{var:USERDNSDOMAIN}.
`AuthorizationServerExternal` Public Authorization Server	Public URI where the Sequel Authorization Server is (or will be) available (subdomain.domain.tld). Default value: {var:CurrentMachine}.{var:USERDNSDOMAIN}.
`Domain` Internal Security Domain	Internal domain where Sequel Security will be installed. Default value: `{var:USERDNSDOMAIN}`.
`DomainExternal` External/Public Security Domain	Public domain where Sequel Suite application will be installed. This attribute (aka CookieDomain) specifies which hosts are allowed to receive the cookie. For allowing subdomains, this value must be prefixed with a dot. As a sample, uat.sequel.com will be used for the domain, while .uat.sequel.com will be used for subdomains too. In general, the dot prefixing the domain is preferred as we use subdomains. Default value: `{var:USERDNSDOMAIN}`.

Data Sources¶

Data sources for the applications. Below table summarizes the available parameters under this category.

Parameter	Description
`MultiTenancyDatabaseServer` MultiTenancy Server Instance	The instance of the SQL Server hosting the multitenancy database.
`MultiTenancyDatabaseName`	The name of the multitenancy database on the SQL Server.
`DatabaseServer` Security Database Server Instance	The instance of the SQL Server hosting the application's database.
`DatabaseName` Security Database Name	The name of the Security database on the SQL Server.
`DatabaseServerIsAGListener` AG enabled	Determines whether the database servers (MultiTenancy and Database) are AlwaysOn Availability Group listeners. Default value: `False`.

IIS Settings¶

Configuration for Internet Information Services. Below table summarizes the available parameters under this category.

Parameter	Description
`Site`	IIS Site Name. Default value: `Default Web Site`.
`Port`	IIS Host Port. Default value: `443`.
`Protocol`	IIS Binding Protocol (http/https). Default value: .
`CertificateThumbprint` HTTPS Certificate Thumbprint	Thumbprint of the PFX Certificate for IIS HTTPS binding.
`AppPoolUserDomain`	Domain for the app pool user.
`AppPoolUserName`	Name of the app pool user.
`AppPoolUserPassword`	Password of the app pool user. This setting handles a password. `Encrypted`
`AppPoolUserPasswordConfirmation`	Password confirmation of the app pool user. `Encrypted`

Logging settings¶

Logging settings for the applications. Below table summarizes the available parameters under this category.

Parameter	Description
`DatabaseServer` Logging Server Instance	The instance of the SQL Server hosting the logging database.
`DatabaseName` Logging Database Name	The name of the logging database on the SQL Server.
`DatabaseServerIsAGListener` AG enabled	Determines whether the database server is an AlwaysOn Availability Group listener. Default value: `False`.
`Level` Logging Level	Logging level {Debug, Information, Warning, Error}. Default value: `Debug`.
`Type` Logs Output	Select the output of logs: MsSql or Console. Default value: `MsSql`.

RabbitMQ Settings¶

Configuration for RabbitMQ message bus. Below table summarizes the available parameters under this category.

Parameter	Description
`ServerUrl` RabbitMQ Server URL	The URL of the RabbitMQ server (rabbitmq://subdomain.domain.tld/virtualhost).
`UserName` RabbitMQ User Name	RabbitMQ user name.
`Password` RabbitMQ Password	Password of the RabbitMQ server account. This setting handles a password. `Encrypted`
`PasswordConfirmation` RabbitMQ Password Confirmation	Password confirmation of the RabbitMQ server account. `Encrypted`

Modules¶

Security web services - Security API¶

Module Id: SecurityAPI

REST API for managing all the resources related to security (users, roles, etc.) and to query security data (list of users, list of roles, etc.). It is the unique component in the system with access to security databases.

Parameter	Description
`InitializeSSL`	Enables HTTPS. Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`TrustForwardedHeaders`	Trusts Forwarded Headers from Reverse Proxies/Load Balancers to properly detect HTTPS. Valid choices are: `True`, `False`. Default value: `False`. `Mandatory`
`IIS Web Application Name` IIS Web Application Name	Name of the web application hosted in IIS. Default value: {gs:IIS.Site}/SecurityAPI. `Mandatory`
`IIS Binding Protocol` IIS Binding Protocol (http/https)	Protocol of the web application hosted in IIS. Default value: `{gs:IIS.Protocol}`. `Mandatory`
`IIS Port` IIS Binding Port	Port of the web application hosted in IIS. Default value: `{gs:IIS.Port}`. `Mandatory`
`CertificateThumbprint`	Thumbprint of the PFX Certificate for IIS HTTPS binding. Default value: {gs:IIS.CertificateThumbprint}.
`ConnectionStrings.MultitenancyDatabase` Multitenancy Database Connection String	Connection string of the multitenancy database. Default value: Data Source={gs:DataSources.MultiTenancyDatabaseServer};Initial Catalog={gs:DataSources.MultiTenancyDatabaseName};Trusted_Connection=True;MultipleActiveResultSets=true;MultiSubnetFailover={gs:DataSources.DatabaseServerIsAGListener}. `Mandatory`
`LoggingSettings.MsSql.ConnectionString` Logging Database Connection String	Connection string of the logging database. Default value: Data Source={gs:Logging.DatabaseServer};Initial Catalog={gs:Logging.DatabaseName};Trusted_Connection=True;MultipleActiveResultSets=true;MultiSubnetFailover={gs:Logging.DatabaseServerIsAGListener}. `Mandatory`
`LoggingSettings.MsSql.MinimumLogLevel` Logging Level	Logging level {Debug, Info, Warning, Error} (MsSql). Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings.Console.MinimumLogLevel` Logging Level	Logging level {Debug, Info, Warning, Error} (Console). Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings.Console.UseJsonFormatter` Use JSON Format (Console)	Output logs in JSON (Console). Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`LoggingSettings.Type` Logs Output	Select the output of logs: MsSql or Console. Valid choices are: `MsSql`, `Console`. Default value: `{gs:Logging.Type}`. `Mandatory`
`SwaggerSettings.Enabled` Swagger Enabled	Enables Swagger UI documentation for Security API. Valid choices are: `True`, `False`. Default value: `False`. `Mandatory`
`ServiceDiscoverySettings.Mode` Service Discovery Mode	Service Discovery Mode: Consul or PointToPoint. This feature is an experimental feature. `PointToPoint` is the unique valid value for production environments. Valid choices are: `Consul`, `PointToPoint`. Default value: `PointToPoint`. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. Authentication. InternalUrl` Authentication URL	URL where the Sequel Authentication application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.AuthenticationServer}/Authentication. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. Authentication. ExternalUrl` Public Authentication URL	Public URL where the Sequel Authentication application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.AuthenticationServerExternal}/Authentication. `Mandatory`
`ServiceDiscoverySettings. PublishedServices. SecurityApi. InternalUrl` Security API URL	URL where the Sequel Security API is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.SecurityApiServer}/SecurityAPI. `Mandatory`
`ServiceDiscoverySettings. PublishedServices. SecurityApi. ExternalUrl` Public Security API URL	URL where the Sequel Security API application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.SecurityApiServerExternal}/SecurityAPI. `Mandatory`
`MessageBusSettings.RabbitMqSettings.ServerUri` RabbitMQ Server URL	The URL of the RabbitMQ server (rabbitmq://subdomain.domain.tld/virtualhost). Default value: {gs:RabbitMq.ServerUrl}. `Mandatory`
`MessageBusSettings.RabbitMqSettings.UserName` RabbitMQ User Name	RabbitMQ user name. Default value: {gs:RabbitMq.UserName}. `Mandatory`
`MessageBusSettings.RabbitMqSettings.Password` RabbitMQ User Password	Password of the RabbitMQ server account. Default value: {gs:RabbitMq.Password}. `Mandatory` `Encrypted` `Password`
`SendEmailSettings.Host` SMTP host name	Host name or IP address of the SMTP host.
`SendEmailSettings.Port` SMTP host port	Port number of the SMTP host. Default value: `25`. `Mandatory`
`SendEmailSettings.UserName` SMTP host username	User name of the SMTP host.
`SendEmailSettings.Password` SMTP host password	Password for the user of the SMTP host. `Encrypted` `Password`
`SendEmailSettings.SendForgotPasswordEmail` Enable send forgot password email	Enables the ability to send the forgot password email. Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`SendEmailSettings.ForgotPasswordFromEmail` Forgot password email address	Email address from which the forgot password email will be sent.
`SendEmailSettings.SecureSocketOptions` Secure SSL Option	Used to configure or disable ssl security, valid options - None, Auto, SslOnConnect, StartTls, StartTlsWhenAvailable. Valid choices are: `None`, `Auto`, `SslOnConnect`, `StartTls`, `StartTlsWhenAvailable`. Default value: `Auto`. `Mandatory`
`HealthCheckSettings.ApiKey` Health check settings apikey	Health check settings apikey.

Security web services - Authentication service¶

Module Id: AuthenticationWeb

Provides authentication using the OAuth2 and OpenID Connect protocols for interactive clients and machine to machine clients. Apart of the authentication protocol endpoints, this service offers the web forms for the users to enter their credentials. Depends on Security API.

Parameter	Description
`InitializeSSL`	Enables HTTPS. Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`TrustForwardedHeaders`	Trusts Forwarded Headers from Reverse Proxies/Load Balancers to properly detect HTTPS. Valid choices are: `True`, `False`. Default value: `False`. `Mandatory`
`IIS Web Application Name` IIS Web Application Name	Name of the web application hosted in IIS. Default value: {gs:IIS.Site}/Authentication. `Mandatory`
`IIS Binding Protocol` IIS Binding Protocol (http/https)	Protocol of the web application hosted in IIS. Default value: `{gs:IIS.Protocol}`. `Mandatory`
`IIS Port` IIS Binding Port	Port of the web application hosted in IIS. Default value: `{gs:IIS.Port}`. `Mandatory`
`CertificateThumbprint`	Thumbprint of the PFX Certificate for IIS HTTPS binding. Default value: {gs:IIS.CertificateThumbprint}.
`SingleSignOnSettings.CookieDomain` External/Public Security Domain	Public domain where Sequel Suite application will be installed. The CookieDomain attribute specifies which hosts are allowed to receive the cookie. For allowing subdomains, this value must be prefixed with a dot. As a sample, uat.sequel.com will be used for the domain, while .uat.sequel.com will be used for subdomains too. In general, the dot prefixing the domain is preferred as we use subdomains. Default value: {gs:Environment.DomainExternal}. `Mandatory`
`SingleSignOnSettings.SsoCookieProtection` Single Sign On cookie protection mode	Mode used to protect the Single Sign On cookie. For backward compatibility use AES. In environments where all applications with dependencies on Sequel.Security.Integration use v3.1 o higher select RS256. Valid choices are: `AES`, `RS256`. Default value: `RS256`. `Mandatory`
`DataProtectionSettings.Mode` Data protection mode	Mode used by Data Protection to store encryption keys. For stand-alone installations use InMemory. For on-premise installations with several Security instances working together use Database. For Amazon AWS environments use AWS or Database as value. Valid choices are: `InMemory`, `Database`, `AWS`. Default value: `InMemory`. `Mandatory`
`DataProtectionSettings.ExpirationInterval` Expiration interval	Expiration interval for encryption keys used by Database and AWS modes. Value must be greater than 7 days. Default value: `090.00:00:00`. `Mandatory`
`ServiceDiscoverySettings.Mode` Service Discovery Mode	Service Discovery Mode: Consul or PointToPoint. This feature is an experimental feature. `PointToPoint` is the unique valid value for production environments. Valid choices are: `Consul`, `PointToPoint`. Default value: `PointToPoint`. `Mandatory`
`ServiceDiscoverySettings. PublishedServices. Authentication. InternalUrl` Authentication URL	URL where the Sequel Authentication application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.AuthenticationServer}/Authentication. `Mandatory`
`ServiceDiscoverySettings. PublishedServices. Authentication. ExternalUrl` Public Authentication URL	Public URL where the Sequel Authentication application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.AuthenticationServerExternal}/Authentication. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. SecurityApi. InternalUrl` Security API URL	URL where the Sequel Security API is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.SecurityApiServer}/SecurityAPI. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. SecurityApi. ExternalUrl` Public Security API URL	URL where the Sequel Security API application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.SecurityApiServerExternal}/SecurityAPI. `Mandatory`
`LoggingSettings.MsSql.ConnectionString` Logging Database Connection String	Connection string of the logging database. Default value: Data Source={gs:Logging.DatabaseServer};Initial Catalog={gs:Logging.DatabaseName};Trusted_Connection=True;MultipleActiveResultSets=true;MultiSubnetFailover={gs:Logging.DatabaseServerIsAGListener}. `Mandatory`
`LoggingSettings.MsSql.MinimumLogLevel` Logging Level	Logging level {Debug, Info, Warning, Error} (MsSql). Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings.Console.MinimumLogLevel` Logging Level	Logging level {Debug, Info, Warning, Error} (Console). Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings.Console.UseJsonFormatter` Use JSON Format (Console)	Output logs in JSON (Console). Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`LoggingSettings.Type` Logs Output	Select the output of logs: MsSql or Console. Valid choices are: `MsSql`, `Console`. Default value: `{gs:Logging.Type}`. `Mandatory`
`SigningKeyCredentials.KeyFilePath` Signing certificate: file	Name of the file that contains the certificate that will be used to sign tokens. `Mandatory`
`SigningKeyCredentials.KeyFilePassword` Signing certificate: password	Password to access the private key of the certificate. `Mandatory` `Encrypted` `Password`
`SigningKeyCredentials. KeyFilePasswordConfirmation` Signing certificate: password confirmation	Password to access the private key of the certificate (confirmation). `Mandatory` `Encrypted` `Password`
`CaptchaSettings.Enabled` Captcha: enabled	Enables the captcha in Authentication when requesting a password reset. Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`CaptchaSettings.DataSiteKey` Captcha: data site key	Captcha data site key.
`CaptchaSettings.SecretKey` Captcha: secret key	Captcha secret key.
`LoginSettings.RememberLoginAllowed` 'Remember Me' enabled	Determines whether or not the 'Remember Me' option is available on the login page. Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`LoginSettings.RememberMeLoginDuration` 'Remember Me' duration	Amount of time the users credentials will be saved in the browser, even if the browser is closed the user will still be signed in. This value must be equal or less than 'User credentials expiration'. Default value: `12:00:00`. `Mandatory`
`LoginSettings. IdentityProvidersSettings. Windows. Enabled` Windows Authentication	Enables the possiblity to use Windows Authentication to login. Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`LoginSettings. IdentityProvidersSettings. Sequel. Enabled` Sequel identity enabled	Enables the possiblity to use our Sequel user account to login. Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`LoginSettings. IdentityProvidersSettings. Microsoft. Enabled` Microsoft Azure Active Directory enabled	Enables the possiblity to use a Microsoft Azure Active Directory to login (previously called Microsoft Account). Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`LoginSettings. IdentityProvidersSettings. Microsoft. TenantId` Microsoft Azure Active Directory Tenant Id	The ID of the Azure Active Directory in which the application was created.
`LoginSettings. IdentityProvidersSettings. Microsoft. ClientId` Microsoft Azure Active Directory Client Id	The ID of the application created in the Azure Active Directory (also known as Application ID).
`LoginSettings. IdentityProvidersSettings. Microsoft. ClientSecret` Microsoft Azure Active Directory Client Secret	Authentication key string of the application created in the Azure Active Directory. `Encrypted` `Password`
`LoginSettings. IdentityProvidersSettings. Microsoft. ClientSecretConfirmation` Microsoft Azure Active Directory Client Secret Confirmation	Authentication key string of the application created in the Azure Active Directory (confirmation). `Encrypted` `Password`
`LoginSettings. IdentityProvidersSettings. ClaimSearch. Enabled` ISO ClaimSearch Authentication enabled	Enables ISO ClaimSearch integrated authentication. Valid choices are: `True`, `False`. Default value: `False`. `Mandatory`
`LoginSettings. IdentityProvidersSettings. ClaimSearch. SessionValidationEndpoint` ISO ClaimSearch session validation endpoint	Endpoint used to validate ISO ClaimSearch's Session ID. `Mandatory`
`LoginSettings. IdentityProvidersSettings. ClaimSearch. LoginUrl` ISO ClaimSearch login URL	URL to login in ISO ClaimSearch. `Mandatory`
`LoginSettings. IdentityProvidersSettings. Okta. Enabled` Okta Authentication	Enables Okta authentication. Valid choices are: `True`, `False`. Default value: `False`. `Mandatory`
`LoginSettings. IdentityProvidersSettings. Okta. Domain` Okta Domain	Organization's Okta domain (e.g. mycompany.okta.com).
`LoginSettings. IdentityProvidersSettings. Okta. AuthorizationServerId` Okta Authorization Server ID	ID of authentication server in Okta domain. Default value: `default`
`LoginSettings. IdentityProvidersSettings. Okta. ClientId` Okta Application Client ID	Client ID of the application in Okta domain.
`LoginSettings. IdentityProvidersSettings. Okta. ClientSecret` Okta Application Client Secret	Client secret of the application in Okta domain. `Encrypted` `Password`
`LoginSettings. IdentityProvidersSettings. Okta. ClientSecretConfirmation` Okta Application Client Secret Confirmation	The Client secret of the application created in Okta domain (confirmation). `Encrypted` `Password`
`LoginSettings. IdentityProvidersSettings. JumpCloud. Enabled` JumpCloud Authentication enabled	Enables JumpCloud integrated authentication. Valid choices are: `True`, `False`. Default value: `False`. `Mandatory`
`LoginSettings. IdentityProvidersSettings. JumpCloud. SPEntityId` SP Entity ID	Service Provider identifier.
`LoginSettings. IdentityProvidersSettings. JumpCloud. X509SigningCertificate` X509 Signing Certificate	Signing certificated included in SAML SP Metadata file.
`LoginSettings. IdentityProvidersSettings. JumpCloud. LoginUrl` JumpCloud login URL	SingleSignOnService location included in SAML SP Metadata file.
`HealthCheckSettings.ApiKey` Health check settings apikey	Health check settings apikey.
`IdentityServerOptions. Authentication. CookieLifetime` User credentials expiration	Amount of time the users credentials will be valid, after this time the user must reinsert their credentials. Default value: `007.00:00:00`. `Mandatory`
`IdentityServerOptions.IssuerUri` Issuer Uri	Set the issuer name that will appear in the discovery document and the issued JWT tokens. When leaving it empty, issuer will be the host name used to access `/Authentication` endpoints. Requests might fail when using the old Security Integration nuget (`Sequel.Security.Integration.NetCore`) with an empty IssuerUri if the external and internal URLs are not the same. Default value: security{gs:Environment.DomainExternal}.

Security web services - Authorization service¶

Module Id: AuthorizationWeb

This REST API offers a fast access to all queries related to authorization; caching the data retreived from the Security API.

Parameter	Description
`InitializeSSL`	Enables HTTPS. Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`TrustForwardedHeaders`	Trusts Forwarded Headers from Reverse Proxies/Load Balancers to properly detect HTTPS. Valid choices are: `True`, `False`. Default value: `False`. `Mandatory`
`IIS Web Application Name` IIS Web Application Name	Name of the web application hosted in IIS. Default value: {gs:IIS.Site}/Authorization. `Mandatory`
`IIS Binding Protocol` IIS Binding Protocol (http/https)	Protocol of the web application hosted in IIS. Default value: `{gs:IIS.Protocol}`. `Mandatory`
`IIS Port` IIS Binding Port	Port of the web application hosted in IIS. Default value: `{gs:IIS.Port}`. `Mandatory`
`CertificateThumbprint`	Thumbprint of the PFX Certificate for IIS HTTPS binding. Default value: {gs:IIS.CertificateThumbprint}.
`SwaggerSettings.Enabled` Swagger Enabled	Enables Swagger UI documentation for Authorization. Valid choices are: `True`, `False`. Default value: `False`. `Mandatory`
`SecurityApiSettings.BaseUrl` Security API Endpoint	URL of the Security API endpoint (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.ServerUrl}:{p:IIS Port}/SecurityAPI. `Mandatory`
`ServiceDiscoverySettings.Mode` Service Discovery Mode	Service Discovery Mode: Consul or PointToPoint. This feature is an experimental feature. `PointToPoint` is the unique valid value for production environments. Valid choices are: `Consul`, `PointToPoint`. Default value: `PointToPoint`. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. Authentication. InternalUrl` Authentication URL	URL where the Sequel Authentication application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.AuthenticationServer}/Authentication. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. Authentication. ExternalUrl` Public Authentication URL	Public URL where the Sequel Authentication application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.AuthenticationServerExternal}/Authentication. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. SecurityApi. InternalUrl` Security API URL	URL where the Sequel Security API is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.SecurityApiServer}/SecurityAPI. `Mandatory`
`ServiceDiscoverySettings. RequiredServices. SecurityApi. ExternalUrl` Public Security API URL	URL where the Sequel Security API application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.SecurityApiServerExternal}/SecurityAPI. `Mandatory`
`ServiceDiscoverySettings. PublishedServices. Authorization. InternalUrl` Authorization URL	URL where the Sequel Authorization application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.AuthorizationServer}/Authorization. `Mandatory`
`ServiceDiscoverySettings. PublishedServices. Authorization. ExternalUrl` Public Authorization URL	Public URL where the Sequel Authorization application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {gs:IIS.Protocol}://{gs:Environment.AuthorizationServerExternal}/Authorization. `Mandatory`
`MessageBusSettings.RabbitMqSettings.ServerUri` RabbitMQ Server URL	The URL of the RabbitMQ server (rabbitmq://subdomain.domain.tld/virtualhost). Default value: {gs:RabbitMq.ServerUrl}. `Mandatory`
`MessageBusSettings.RabbitMqSettings.UserName` RabbitMQ User Name	RabbitMQ user name. Default value: {gs:RabbitMq.UserName}. `Mandatory`
`MessageBusSettings.RabbitMqSettings.Password` RabbitMQ Password	Password of the RabbitMQ server account. Default value: {gs:RabbitMq.Password}. `Mandatory` `Encrypted` `Password`
`LoggingSettings.MsSql.ConnectionString` Logging Database Connection String	Connection string of the logging database. Default value: Data Source={gs:Logging.DatabaseServer};Initial Catalog={gs:Logging.DatabaseName};Trusted_Connection=True;MultipleActiveResultSets=true;MultiSubnetFailover={gs:Logging.DatabaseServerIsAGListener}. `Mandatory`
`LoggingSettings.MsSql.MinimumLogLevel` Logging Level	Logging level {Debug, Info, Warning, Error} (MsSql). Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings.Console.MinimumLogLevel` Logging Level	Logging level {Debug, Info, Warning, Error} (Console). Valid choices are: `Debug`, `Information`, `Warning`, `Error`. Default value: `{gs:Logging.Level}`. `Mandatory`
`LoggingSettings.Console.UseJsonFormatter` Use JSON Format (Console)	Output logs in JSON (Console). Valid choices are: `True`, `False`. Default value: `True`. `Mandatory`
`LoggingSettings.Type` Logs Output	Select the output of logs: MsSql or Console. Valid choices are: `MsSql`, `Console`. Default value: `{gs:Logging.Type}`. `Mandatory`
`HealthCheckSettings.ApiKey` Health check settings apikey	Health check settings apikey.

Security web services - Administration site¶

Module Id: SecurityAdministrationWeb

Static website application (SPA) for managing security data, depends on Security Rest API and Authentication Service.

Parameter	Description
`IIS Web Application Name` IIS Web Application Name	Name of the web application hosted in IIS. Default value: {gs:IIS.Site}/Administration. `Mandatory`
`IIS Binding Protocol` IIS Binding Protocol (http/https)	Protocol of the web application hosted in IIS. Default value: `{gs:IIS.Protocol}`. `Mandatory`
`IIS Port` IIS Binding Port	Port of the web application hosted in IIS. Default value: `{gs:IIS.Port}`. `Mandatory`
`CertificateThumbprint`	Thumbprint of the PFX Certificate for IIS HTTPS binding. Default value: {gs:IIS.CertificateThumbprint}.
`auth` Authentication URL	URL where the Sequel Authentication application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {p:IIS Binding Protocol}://{gs:Environment.AuthenticationServerExternal}/Authentication. `Mandatory`
`api` Security API URL	URL where the Sequel Security API application is (or will be) available (protocol://subdomain.domain.tld/path). Default value: {p:IIS Binding Protocol}://{gs:Environment.SecurityApiServerExternal}/SecurityApi. `Mandatory`

Appendix¶

Global settings:

For accessing to previously defined global settings use the syntax: {gs:GLOBAL_SETTING_NAME}

Variables:

Deployment manager offer access to environment variable from the current process, like USERDNSDOMAIN. Also, other built-in variables are available like:

CurrentMachine: returns the machine name where the installation is executed.
RootFolder: returns the root folder where Deployment Manager is installed.

The syntax is {var:VARIABLE_NAME}. A sample of variable usage on attribute defaultValue:

<parameter xsi:type="Url" 
    name="Url"
    defaultValue="https://{var:CurrentMachine}.{var:USERDNSDOMAIN}/"
    />