Showing results for 
Search instead for 
Do you mean 

Can I access the Security Console via HTTPS?

by Technical Evangelist ‎02-12-2020 02:11 AM - edited ‎02-13-2020 02:26 AM (107 Views)

Question

I am trying to configure HTTPS access to https://myserver.domain/AuthorizationBridge/AuthorizationBridgeAdmin.svc. But I am getting the following error: "The provided URI scheme 'https' is invalid; expected 'http'. Parameter name: via".

 

Is it possible to run Security Console with https?

Answer

Yes, it is possible to configure the Security Console and Authorization Bridge to work with HTTPS protocol.

  1. Firstly, make sure that you have Require SSL checked in the SSL Settings for the Authorization Bridge instance: IIS1.PNG

     

    IIS2.PNG

  2. Next, change the binding & service behaviors in the ..\Instances\<AuthBridgeInstance>\web.config like following:
    <bindings>
       <wsHttpBinding>
          <binding name="AuthorizationBridgeBinding" >
    <!-- Change to Transport --> <security mode="Transport"> <transport clientCredentialType="None" /> </security> </binding> </wsHttpBinding> </bindings> <services> <service name="Intergraph.GeoMedia.Web.SDI.AuthBridge.Authorize" behaviorConfiguration="AuthBridge.Service1Behavior"> ...
    <!-- Change to mexHttpsBindings --> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> </service> <service name="Intergraph.GeoMedia.Web.SDI.AuthBridge.AuthorizationBridgeAdmin" behaviorConfiguration="AuthBridge.Service1Behavior"> ...
    <!-- Change to mexHttpsBindings --> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> </service> <service name="Intergraph.GeoMedia.Web.SDI.AuthBridge.Authenticate" behaviorConfiguration="AuthBridge.Service1Behavior"> ...
    <!-- Change to mexHttpsBindings --> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="AuthBridge.Service1Behavior">
    ...
    <!-- enable https, disable http --> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" httpsGetUrl=""/> ...
  3. (Optional) It may be needed to explicitly set the HostName attribute to the computer / domain name for which was the certificate issued.
    Refer to <add key="Intergraph.GeoMedia.Web.SDI.HostName" value="[host-name]"/> section.
  4. Reflect the change from step (2) in Security Console config:
    C:\Program Files\Common Files\Hexagon\Geospatial SDI\Security Console\Intergraph.GeoMedia.Web.SDI.Projectware.SecurityAdminConsole.exe.config:
    <bindings>
       <wsHttpBinding>
          <binding name="WSHttpBinding_IAuthorizationBridgeAdmin" ...>
           ...
             <security mode="Transport">

The Security Console should be able to connect now.

Contributors