MicroStrategy ONE
Optimizing the S2 Adapter for MicroStrategy Identity
After the S2 physical access control system (PACS) adapter is installed, you can optimize it for MicroStrategy Identity. To do this, you customize configuration settings, some of which are not prompted when you install the adapter:
- Configuring How Frequently Automatic Cache Refresh Occurs
- Configuring How Long to Wait for a Connection to the S2 Database
- Configuring the Location of the Cache
- Configuring S2 Server Settings
The sections below explain the settings you can change using a text editor to modify the s2config.json file.
Configuring How Frequently Automatic Cache Refresh Occurs
The cache_timeout setting controls the time, in seconds, between automatic cache refreshes. The cache refresh causes user, portal, and permission changes to take effect in MicroStrategy Identity. The default is 1800 seconds (30 minutes).
To change this setting, use a text editor to modify the s2config.json file.
The cache on the PACS adapter contains information about each user, door or portal, and permissions, such as whether a user has access to use a door. When that information changes in the S2 NetBox PACS, it becomes active in the adapter and, therefore, the physical access points, after the cache is refreshed in the adapter. The cache refresh can take several minutes. For example, with this setting configured as 30 minutes, when a new user is added in the PACS and given access to five doors, the longest she would have to wait until she can begin accessing those doors is 30 minutes. If this is set to 0, the cache is not automatically refreshed.
To initialize the cache, the adapter communicates with the S2 PACS to gather all the configuration information. The adapter uses two methods to get the information:
- HTTP to get the AccessLevels, Portals, and ReadersGroups.
- Connects directly to the S2 database to get Persons.
You can force a cache refresh at any time. For the URL to use, see Refreshing the S2 Adapter Cache.
Configuring How Long to Wait for a Connection to the S2 Database
The database_socket_timeout setting controls how long, in seconds, MicroStrategy Identity attempts to connect to the S2 database before giving up. The default is 300 seconds (5 minutes).
To change this setting, use a text editor to modify the s2config.json file.
Configuring the Location of the Cache
The cache_file setting notes the path name of the disk cache file on the machine hosting the S2 adapter. For example, /tmp/S2.cache.
The cache on the PACS adapter contains information about each user, door or portal, and permissions, such as whether a user has access to use a door.
To change this setting, use a text editor to modify the s2config.json file.
Configuring S2 Server Settings
The configuration file lists the S2 servers; each is identified by a unique IP address. You may have more than one S2 server. For each server, you can configure information about connecting to the server, the S2 database, and define a list of portals and open events.
To change these settings, use a text editor to modify the s2config.json file.
- IP. The S2 PACS server IP address.
- The field_for_idm setting determines which user property in S2 is used to uniquely identify a user. The default is
PERSONID. - Information the adapter uses to connect to the S2 NetBox server is configured in the
ws_paramssection of thes2config.jsonfile. These settings are as follows:- protocol. When the adapter connects to the S2 NetBox server, this setting controls whether the protocol used is regular or secure. To use a secure protocol, change this setting to
https. For regular protocol, change it tohttpor leave it blank.- disable_certificate_check. This setting controls whether the digital certificate is validated when connecting to the S2 server. The validation involves checking that the digital certificate has been signed by a trusted certificate authority. This setting is in effect if the protocol setting described above is set to
https. To disable the certificate check, change this disable_certificate_check setting totrue. To perform the certificate check, change this setting tofalse.
- disable_certificate_check. This setting controls whether the digital certificate is validated when connecting to the S2 server. The validation involves checking that the digital certificate has been signed by a trusted certificate authority. This setting is in effect if the protocol setting described above is set to
- ws_port. The port number used to access S2 NetBox server. The default is
80. - auth_type. If the S2 NetBox API is enabled to use a user name and password for authentication, change this setting to
1and specify the user and password noted below. If the S2 NetBox API is not enabled for user name and password authentication, change this setting to0.- user and password. If the auth_type setting described above is set to
1, change the user and password settings to a user account name and password for a user that has administrator access to the S2 API.
- user and password. If the auth_type setting described above is set to
- protocol. When the adapter connects to the S2 NetBox server, this setting controls whether the protocol used is regular or secure. To use a secure protocol, change this setting to
- enable_default_events. This setting determines whether MicroStrategy Identity uses a default event of
openwhen a user attempts to access a portal (true) or whether MicroStrategy Identity uses the list of portal and event mappings specified in the open_portal_events list described below (false). The default isfalse.
If this setting is true, when someone attempts to access a portal and the portal is not in the open_portal_events list, the adapter uses the default event. The default event is defined asOpen PortalName, wherePortalNameis the portal name as specified in the S2 NetBox administration console.
If this setting isfalse, a portal and event entry is required for every portal in your S2 NetBox administration console. This is specified in the open_portal_events setting, described below.open_portal_events. This is a set of portal names, event names, and an action that MicroStrategy Identity uses when a user attempts to access a portal. If the enable_default_events setting described above is
false, an entry is required in this list for each portal that is defined in the S2 NetBox administration console. Each entry consists of three items: a portal_name, event_name, and event_action. The example below shows the information for two portals.[ { "portal_name" : "Front door portal", "event_name" : "Open the door", "event_action" : "ACTIVATE" } { "portal_name" : "2nd floor south portal", "event_name" : "Open the door", "event_action" : "ACTIVATE" } ]
- You can configure the information the adapter uses to connect to the S2 NetBox database. These settings are in the
db_paramssection of thes2config.jsonfile. These settings are as follows:- db_server. The machine name or IP address of the machine hosting the S2 database.
- db_user. A user name that can connect to the S2 database.
- db_password. The S2 database password.
- db_name. The S2 database name.
- db_port. The port number used to connect to the S2 database. The default is
5432. - db_max_conn. How many connections can be made to the S2 database and, therefore, how many requests the S2 server can process at one time. The default is
20.
If too many connections are allowed, the S2 server might not able to process them all within a short time. If this occurs, you can change this setting to permit fewer connections. - disable_certificate_check. Whether the digital certificate is validated when connecting to the S2 database. The validation involves checking that the digital certificate has been signed by a trusted certificate authority. To disable the certificate check, change the setting to
true. To perform the certificate check, change the setting tofalse.
Related Topics
Integrating S2 NetBox® with MicroStrategy Identity
Verifying that the S2 Adapter Installation is Correct