The CxSAST is based on IIS Application Pools and CxServices. For each of these the local Network Service is defined as default by the CxSAST installer.
Info | ||
---|---|---|
| ||
If Active Directory (SSO) is used then the SPNs for the application server IRLs must be added to the user that the applicartion pools run under in order for Kerberos to work correctly |
Outline
It is important to differentiate between the components as not all of them are used for the same purpose.
IIS Application Pools
- CxClientPool - Application Pool of the Web Portal - the user that is defined here will not influence any external tools.
- CxPool - Application Pool of the CxManager - the user that is defined here is used for connection to a third party server, e.g. TFS, GIT, SVN, etc..
- CxPoolRestAPI - Application Pool of the RestAPI - the user that is defined here will not influence any external tools.
Info |
---|
The user assigned to the IIS App Pools will must have access to the CxDB and CxActivity databases in the SQL Server, if 'Integrated Security=True' in - DBConnectionData.config file. |
Services
Services for the CxManager - The user that is defined here (and to the CxPool) is used for the connection to the SQL server (if 'Integrated Security=True' in - DBConnectionData.config file):
...
Info |
---|
For resolving issues, it is recommended to keep all the CxServices defined with the same user. |
Storage Folders
Ensure that the user accessing the Cx storage folders (CxSrc, CxReports, ExtSrc) has the appropriate read/write permissions.
Configuration
CxServices
1. Ensure that the user running the CxServices has the appropriate authorization, i.e. has domain access, administration rights, etc.
...
5. Select the Log On tab, enter the appropriate user credentials and click OK.
IIS (Application Pools)
1. In the IIS Manager, navigate to Application Pools, and check the user Identity of each of the following:
- CxClientPool
- CxPool
- CxPoolRestAPI
Info |
---|
If any of the Cx Application Pools are anything other than the default Network Service, make sure you know the user account's full credentials. |
...
7. Enter the appropriate user credentials and click OK.
Cx Storage Folders
1. Verify that the user accessing the Cx storage folders (CxSrc, CxReports, ExtSrc) has the appropriate read/write permissions.
...
5. Click Apply to save the changes.
3. Repeat this procedure for the remaining Cx storage folders.
...