Refer the following sections for configuration.
Configure Logon user and SQL connection
By default, the service is expected to start with the Logon User set to "AcuoServiceUser." The "AcuoServiceUser" user is expected to be added to the machine via Acuo Host Service Setup installation, which is a prerequisite for Audit Manager service installation. This user should at least be able to read registry entries and also optionally communicate with the Acuo Audit Manager databases via Windows Authentication. The service user/password can be changed to suite the installation environment if required. The service works successfully once the database connection is properly established and certificate thumbprint is configured properly. The certificate is expected to be in the Personal section of the Local Computer certificate store. Issuing certificate is expected to be in Trusted Root Certificate Authority section of the Local Computer certificate store.
Troubleshoot
Under "Registry Editor," the HKEY_LOCAL_MACHINE\SOFTWARE\Acuo Technologies\AcuoAuditManager\Config\connectionString section contains the SQL connection string to log in to the settings database. The service is not able to start successfully if the connection string is incorrect. In such a scenario, modify the same after verifying the config database name and try to restart the service. The service should now start successfully. In case of any issues, look into the log files located in %windir%\tracing\AcuoAuditManager directory and the event viewer. The log file is used for logging throughout the application cycle.
Configure the service
Endpoint configuration
In the “appsettings” section of the “Acuo.AuditManager.Service.Installer.exe.config” file which is present in the installation directory of the service, modify the value of “AuditConsumerEndpoint” to provide comma separated values of endpoints where the AREST Consumer Service and other APIs are hosted.
Application configuration on service start
The "Acuo.AuditManager.Service.Installer.exe.config" file of the installation folder contains several key value pairs which are used by the service. Check and configure these key values. The key values represent the following functionalities.
ServerCertificateThumbprint: The thumb print of the certificate present in the personal section of the computer certificate which is used for secure service access as well as audit logging.
ProxyClientCertificateThumbprint: The thumb print of the certificate used to bypass the browser security settings while accessing third party FHIR server for ITI-81 and ITI-82 queries from the client.
SelfHeal: Specifies whether the system can periodically update itself to use the latest configuration settings.
BindPortForTLS: True if the service binds the TLS ports with the associated certificate on its own, else false.
QueryCommandTimeout: Database read timeout period (in seconds) while retrieving audit records.
EnableFHIRServerAuthentication: Determines whether the FHIR server has any security enabled.
AuditEntityTypes: Comma separated permissible values.
ResourceTypes: Comma separated permissible values.
AuditEventEntityRoles: Comma separated permissible values.
EncryptKey: Partial hash key used to store credentials in database. (Note: if the value is changed after adding linked servers, the server properties would need to be saved again for it to work properly. It is recommended to not change it post installation.)
ValidateTLSClientCertificate: Specifies whether the client certificate needs to be validated for messages received over TLS connection.
TCPReceiveTimeout: Specifies in milliseconds the read timeout value of the TCP Client instances spawned by TCP Receivers for Syslog messages. The default value is 0, which means there is no timeout.
SetIncludeRealmForPostgresqlIntegratedSecurity: Specifies whether to include realm while connecting to postgres database using integrated security. By default, it is set to false.
SanitizeMigrationOnServiceStart: Specifies whether the service on starting, checks if the current migration status in the database is wrongly saved. In case the status is wrongly saved, it is changed to ‘Suspended’. A ‘Suspended’ migration status can be changed to ‘Active’ from the web application UI.
AuthenticationMode: Specifies the authentication mode to use in a Web application. Value can be 0 (no authentication), 1 (Basic authentication), and 2 (Hyland Idp based Open ID authentication), and 3 (OAuth 1.0 password grant based authentication with AAP VNA STS). NOTE: By default, authentication is disabled. Hyland IdP Integration is temporarily not available in Audit Manager software release version 4.1.2 onwards.
AllowedOrigins: Determines whether origins are allowed to access the web application.
Domain: Specifies information about a domain.
Container: Specifies the LDAP container.
AreGroupsLocal: Specifies if the groups mentioned as values in the Custom-Roles section are local to the system or domain groups.
TimerIntervalInMiliseconds: Time interval in milliseconds after which the local group cache is reset as necessary.
BasicAuthAllowedRoles: Specifies the local or domain group names that are to be used for basic authentication.
BasicAuthDefaultRole: Optional parameter, specifies the default group that can be assigned to an user if it does not belong to any pre configured group.
GCDelayInMins: Interval in minutes after which garbage collection is periodically executed. Default value is 0, which means, disabled.
NameClaimType: The JWT or access token property name for user name.
RoleClaimType: The JWT or access token property name for user role.
Authority: IUA Admin URL for OAuth OpenID support.
ScopeName: Name of the scope under which the APIs are accessible.
OAuth10Url: Endpoint of the AAP VNA STS to be used for OAuth 1.0 password grant based authentication.
OAuth10ClientCertificateThumbprint: Client certificate thumb print to be used to interact with AAP VNA STS, if applicable. The certificate needs to be present at Personal section of Computer certificate folder.
UseProvider: Boolean flag determining if the provider needs to be specified while sending the token request to AAP VNA STS.
Others
In the CustomRoles section there are provisions for authorization. View and Admin roles are supported. The corresponding values represent the group name of users that have the corresponding rights. To disable authorization provide empty values to View and Admin keys.
Configure the Web application
Migrate to the root directory of the installation folder of web application.
The file .\config.json contains the “authenticationMode” value which determines the authentication type associated with this web application. Switch between the values 0, 1 and 2. The value must be in sync with the value configured in the service configuration in order to work.
The file .\config.json contains several mentions of the endpoint address to access as well as IdP configurations. These values need to bein sync with the service configuration as well. For the web app to be available for use from outside the system, a fully qualified name or IP is required instead of a localhost.