SAR Configuration
To have SARs on your Aiimi Insight Engine system there are a few things that need to be set up.
Extract Disclosure Portal Zips
Extract the ‘disclosure-portal.zip’ folder to C:\
The paths should be:
C:\DisclosurePortal\admin-api
C:\DisclosurePortal\client-api
C:\DisclosurePortal\client-app
Initialise SAR Collection
Within the Control Hub go to Mappings, Models.
Under the Collection Business Area check if the dsarCollection exists.
Initialise it by running the following commands on the Aiimi Insight Engine server:
cd C:\InsightMaker\Utils\InsightMaker.IndexUtilities\
.\InsightMaker.IndexUtilities.exe initialise --dsar --publish This will create the model, publish it, and populate default values for objects such as Subject Types, Universal Policies etc.
Privacy Portal Certificate
Configuring IIS
Open the Internet Information Services (IIS).
Right click Sites then Add Website.
Site name: PrivacyPortal (or similar, useful name)
Physical path: C:\DisclosurePortal\client-app
Binding:
Type: https (not http)
IP address: All Unassigned
Port: 444 (Usually on Port 443 unless on the same server)
SSL certificate: InsightEngine20
Click OK
Right Click on PrivacyPortal then Add Application.
Alias: api
Physical path: C:\DisclosurePortal\client-api
Click OK
Click Admin
Under Management select Configuration Editor
Section: Select system.webServer > serverRuntime
uploadReadAheadSize: Change to 2147483647
Select apply
Select admin again
Under the IIS Section select SSL Settings
Enable Require SSL and select Require under client certificates.
Generate root and child certificates
If deploying on a separate web server to Aiimi Insight Engine, copy the folder ‘C:\InsightMaker\scripts’ to the server.
If deploying on the same server as AIE, simply use the existing ‘C:\InsightMaker\scripts’ folder.
Create folder ‘certs’ under C:\DisclosurePortal
Open PowerShell as an Administrator.
Run the following command
C:\InsightMaker\scripts\create-root-child-certs.ps1 Confirm the certificate files exist under C:\DisclosurePortal\certs\
Right click root.crt and select Install Certificate
Select Local Machine then Next.
Select 'Place all certificates in the following store'.
Click Browse and select ‘Trusted Root Certification Authorities’.
Click OK, then Next and Finish.
Deploying on a separate web server to Aiimi Insight Engine
Copy the Elastic cert ‘elastic-certificiates.p12’ file to the server under C:\DisclosurePortal\certs\
e.g. C:\Apps\elasticsearch-8.11.1\config\certs\elastic-certificates.p12
Copy the cert file ‘child.pfx’ to the Aiimi Insight Engine server (or AIE web app AND agents servers, if multi-server deployment).
Deploying on the same server as Aiimi Insight Engine
Use the existing ‘elastic-certificates.p12’ path and password.
Delete Configuration Files
Log4net.config
Rename the log4net.default.config files within \client-api and \admin-api to log4net.config.
Open \client-api\log4net.config in Notepad++ (or similar application).
Update the file value on line 4 to a valid location.
e.g. C:/tmp/logs/DisclosurePortal/ (the log name in the file).
Save and close
Repeat steps 1 to 4 for the ‘\admin-api\log4net.config’ file.
Web.config
Rename the web.default.config files within \client-api and \admin-api to web.config.
Appsettings.json
Rename the appsettings.default.json files within \client-api and \admin-api to appsettings.json.
Open \client-api\appsettings.json in Notepad++ (or similar application).
Set the plugins.locations to C:\\InsightMaker\\Plugins (line 10).
Set the disclosureSettingsPath to C:\\DisclosurePortal\\disclosuresettings.json.
Set the disclosureRoot to C:\\tmp\\disclosures.
Create an empty file called disclosuresettings.json and save this within C:\DisclosurePortal\.
Create a folder path of C:\tmp\disclosures\.
Save and close.
Create a folder path of C:\tmp\RequestStore\.
Create a file called verificationStore.json and save this within C:\tmp\.
Set the contents of this file to:
{
"Requests": {}
} Save and close.
Open ‘\admin-api\appsettings.json’ in Notepad
Set the disclosureSettingsPath to ‘C:\\DisclosurePortal\\disclosuresettings.json’.
Set the disclosureRoot to ‘C:\\tmp\\disclosures’.
Set the plugins.locations to ‘C:\\InsightMaker\\Plugins’ (line 6).
Set the remoteApi.certificate.path to ‘C:\\DisclosurePortal\\certs\\elastic-certificates.p12’
(or the existing path of ‘elastic-certificates.p12’ if deploying on the same server as Aiimi Insight Engine)
Set the remoteApi.certificate.password value to the password of ‘elastic-certificates.p12’
Save and close
Installing .NET Hosting Bundle
Deploying on a separate web server to Aiimi Insight Engine
Download .NET Hosting Bundle 8.x from https://dotnet.microsoft.com/en-us/download/dotnet/8.0 (actual version number may vary from screenshot)
Run ‘dotnet-hosting-8.0.xx-win.exe’
It's important that the Hosting Bundle is installed after IIS has been installed and enabled.
Perform an iisreset.
Browse to https://localhost:444/#/login
jsonThe login screen should be displayed.
Configure Insight Engine Agents and APIs
For the Admin and Search API’s and Content and Job Agents, open ‘appsettings.json’ in Notepad.
Admin API (e.g. C:\InsightMaker\Apps\Admin\api\appsettings.json)
Search API (e.g. C:\InsightMaker\Apps\Search\api\appsettings.json)
ContentAgent (e.g. C:\InsightMaker\ContentAgent\appsettings.json)
JobAgent (e.g. C:\InsightMaker\JobAgent\appsettings.json)
Add/update the advanced.disclosureClientCertificate section with the correct path to ‘child.pfx’ and its password:
"advanced": {
"redactionLicencedKey": "See Agreement",
"disclosureClientCertificate": {
"path": "C:\\DisclosurePortal\\certs\\child.pfx",
"password": "changeme"
}
} Restart IIS where Search and Admin are deployed, and restart the Job and Content agents.
Last updated