SAR Configuration

To have SARs on your Aiimi Insight Engine system there are a few things that need to be set up.

Extract Disclosure Portal Zips

Extract the ‘disclosure-portal.zip’ folder to C:\

The paths should be:
- C:\DisclosurePortal\admin-api
- C:\DisclosurePortal\client-api
- C:\DisclosurePortal\client-app

Initialise SAR Collection

Within Control Hub go to Mappings, Models.

Under the Collection Business Area check if the dsarCollection exists.

Run the following script on the Aiimi insight Engine server to initialise it.

cd C:\InsightMaker\Utils\InsightMaker.IndexUtilities\ 
.\InsightMaker.IndexUtilities.exe initialise --dsar --publish

This creates the model, publishes it, and populates defaults for Subject Types, Universal Policies etc.

Privacy Portal Certificate

Configuring IIS

Open the Internet Information Services (IIS).

Right click Sites and select Add Website.

Site name: PrivacyPortal (or similar, useful name)
Physical path: C:\DisclosurePortal\client-app
Binding:
- Type: https (not http)
- IP address: All Unassigned
- Port: 444 (Usually on Port 443 unless on the same server)
- SSL certificate: InsightEngine20

Click OK

Right Click on PrivacyPortal then Add Application.

Alias: api
Physical path: C:\DisclosurePortal\client-api

Click OK

Click Admin

Under Management select Configuration Editor.

Section: Select system.webServer > serverRuntime

uploadReadAheadSize: Change to 2147483647

Select apply.

Select admin again.

Under the IIS Section select SSL Settings.

Enable Requires SSL and select Requires under client certificates.

Generate root and child certificates

If deploying on a separate web server to Aiimi Insight Engine, copy the folder ‘C:\InsightMaker\scripts’ to the server.

If deploying on the same server as Aiimi Insight Engine, use the existing ‘C:\InsightMaker\scripts’ folder.

Create folder ‘certs’ under C:\DisclosurePortal.

Open PowerShell as an Administrator.

Run the following script to create the child certificate.

C:\InsightMaker\scripts\create-root-child-certs.ps1

Go to C:\DisclosurePortal\certs\ and confirm the certificate files exist.

Right click root.crt and select Install Certificate.

Select Local Machine and Next.

Select 'Place all certificates in the following store'.

Click Browse and select ‘Trusted Root Certification Authorities’.

Click OK, Next and Finish.

Deploying on a separate web server to Aiimi Insight Engine

Copy the ‘elastic-certificiates.p12’ file to the server under C:\DisclosurePortal\certs.

e.g. C:\Apps\elasticsearch-8.11.1\config\certs\elastic-certificates.p12

Copy the ‘child.pfx’ file to the Aiimi Insight Engine server. Or AIE web app and agents servers, if multi-server deployment.

Deploying on the same server as Aiimi Insight Engine

Use the existing ‘elastic-certificates.p12’ path and password.

Delete Configuration Files

Log4net.config

Rename the log4net.default.config files within \client-api and \admin-api to log4net.config.

Open \client-api\log4net.config in Notepad++ (or similar application).

Update the file value on line 4 to a valid location.

e.g. C:/tmp/logs/DisclosurePortal/ (the log name in the file).

Save and close.

Repeat steps 1 to 4 for the ‘\admin-api\log4net.config’ file.

Web.config

Rename the web.default.config files within \client-api and \admin-api to web.config.

Appsettings.json

If you are deploying on a separate web server to Aiimi Insight Engine, copy the folder ‘C:\InsightMaker\Plugins’ to the server.

Rename the appsettings.default.json files within \client-api and \admin-api to appsettings.json.

Open \client-api\appsettings.json in Notepad++.

Set the plugins.locations to C:\\InsightMaker\\Plugins (line 10).
Set the disclosureSettingsPath to C:\\DisclosurePortal\\disclosuresettings.json.
Set the disclosureRoot to C:\\tmp\\disclosures.

Create a file and call it disclosuresettings.json. Save this file within C:\DisclosurePortal.

Create a folder path of C:\tmp\disclosures.

Save and close.

Create a folder path of C:\tmp\RequestStore\.

Create a file called verificationStore.json.

Set the contents of this file to:

{ 

  "Requests": {} 

}

Save this within C:\tmp and close.

Open ‘\admin-api\appsettings.json’ in Notepad++.

Set the disclosureSettingsPath to ‘C:\\DisclosurePortal\\disclosuresettings.json’.
Set the disclosureRoot to ‘C:\\tmp\\disclosures’.
Set the plugins.locations to ‘C:\\InsightMaker\\Plugins’ (line 6).
Set the remoteApi.certificate.path to ‘C:\\DisclosurePortal\\certs\\elastic-certificates.p12’
- Or the existing ‘elastic-certificates.p12’ path if deploying on the same server.
Set the remoteApi.certificate.password value to the password of ‘elastic-certificates.p12’

Save and close

Installing .NET Hosting Bundle

Deploying on a separate web server to Aiimi Insight Engine

Download .NET Hosting Bundle 8.x from https://dotnet.microsoft.com/en-us/download/dotnet/8.0. Actual version number may vary in the screenshot.

Run ‘dotnet-hosting-8.0.xx-win.exe’.

The Hosting Bundle must be installed after IIS has been installed and enabled.

In an admin PowerShell run the following script.

iisreset;

Open your web browser and navigate to https://localhost:444/#/login

The login screen should display.

Configure Insight Engine Agents and APIs

For the Admin and Search API’s and Content and Job Agents, open ‘appsettings.json’ in Notepad.

Admin API (e.g. C:\InsightMaker\Apps\Admin\api\appsettings.json)
Search API (e.g. C:\InsightMaker\Apps\Search\api\appsettings.json)
ContentAgent (e.g. C:\InsightMaker\ContentAgent\appsettings.json)
JobAgent (e.g. C:\InsightMaker\JobAgent\appsettings.json)

Update the advanced disclosureClientCertificate section with the ‘child.pfx’ filed path and password.

"advanced": { 
    "redactionLicencedKey": "See Agreement", 
    "disclosureClientCertificate": { 
      "path": "C:\\DisclosurePortal\\certs\\child.pfx", 
      "password": "changeme" 
    } 
  }

Restart IIS where the Search and Admin apps are deployed.

Restart the Job and Content agents.

PreviousCertificates in a Key Vault NextCSOM Bridge Set Up

Last updated 28 days ago