Customize Configuration File
Configuration of the dab Nexus application
This is the configuration to save the application data. This is not the configuration of the SAP-data and the results.
- Go to the DAB_NEXUS_HOME directory: Default Path is C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\dabGmbH\neXus
- Open the file Configuration.json with a text editor (e.g. Notepad)
- Define the Connection String to the SQL-server used by dab Nexus to store application data and meta information. It can be the same SQL-server that is later used to store SAP-data and results. Depending on the type of authentication, use one of the following templates for the Connection String.
Windows Authentication
"ConnectionStrings": {
"ApplicationDatabase": "Server=YourSQLServer;Database=YourDatabase;Trusted_Connection=True;MultipleActiveResultSets=true"
}
SQL-server Authentication
"ConnectionStrings": {
"ApplicationDatabase": "Server=YourSQLServer;Database=YourDatabase;UserId=myUsername;Password=myPassword;MultipleActiveResultSets=true"
}
Load Certifications
A certification can either be loaded from a file or a windows certificate store. Depending on which variant you choose, the parameters in Configuration.json must be adjusted accordingly.
- File: in this scenario, you enter the value File in the CertificateStore parameter
- Windows Certificate Store: the fingerprint/thumbprint of the certificate must be specified here in the properties
Load Certificate from File
"CertificateStore": "File",
"CertificatePassword": "<Configure>",
Load Certificate from Windows Certificate Store
"CertificateStore": "LocalMachine",
"CertificateFingerprint": "<Configure>",
After your changings in the Configuration.json, click on Save and restart the dab Nexus Service.
Change the Certificate from Windows Certificate Store
If the Certificate needs to be changed (e.g. with a new validity period), the CertificateFingerprint in the Configuration.json must be changed manually.
Perform the following steps when changing the Certificate:
- Stop the Windows Service for dab Nexus (You can find more information in this article. Select the Windows service and click Stop on the left-hand side)
- Open the Configuration.json
- The value of the CertificateFingerprint field must be changed to the new fingerprint/thumbprint
- Save the Configuration.json
- Restart the Windows Service for dab Nexus (You can find more information in this article)
More possible Configuration options
| Option | Description | Possible values (defaults in bold) | Example |
|---|---|---|---|
| ConnectionStrings / PrimaryDatabase ConnectionStrings / ApplicationDatabase (from 1.12) | Connection to the Application Database Note To connect to a named instance, you have to insert two backslashes between the server name and the instance: e.g. SERVER\yourINSTANCE | "ConnectionStrings": { "PrimaryDatabase": "Server=..." } | |
| ApplicationURL | URL, where dab Nexus is reachable | "ApplicationUrl": "https://localhost/" | |
| RedirectHttp | Only takes effect if the protocol of ApplicationUrl is HTTPS. If enabled, HTTP requests will be redirected to HTTPS. The default port used for the redirection is 80. | true false | "RedirectHttp": true |
| RedirectHttpPort | Only takes effect if RedirectHttp is enabled. | "RedirectHttpPort": 80 | |
| EnableHsts | If enabled, dab Nexus will send the Strict-Transport-Security header, which instructs browsers to automatically use HTTPS for future connections after they have established a successful HTTPS connection once. Browsers will remember this setting for 8 hours. | true false | "EnableHsts": true |
| CertificateStore | The location, where the SSL/TLS certificate is stored | File CurrentUser LocalMachine | "CertificateStore": "LocalMachine" |
| CertificatePassword | Only takes effect if CertificateStore is File The password for the Certificate.pfx file. | "CertificateStore": "MySecurePassword" | |
| CertificateFinterprint | Only takes effect if CertificateStore is CurrentUser or LocalMachine | "CertificateFingerprint": "673ad021431f66c71d901ffc791959a2b5c9ce79" | |
| LicenseServerUrl | The server dab Nexus will use for license checks. | "LicenseServerUrl": "https://aresbackendapi.azurewebsites.net/nexus/activation" | |
| AuthMode | How users will log in to dab Nexus. With BuiltIn, each user uses an email address and a password to log in. With SAML, authentication is handled by an Identity Provider, e.g. Azure Active Directory. With SAML, SAML / Issuer and either SAML / IdentityProviderMetadataUrl or SAML / IdentityProviderMetadataFile must be filled. | SAML BuiltIn | "AuthMode": "SAML" |
| SAML / Issuer | Required if AuthMode is SAML The name of the application as it is configured in the Identity Provider. | "SAML": {"Issuer": "dab Nexus"} | |
| SAML / IdentityProviderMetadataUrl | Only takes effect if AuthMode is SAML The URL under which the Identity Provider Metadata can be found. This URL must be reachable for dab Nexus. | "SAML": {"IdentityProviderMetadataUrl": "https://login.microsoftonline.com/..."} | |
| SAML / IdentityProviderMetadataFile | Only takes effect if AuthMode is SAML The name of an XML file containing the Identity Provider Metadata. This file should be placed in the DAB_NEXUS_HOME directory. | "SAML": {"IdentityProviderMetadataFile": "IdPMetadata.xml"} | |
| TransitionToBuiltInAuth | Only takes effect if AuthMode is SAML If enabled, user passwords can be changed even though Single Sign-On is used. This option is intended to be used when you want to switch from SAML to BuiltIn authentication. | true false | "TransitionToBuiltInAuth": false |
Start problems due to insufficient customization of the configuration file
Error with SSL certificate when trying to start the Nexus Windows service
If you restart the Windows service for dab Nexus after customizing the configuration file and this restart aborts, this may have the following cause
Message: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.)
Fix: Add the code ;Encrypt=True;Trust Server Certificate=True in the Connection Strings > ApplicationDatabase section between MultipleActiveResultSets=true and " so it looks like the following code:
Note: This is the user, which executes the dab Nexus-Service.
"ConnectionStrings": {
"ApplicationDatabase": "Server=YourSQLServer;Database=YourDatabase;Trusted_Connection=True;MultipleActiveResultSets=true;Encrypt=True;Trust Server Certificate=True"
}
Save the configuration file and then restart the Windows service for dab Nexus.