The FireStart IdentityServer is a .NET Core Application which is hosted in IIS and based on the open-source IdentityServer project. It handles user logins and searches for users and groups used in FireStart.
Currently, there are three authentication and corresponding search providers available:
- Windows with Active Directory
- Azure AD with Graph
- SAML with an External Search Service (or ActiveDirectory for ADFS)
FireStart needs to be able to find users logging in through the search provider, therefore it is important that the authentication and search provider match.
It's currently not supported to change search providers on an already running system. You can find more information in the corresponding article.
Windows authentication (NTLM/Kerberos/Negotiate) and HTTP/2 are not compatible and the fallback described here does not always work. So, to ensure authentication works, even when Windows with Active Directory is enabled, we disable HTTP/2 in the FireStart setup routine.
Where to find the FireStart IdentitiyServer:
- On the IIS site: opening IIS Manager you can find it under the FireStart Process Portal site
- In the application: on the FireStart server the application points to <INSTALL_FOLDER>\PROLOGICS Identity Server
- In the configuration: the configuration is done via the appsettings.json file
- In the production data: data is stored in SQLite databases which can be <INSTALL_FOLDER>\PROLOGICS Resources\Database
- In the logs: IS uses Serilog and the logging is configured in the Serilog section in the appsettings.json. The default location for log files is <INSTALL_FOLDER>\PROLOGICS Resources\Logs where the resource path defaults to <INSTALL_FOLDER>\PROLOGICS Resources or C:\Resources on a dev environment.