...
Code Block | ||
---|---|---|
| ||
<?xml version="1.0" encoding="utf-8"?>
<AnyTimeProfileDefinition xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<!-- Configure how Offline is installed -->
<InstallSettings />
<!-- Configure how Offline is uninstalled -->
<UninstallSettings />
<!-- Use basic username/password to authenticate -->
<CertificateSettings />
<!-- Use an X.509 certificate from user machine to authenticate -->
<CertificateSettings />
<!-- Use an external provider with OAuth2 Device Grant support to authenticate -->
<OAuth2DeviceSettings />
</AnyTimeProfileDefinition> |
...
Below is an example of how it looks like for KLA:
Code Block | ||
---|---|---|
| ||
<!-- File: anytime.setup.config --> <ProgramEntryDefinition> <Id>Signifikant_Offline</Id> <DisplayName>KLA VFI 2.0</DisplayName> <Publisher>Signifikant</Publisher> <DisplayVersion>2.0</DisplayVersion> <UrlInfoAbout>https://signifikant.se</UrlInfoAbout> <InstallLocation>C:\ProgramData\Signifikant\Assert AnyTime</InstallLocation> <UninstallString>"C:\ProgramData\Signifikant\Assert AnyTime\AssertAnyTime.Uninstall.exe"</UninstallString> </ProgramEntryDefinition> |
...
Configure how the Offline app authenticates against the Synchronization API.
Note |
---|
Make sure to have exactly ONE auth method enabled in configuration otherwise the app will fail with an error. |
Basic authentication
This was the original way of authenticating with Offline.
Code Block | ||
---|---|---|
| ||
<BasicAuthSettings enabled="true">
<Username>Foo</Username>
<Password>Bar</Password>
</BasicAuthSettings> |
The BasicAuthSettings
replaces the old SynchronizationLogin
settings
Expand | |||||
---|---|---|---|---|---|
| |||||
|
Certificate-based authentication
Used to authenticate using an X.509 certiifcate installed on the user’s machine.
Code Block | ||
---|---|---|
| ||
<CertificateSettings enabled="true"> <StoreName>My</StoreName> <StoreLocation>CurrentUser</StoreLocation> <Issuer>kla-tencor</Issuer> <SubjectEmailDomains>kla-tencor.com,kla.com</SubjectEmailDomains> </CertificateSettings> |
Let’s go over the five different settings:
...
enabled
: If true
, the configured certificate will be used for authentication, otherwise, it will use the default basic authentication method (username/password)
Settings:
StoreName
: Specific value used to find the certificate on the user’s machine. If it’s a personal certificate, then the store name will beMy
.StoreLocation
: This is also used to find the certificate. In case of a user certificate, the location will beCurrentUser
.Issuer
: The Certificate Authority (CA) responsible for issuing the certificate.SubjectEmailDomains
: A list of comma-separated domains that can suffix the user email
...
Code Block | ||
---|---|---|
| ||
<OAuth2DeviceSettings enabled="true"> <ClientId>MY_CLIENT_ID</ClientId> <DeviceAuthorizationEndpoint>MY_DEVICE_AUTH_ENDPOINT</DeviceAuthorizationEndpoint> <TokenEndpoint>MY_TOKEN_AUTH_ENDPOINT</TokenEndpoint> <!-- Scopes are separated by spaces, offline_access should be included to allow usage of refresh tokens --> <Scope>MY_API_SCOPE offline_access</Scope> <RetryDelay>3000</RetryDelay> <MaxRetryCount>200</MaxRetryCount> </OAuth2DeviceSettings> |
The various settings should come from the Identity Provider.
Settings:
ClientId
: Client ID of the app. See: https://www.rfc-editor.org/rfc/rfc6749#section-2.2DeviceAuthorizationEndpoint
: Endpoint to get the device and user codes (OAuth 2.0/devicecode
)TokenEndpoint
: Endpoint to get the OAuth 2.0 tokens (access, refresh, etc.)Scope
: Scope of the device auth. See: https://www.rfc-editor.org/rfc/rfc6749#section-3.3RetryDelay
: Time to wait (in milliseconds) between attempts to get OAuth 2.0 tokens from auth server.MaxRetryCount
: Maximum number of attempts to get OAuth 2.0 tokens from the auth server.
Miscellaneous settings
These settings should be placed at the root of the file (under AnyTimeProfileDefinition
and can be used to configure a variety of things:
Code Block | ||
---|---|---|
| ||
<ApplicationTitle>KLA VFI</ApplicationTitle> <ApplicationIconPath>Profile\KLA.ico</ApplicationIconPath> <PreSynchronizationEnabled>true</PreSynchronizationEnabled> <PermissionsSynchronizationEnabled>true</PermissionsSynchronizationEnabled> <SynchronizationLoginEnabled>false</SynchronizationLoginEnabled> <SynchronizationLogin /> <SynchronizationPassword /> <StopIISExpressAtExit>false</StopIISExpressAtExit> <MandatoryLanguage>en-US</MandatoryLanguage> <ExternalDataSupplyer>false</ExternalDataSupplyer> <!-- Settings to wait for IIS site to restart after sync before the app safely crashes --> <MaxConnectionAttempts>50</MaxConnectionAttempts> <WaitTimeBetweenConnectionAttempts>5000</WaitTimeBetweenConnectionAttempts> <RequiredReachableHost>https://vfi.kla-tencor.com</RequiredReachableHost> |
Settings:
ApplicationTitle
: Text displayed in the application title barApplicationIconPath
: Path of the icon file (must be .ico) used for the applicationPreSynchronizationEnabled
PermissionsSynchronizationEnabled
StopIISExpressAtExit
: Whether IIS Express should be stopped when closing the desktop applicationMandatoryLanguage
: A comma-seperated list of languages that should be installed in the applicationExternalDataSupplyer
: Should only be used for debuggingMaxConnectionAttempts
: Max number of attempts to reach the local WebViewer server after IIS restart before failingWaitTimeBetweenConnectionAttempts
: Wait time (in milliseconds) between each attempt to reach the local WebViewer serverRequiredReachableHost
: Used for restricting OAuth2 authentication to happen only if the host is reachable. If empty, the restriction is skipped.