MyID Operator Client advanced configuration

7.4 MyID Operator Client advanced configuration

On the MyID web server, the OAuth2 authentication mechanism relies on the configuration of the URL that the end user will use to access the web server. The MyID server installation program sets this up when you install MyID:

However, there may be some circumstances under which you need to amend this setting after installation. In this case, you can edit the configuration files for both web services.

7.4.1 The rest.core web service configuration file

The appsettings.json file contains the settings for the rest.core web service, and is located in the following folder by default:

C:\Program Files (x86)\Intercede\MyID\rest.core\

The MyID/Auth/AuthServerUrl setting provides the URL of web.oauth2 web service. At runtime, the rest.core web service carries out a request to this URL to interact with the web.oauth2 service. If it cannot perform this request, there will be a 500 server error.

The URL must be resolvable on the web server, and https (TLS) must be used.

There are various cases why this might not be resolvable

The web server does not trust its own TLS certificate – the solution is to ensure the TLS certificate is trusted on the web server.
The origin (DNSName) in the TLS certificate does not match the origin within the URL of the https request.
The origin in the URL is not resolvable on the web server (it cannot see itself). This can be diagnosed with ping. If necessary, one possible solution is to use the hosts file on the web server to ensure the web server's address resolves to its own IP address.
An attempt is being made to use http rather than https. OAuth2 requires https, so the rest.core and web.oauth2 web services are configured at installation to require https.

7.4.2 The web.oauth2 web service configuration file

The appsettings.json file contains the settings for the web.oauth2 web service, and is located in the following folder by default:

C:\Program Files (x86)\Intercede\MyID\web.oauth2

In the Clients section, for the "ClientId": "myid.operatorclient", the RedirectUris setting contains a list of URLs. These are the URLs to which the oauth2 protocol is allowed to redirect back.

The list must contain an entry that represents the URL that the end user will use in the browser to reach the MyID Operator Client. If the URL does not match, when you attempt to sign in, you will see an error similar to:

Sorry, there was an error : unauthorized_client

7.4.3 Displaying images stored on the web server

By default, MyID stores images in the database. If your system stores images on the web server instead (see the Storing images on the web server section in the Operator's Guide for details) you must configure the rest.core web service with the image location to allow the MyID Operator Client to display the images.

Edit the appsettings.json file, which is located in the following folder by default:

C:\Program Files (x86)\Intercede\MyID\rest.core\

In the MyID section, change the UpimagesFolder entry to point to the directory that contains the images; for example:

"UpimagesFolder": "C:\\Program Files (x86)\\Intercede\\MyID\\Web\\Web PIV \\upimages",

Note: This is the default location; your system may have the images stored in a different location.

Make sure you escape all backslashes with backslashes, as in the example above.

Once you have saved the file, recycle the application pool to refresh the settings:

On the MyID web server, in Internet Information Services (IIS) Manager, select Application Pools.
Right-click the myid.rest.core.pool application pool, then from the pop-up menu click Recycle.