2.2 Setting up the MyID web services on a standalone server
You may want to set up your MyID web services on a different server to the MyID application or web servers; in this case, you must carry out some additional configuration.
2.2.1 Configuring the server
For a standalone web services server, follow the instructions in the Preparing your system section in the Installation and Configuration Guide for preparing a system for a web server.
Note, however, that a standalone web services server does not need all of the role services that a web server needs. You must have the following role services:
-
Static Content
-
Default Document
-
ASP.NET
-
.NET Extensibility
-
ISAPI Extensions
-
ISAPI Filters
-
Request Filtering
-
IIS Management Console
You are also recommended to have the following:
-
HTTP Logging
2.2.2 Installing .NET framework
You must install .NET Framework 4.8 on the server.
2.2.3 Setting up the COM+ proxies
If the web services are on a different server to the MyID application server components, you must export the MyID COM+ proxies to the server on which the web services run. This allows the web services to communicate with the MyID COM+ components on the application server.
To do this, you need the .msi files in the Components\Export folder on the MyID application server. By default, this is:
C:\Program Files\Intercede\MyID\Components\Export
You need to install the following proxies:
-
APDUCardServer
-
Edefice_BOL
-
Edefice_CS
-
ExpiringItems
-
MyIDSCEPHandler (required only if you are using SCEP or iOS OTA)
Different web services require different proxies; see the table below for details.
To run the COM+ proxy installers, either:
-
From the MyID web server, browse to a share on the MyID application server and run the .msi installers directly. For example, browse to:
\\<server>\C$\Program Files\Intercede\MyID\Components\Export
where <server> is the name of your MyID application server and C$ is a share of the root of the C: drive. Run the .msi files directly.
Note: If you experience any problems, make sure you have added the application server to the list of Trusted Sites on the web server.
or:
-
Copy the .msi files to the MyID web server and run the installers from there.
Note: If you are using multiple servers for your web services in conjunction with a load balancer, you must ensure that you set up session affinity on your servers. See also section 3.9, Reverse proxies and load balancing.
Proxies required for each web service
The following table describes which proxies are required for each individual web service:
|
|
APDUCard |
Edefice_BOL |
Edefice_CS |
Expiring |
MyIDSCEP |
|---|---|---|---|---|---|
|
Lifecycle API |
|
✔ |
|
✔ |
|
|
MyID Client Web Service |
✔ |
✔ |
✔ |
✔ |
|
|
Credential Web Service |
|
✔ |
✔ |
✔ |
|
|
Device Management API |
|
✔ |
|
✔ |
|
|
Mobile iOS OTA |
|
✔ |
|
✔ |
✔ |
|
Reporting Web Service |
|
✔ |
|
✔ |
|
|
PIV Derived Credentials Notifications Listener |
✔ |
✔ |
|
✔ |
|
|
SCEP API |
|
|
|
✔ |
✔ |
2.2.4 Installing the MyID web service components
You must install the web services on the server using the supplied installation program. This installer creates the virtual directories and the application pool for the web services.
2.2.5 Setting the location of the web server
If the web services server is not the same server as the web server, you must edit the myid.config file in the MyIDProcessDriver folder. Add the following line:
<add key="WebServer" value="https://myserver"/>
Where myserver is the domain name of your MyID server. You do not need to include the MyID virtual directory.
Note: The case of WebServer is important.
You must also set the Image Upload Server configuration option if the web services server is not the same server as the web server.
-
On the Video page of the Operation Settings workflow, set Image Upload Server to the name or IP address of the MyID web server. Do not include http or https, any virtual directories, or any slashes – the IP address or server name are sufficient.
If you do not set this option, some images within MyID will not appear correctly.
-
When obtaining the images for a card layout, MyID needs to know the location of the server on which the images are stored. The Image Upload Server configuration option contains the name of the server; however, this configuration option may contain an external URL used by clients and may not be resolvable on the MyID server, resulting in missing images.
As a workaround, you can add an entry to the hosts file on the server hosting the MyID Web Service.
For example, if the Image Upload Server configuration option contains myserver.example.com, which should resolve to the same server as the MyID Web Service, add the following lines to the following file:
C:\Windows\System32\drivers\etc\hosts
127.0.0.1 myserver.example.com
::1 myserver.example.com
2.2.6 Troubleshooting
If you have an existing server which has .NET 4.8 and IIS already installed and the site is not working as expected, try running the following statement at the Windows command line:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ aspnet_regiis.exe –i
This command ensures that .NET 4 is registered with IIS.