2.1 Web service configuration

By default, the MyID web services are installed to the following folder:

C:\Program Files\Intercede\MyID\SSP\

In the root of this folder are folders for each of the individual web services:

• MyIDDataSource – contains a myid.config file.

• MyIDProcessDriver – contains a myid.config file.

Note: After making any changes to the myid.config files, you must recycle the web service app pool:

1. On the MyID web server, in Internet Information Services (IIS) Manager, select Application Pools.
2. Right-click the MyIDWebService application pool, then from the pop-up menu click Recycle.

This ensures that the web service has picked up the changes to the configuration file.

2.1.1 Session ID setting

The way MyID handles session ID generation was changed in an update for MyID PIV 9.0 SP1. Accordingly, for version 8.0 SP2 systems, make sure the myid.config file contains the following line:

<add key="SessionIDServerGenerated" value="false"/>

For all later systems, the value must be:

<add key="SessionIDServerGenerated" value="true"/>

2.1.2 Configuring self-unlock

To allow an individual server to support self-unlock operations for PIV systems, you must edit the myid.config file in the MyIDProcessDriver folder. Change the value of the following line:

<add key="AllowSelfUnlockForPIV" value="false"/>

to:

<add key="AllowSelfUnlockForPIV" value="true"/>

A value of false overrides all other settings – if the value is false you will not be able to carry out self-unlock operations.

You can use this option to implement different behavior on different servers – for example, the server for attended kiosks could allow self-unlock operations, while the server for an unattended lobby kiosk could prevent these operations.

Note: This feature is available only on servers running the MyID web services version 1.9.1000.1 and later. You do not need to make this change in the myid.config of any previous versions.

2.1.3 DN validation

If you see an error similar to the following:

410076 – The specified DN is not valid.

and you believe the DN is valid, you can bypass the DN validation in MyID; edit the myid.config file in the MyIDProcessDriver folder, and add the following line to the <MyIDSettings> section:

<add key="ValidateDN" value="false" />

2.1.4 Rate limiting session count

You can specify a maximum number of sessions for clients to connect to the server. If the number of concurrent sessions exceeds this value, subsequent logon attempts are denied with an error similar to the following:

• 85183 - Server busy, please try again later.

To set the maximum number of sessions, edit the myid.config file in the MyIDProcessDriver folder, and add the following line to the <MyIDSettings> section:

<add key="MaxSessionCount" value="value" />

Set the value to the number of sessions; for example, to set a maximum of 100 sessions:

<add key="MaxSessionCount" value="100" />

To remove the restriction, delete the key from the myid.config file, or set the value to -1 as follows:

<add key="MaxSessionCount" value="-1" />

Note: If you have multiple servers, you must set this limit on each server. You can use different limits for each server; for example, if you have public-facing servers you may want to limit the number of sessions, while private internal servers are not limited.