Skip to main content

Configure your WiKID server for your environment quickly via a configuration file.

With our 4.0 Enterprise release we have made configuring the WiKID server for your environment incredibly easy. If you know what the externally-routeable IP address of the server will be and the IP address of your RADIUS server or VPN and you can edit a file on Linux, you can pre-configure your WiKID server for your network.

Start by copying the sample file to your directory. I assume you are the root user or have appropriate sudo permissions.

# cp /opt/WiKID/conf/sample-quick-setup.properties  wikid.conf

Now edit the file with your preferred editor.

# vim wikid.conf

Now, let's look at each part and what should go there. Note that semi-colons indicate a commented line.

; passphrase for protecting certs --------------------------------------
passphrase=protectme
; *NOTE*: YOU SHOULD REMOVE THIS SETTING AFTER CONFIGURATION FOR SECURITY

This passphrase will be used to protect the server's evaluation certificate. DO NOT LOSE IT! You will need it to start the server (or put it in /etc/WiKID/security). You will need it when you install the permanent certs. Note that the evaluation cert must be updated with the 5 user free license within 30 days.

; name to give the domain ----------------------------------------------
domainname=mydomain

This is the WiKID domain name. It will listed on the WiKID tokens for your users to see. We recommend something fairly generic as you may start out only protecting your VPN, but you may add SSH or Google Apps. So 'Company X Auth' or something similar.

; IP of the server -----------------------------------------------------
domainip=127.0.0.1

The external IP address of the server. Remember: our tokens talk to the WiKID server.

; 0-Padded IP without dots ---------------------------------------------
domaincode=127000000001

The users will enter this domain code when setting up their tokens. It is zero-padded to make it easier to enter. They only enter it once per token. There is no need to keep it secret - the security comes in the registration process, not the token setup.

; full hostname of the server; can be same as cn value ----------------------
hostname=localhost.localdomain

The fully-qualifed domain name of the server.

; information for setting up a RADIUS host
radiushostip=10.1.2.3
radiushostsecret=mysharedsecret
; *NOTE*: YOU SHOULD REMOVE THIS SETTING AFTER CONFIGURATION FOR SECURITY

This configures a RADIUS network client on the WiKID Server. This would be your RADIUS server such as NPS or Freeradius or the service that is authenticating using WiKID - your VPN, webserver, SSH gateway, etc.

; optionally create an extra host cert for wauth; leave blank if not needed
wauthhostip=

If you are creating a client that uses our API, wAuth, then enter its IP address here. If not or you don't know what this is, don't worry it's not required. Just leave it blank. Note that its client p12 file will be protected by the passphrase above.

; cert properties ------------------------------------------------------
; administrative email for this server
email=admin@localhost.localdomain
; hostname of server
cn=localhost.localdomain
; organization/company name
o=myorganization
; department or other OU
ou=mydepartment
; city
l=mylocation
; full name of state
st=mystate
; 2-letter country code
c=us

This is the information that will be used to generate the server's certificate. It needs to be unique. If you enter valid information, you can convert the evaluation certificate into a production cert quite easily. If not, you will need to recreate your certificate signing request via the WiKIDAdmin Web UI. We respect your privacy and will not sell this information, of course.

Now, save the file and run the quick-setup command:

# wikidctl quick-setup configfile=wikid.conf

As the command runs, you will see output like:

----------------------------------------------
= Checking for valid args ...
= Make sure Pg is running ...
= Checking if DB exists ...NO!
== Setting up new DB ...
log4j:WARN No appenders could be found for logger (com.mchange.v2.log.MLog).
log4j:WARN Please initialize the log4j system properly.
== Got Pg connection ...
= Setting up intermediate CA cert ...
= Submitting intermediate CA CSR ...
= Creating Tomcat cert ...
= Installing intermediate CA cert ...
== Intermediate cert installation completed!
= Setting up cert for localhost ...
== Setting up localhost settings ...
== RADIUS host does not exist!
== Setting up wAuth client ...
= Setting up cert for 10.100.0.112 ...
== Setting up non-localhost settings ...
== Domain exists! 1
== Adding keys ...

Now, start the server:

# wikidctl start

Browse to the WIKIDAdmin interface at https://yourserver.com/WiKIDAdmin/ and you should see your domain created, your radius network client configured and all the required certs completed. All you need to do now is install a WiKID token and register users.



 

Copyright © WiKID Systems, Inc. 2017 | Two-factor Authentication