Connection Settings

    Overview

    The Connection Settings page is where you control how the ADSelfService Plus server communicates with the users, agents, and external services it depends on. From a single page, you can choose the port and protocol the portal runs on, enforce encrypted HTTPS access and restrict the TLS versions and cipher suites the server accepts, route outbound requests through a corporate proxy server, control how product logs behave, end idle sessions automatically, and stop users from holding more than one session at a time.

    Configuration instructions

    The Connection Settings page is organized into three tabs. Configure each tab that applies to your environment, then restart ADSelfService Plus to apply your changes.

    Configuring the port and SSL settings

    To set the port, protocol, and encryption that the portal uses:

    1. Navigate to Admin > Product Settings > Connection. The page opens on the Connection Settings tab.
    2. Select the protocol for the portal:
    • To run ADSelfService Plus over an encrypted connection, select ADSelfService Plus Port [https].
    • To run it over an unencrypted connection, select ADSelfService Plus Port [http].
    1. In the field next to the protocol you selected, enter a port number, or keep the default.
    2. To encrypt the communication between Active Directory and ADSelfService Plus, select Use LDAP SSL(LDAPS).
    Overview
    1. If you selected ADSelfService Plus Port [https], configure the SSL options. These options appear only when HTTPS is selected:
    2. Click Apply SSL Certificate and follow the on-screen instructions to apply your SSL certificate.
    3. Select Encrypt Keystore Password, then enter the keystore password in the field beside it. ADSelfService Plus stores the password in encrypted form for better security.
    Note: When you enable Encrypt Keystore Password, the value of the keystorePass property in the server.xml file is replaced with the macro adssp.keystorePass.
  • Click Advanced Settings to expand the section. From the TLS Versions drop-down, select one or more protocol versions to allow: TLSv1, TLSv1.1, and TLSv1.2. From the Cipher Suites drop-down, select one or more encryption algorithms to allow.
  • Click Save.
    • Important: If ADSelfService Plus is hosted over the internet or behind a proxy server, configure an access URL so that end users get a working link to the portal. Click Configure Access URL at the top of the Connection Settings page to set one up.

    Configuring proxy settings

    If your network routes outbound traffic through a proxy server, configure ADSelfService Plus to use it:

    1. On the Connection Settings page, click the Proxy Settings tab.
    2. Select Enable Proxy Server. The proxy fields become editable.
    3. In the Server Name or IP field, enter the host name or IP address of the proxy server. This field is required.
    4. In the Port field, enter the port the proxy server listens on.
    5. If the proxy server requires authentication, enter the Username and Password.
    6. Click Test Connection to confirm that ADSelfService Plus can reach the proxy server.
    7. Click Save.
    The Connection Settings tab in the Connection page under the Admin tab showing options to configure the connection parameters of the server running the application.
    Tip: Click Test Connection before you save so that you can correct any connectivity problem before it affects the product. To discard unsaved changes and return the fields to their last saved values, click Reset.

    Configuring session settings

    Session settings control how long users stay signed in and whether they can hold more than one session. To configure them:

    1. On the Connection Settings page, click the General Settings tab.
    2. From the Session Expiration Time drop-down, select how long a session can stay idle before ADSelfService Plus ends it. The options range from 10 mins to 60 mins, plus 24 hrs, or Never to keep sessions open indefinitely.
    3. To stop a user from holding more than one active session at the same time, select Deny Concurrent Logins. A user who tries to log in while another session is active is blocked until that session is logged out or expires.
    4. Click Save Settings.
    Tip: Deny Concurrent Logins can be selected only when Session Expiration Time is set to a value other than Never. While Never is selected, the option stays unavailable.

    When Deny Concurrent Logins is enabled, a user who closes the browser without logging out keeps an active session and cannot log in again until that session expires. You can clear these idle sessions for everyone without disturbing users who are currently active:

    1. On the General Settings tab, under Session Settings, select Deny Concurrent Logins.
    2. Select the Click here link that appears.
    3. In the Confirm Action dialog, click Yes.
    The Proxy Settings tab in the Connection Settings page with fields for configuring the proxy server parameters used by the application.

    Configuring startup and logging settings

    Startup and logging settings control how much diagnostic detail ADSelfService Plus records and how it behaves when the server starts. To configure them:

    1. On the General Settings tab, click Startup & Logging Settings to expand the section.
    2. From the Current Log Level drop-down, select Normal to record only basic diagnostic information, or Debug to record detailed diagnostic information for troubleshooting.
    3. Select Retain Logs for ___ Days and enter the number of days to keep log files. ADSelfService Plus automatically deletes log files older than this value. The default is 365 days.
    4. Select Enable Session Tracking to monitor user sessions for in-depth debugging.
    5. Select Launch the ADSelfService Plus Client upon Successful Startup to have ADSelfService Plus open its web console in a browser automatically once the product finishes starting.
    6. Select Start the Product Automatically upon Windows Startup to have ADSelfService Plus start automatically as a Windows service when the server starts.
    7. Click Save Settings.
    Note: If you leave Retain Logs for ___ Days cleared, ADSelfService Plus keeps log files indefinitely, which can consume disk space over time. Start the Product Automatically upon Windows Startup applies only when ADSelfService Plus is installed as a Windows service.

    Limitations

    • Changes to the port, protocol, SSL options, session settings, and startup and logging settings take effect only after ADSelfService Plus is restarted.
    • Deny Concurrent Logins is available only when Session Expiration Time is set to a value other than Never.
    • Encrypt Keystore Password and the Advanced Settings options, TLS Versions and Cipher Suites, are available only when ADSelfService Plus Port [https] is selected. They are hidden when the portal runs over HTTP.
    • Start the Product Automatically upon Windows Startup applies only to installations of ADSelfService Plus that run as a Windows service.

    Tips

    • Run ADSelfService Plus over HTTPS in any production environment. HTTP is suitable only for testing, because it does not enforce SSL certificate validation.
    • Click Test Connection before you save proxy settings, so that you can correct any connectivity problem before it affects the product.
    • Keep Retain Logs for ___ Days enabled so that old log files are cleaned up automatically and do not fill up disk space.
    • Set the log level to Debug only while you are actively troubleshooting, then return it to Normal. Debug logging records far more detail than normal logging.