Running Delinea MidServer Utility for the Delinea Platform
After establishing the basic requirements for creating a service account and a discovery secret, you need to run the Delinea MidServer Setup Utility. This utility is designed to generate all necessary parameters while providing a secure and reliable method for storing user credentials, avoiding the use of plain text in the MidServer configuration file. It facilitates the configuration of the connection between your MID Server and Delinea Platform.
To run the Delinea MidServer Setup Utility:
-
Open the command prompt to run
DelineaMidServerSetupUtility jar
. -
Run the command
Java -jar DelineaMidServerSetupUtility.jar
. -
For additional information, enter the command
--help
for each question.
It is important to run this utility on each MID Server and ensure the Java version is at least 11. If not done correctly, the encryption and decryption process may not work as intended.
To set the complete configuration, enter the following information:
-
Do you want to setup the complete configuration ?(y/n)
-
Yes – Complete configuration setup (All parameters)
-
No – Only encrypts the credentials
-
-
Enter Secret Server or Platform URL: Provide the Delinea Platform URL
-
Using oauth2 grant file for token ?(y/n)
-
No – Provide the Delinea Platform credentials in next questions
-
-
Enter Secret Server or Platform username: Provide the Delinea Platform username.
-
Enter Secret Server or Delinea password: provide the Delinea Platform password.
-
Do you want to use proxy ?(y/n)
-
Yes – Provide proxy details in the next questions.
-
No – Parameters generated without Proxy.
-
DelineaMidServerSetupUtility validates the Delinea Platform credentials at runtime. If the credentials are not validated, the process will stop.
Find and copy the generated parameters from a configuration.txt file within the same folder and paste it into the config.xml file of the ServiceNow MID Server (Go to Mid Server path> agent folder and look for the file named config.xml).
Update MidServer config.xml
The config.xml file contains the necessary configuration settings to establish the communication between the MID Server and Secret Server. Update the config.xml with the correct server URLs, authentication details, and any relevant settings for your credential storage.
(Optional) Running Delinea MidServer SetupUtility with Command Line Arguments
This is not needed when running the setup utility manually.
It is also possible to run the MidServer SetupUtility using command line arguments for automation.
To run the Delinea MidServer Setup Utility using command line arguments:
-
Open the command prompt.
-
Run the
-jar DelineaMidServerSetupUtility.jar
command. -
Specify the following parameters:
-
vault_type
: The Secret Server vault. -
ss_or_platform_url
: The Delinea Platform URL. -
username
: The Delinea Platform Service user username. -
password
: The Delinea Platform Service user password. -
proxy_host
: Proxy Server IP (if required) -
proxy_port
: Proxy Server port (if required) -
proxy_username
: Proxy username (if required). -
proxy_password
: Proxy password (if required).
-
The command will only generate the ss_auth_str
and proxy_auth_str
parameters. You need to copy the remaining parameters manually into the config.xml file.
The Delinea MidServer Setup Utility.jar can only be run from the command line if the usernames and passwords contain no spaces. The password will be visible after you enter it in the command line.
Editing Agent Config
The config.xml file will be modified to add additional elements for the credential resolver’s parameters. These are added at the end of the file just before the closing tag . To update the config file, follow the steps below:
-
Edit the
config.xml
configuration file for your MID Server. -
Copy and paste the associated contents (based on the mode chosen) just before the </parameter> tag at the end of the file.
-
Adjust the values accordingly.
-
Save the
config.xml
file and close your editor. -
Go to the MID Server > Servers in the ServiceNow portal.
-
Restart the recently updated MID Server.
When authenticating the Delinea Platform with ServiceNow there is one way to establish a connection. You can use your Delinea Platform username and password to authenticate or generate a token in the file.
Just In Time Mode
Attribute | Value Description |
---|---|
ss_or_platform_url | URL for your Delinea Platform. |
ss_or_platform_auth_str | This parameter is set to an encrypted string generated by the encryption utility, which contains the Delinea Platform username and password. |
allow_self_signed_certificate | Set to true if you are using a self-signed cert for Delinea Platform instance. |
vault_type | This parameter should be set to Secret Server to validate the credentials with Secret Server. |
is_logging | This parameter can be set to either true or false to enable additional logging other than the default one. |
log_level |
|
proxy_host | This field will likely be blank, unless you know a proxy to be used to get out to the internet from your MidServer. |
proxy_port | This field will likely be blank, unless you know a proxy to be used to get out to the internet from your MidServer. |
proxy_auth_str | This parameter is set to an encrypted string generated by the encryption utility containing the username and password of the Proxy Server. |
search_secret_by_name | This field can be set as true/false. In case you want to validate credentials using secret name, set this field as true. |
auto_comment |
This parameter is set as a string. |
cache_url | The Delinea Platform does not support the Delinea Credentials Cache. |
Copy/paste this information into the config.xml file:
\<parameter name="ss_or_platform_url" value="\<replace\>"/>
\<parameter name=" ss_or_platform_auth_str" value="\<replace\>"/>
\<parameter name="allow_self_signed_certificates" value="false"/>
\<parameter name="vault_type" value="ss"/>
\<parameter name="is_logging" value="true/false"/>
\<parameter name="log_level" value="1/2/3/4"/>
<parameter name="proxy_port" value=""/>
<parameter name="proxy_host" value=""/>
<parameter name=" proxy_auth_str" value=""/>
<parameter name="search_secret_by_name" value="true/false"/>
<parameter name="auto_comment" value=""/>
<parameter name="cache_url" value=""/>
If the user does not provide an is_logging and log_level parameter in the config file, the default value will be true and 3.
Enabling the Search Secret by Name
-
Set the following parameter as true in the MID Server config.xml file to enable secret search by name.
\<parameter name="**search_secret_by_name**" value="true"/\>
-
Pass the secret name from the ServiceNow MID Server in the Credential ID field.
-
Provide a complete name of the secret because a partial name will not work.
Searching for the secret by name is not recommended because Secret Server can have the same name for two different secrets. This functionality will not work correctly if multiple secrets have the same name.
Enabling the Auto Comment
-
In Delinea Platform, Secret Server, go to Secret > Security > Other Security > Require comment and select Yes.
-
In the
Mid Server config.xml
file, set the following parameter as a string as follows:<parameter name="auto_comment " value="Enter your comment"/>
.
If the auto_comment
parameter is empty, it will not provide any comment while viewing the secret.