Subscribe

UiPath Installation and Upgrade

The UiPath Installation and Upgrade Guide

Publish-IdentityServer.ps1 Parameters

Parameters Descriptions

The following table describes all the parameters that can be used with the Publish-IdentityServer.ps1.

Parameter

Description

-action

Mandatory. Indicates the type of scenario you want to start. The following options are available:
Deploy - specifies it is a clean installation.
Update - specifies you are updating your Identity Server instance.

-azureAccountApplicationId

Mandatory. The Azure service principal ID. Please note that the used service principal needs to be assigned the Contributor role to the app service at the subscription scope.

-azureAccountPassword

Mandatory. The Azure token password for the service principal ID.

-azureSubscriptionId

Mandatory. The Azure subscription ID for the App Service that hosts Orchestrator.

-azureAccountTenantId

Mandatory. The Azure tenant ID.

-resourceGroupName

Mandatory. The name of the Azure Resource Group that contains the Identity Server App Service.

-appServiceName

Mandatory. The Identity Server Azure App Service name. Note that it should be different from your Orchestrator App Service name.

-orchestratorUrl

Mandatory. The URL of the Orchestrator instance.

-package

Mandatory. Indicate the full path or relative path of the IdentityServerWeb.zip archive.

-cliPackage

Mandatory. Indicate the full path or relative path of the UiPath.IdentityServer.Migrator.Cli.zip archive.

-productionSlotName

Optional. It can be used only if the Identity Server App Service deployment slot is different from the default Production App Service Slot set by Azure.

-stopApplicationBeforePublish

Optional. If present, it stops the application before deployment and it starts it after the deployment is completed.

-unattended

Optional. If present, the deployment continues without any user confirmation.

-tmpDirectory

Optional. Enables the specification of a directory where needed files are downloaded and unzipped.

Publish to Identity Server

The following script is used for the initial deployment or update of Identity Server. The script assumes that the web app already has the DefaultConnection database connection string configured.

.\Publish-IdentityServer.ps1 `
    -action Deploy `
    -orchestratorUrl "<orchestrator_address>" `
    -azureSubscriptionId "<subscription_id>" `
    -azureAccountTenantId "<azure_tenant_id>" `
    -azureAccountApplicationId "<azure_application_id>" `
    -azureAccountPassword "<azure_account_password>" `
    -package "IdentityServerWeb.zip" `
    -cliPackage "UiPath.IdentityServer.Migrator.Cli.zip" `
    -stopApplicationBeforePublish `
    -resourceGroupName "<resourcegroup_name>" `
    -appServiceName "<appservice_name>" `
    -unattended

🚧

Important!

After running the above script, make sure you perform the extra steps listed below for a successful initial deployment.

After publishing Identity Server, perform the following steps:

  1. Go to Azure Portal.
  2. Select your Identity Server App Service.
  3. Under TLS/SSL Settings menu, go to Private Key Certificates tab.
  4. Upload a private key certificate .pfx file with a valid password.

📘

Note:

This certificate is used to sign the access tokens and the ID tokens.

  1. Under Configuration menu, add the following application settings exactly as written in the Application Settings column:

Application Setting

Value

Description

AppSettings__IdentityServerAddress

https://[IdentityServer]/identity

The public URL of the Identity Server.

:warning: The URL must contain the address of Identity Server + the suffix /identity.

AppSettings__SigningCredentialSettings__StoreLocation__Location

CurrentUser

This has to point to CurrentUser.

AppSettings__SigningCredentialSettings__StoreLocation__Name

XXXXXXXXXXXXXXXXXXXXXXXXXXXX

The thumbprint of your certificate that you've uploaded earlier.

AppSettings__SigningCredentialSettings__StoreLocation__NameType

Thumbprint

Enter Thumbprint as the type of the previous field.

AppSettings__LoadBalancerSettings__UseRedis

true/false

Enter true to use Redis as a database to distribute messages and cache to and from all the machines connected through your load balancer. Mandatory for multi-node.

AppSettings__LoadBalancerSettings__RedisConnectionString

XXXXXXXXXXXX:XXXX,password=XXXXXX

The connection string needed to set up your Redis server, which contains the URL of the server, the password, and the port. You can also enable SSL encrypted connections between the Orchestrator nodes and the Redis service.
Note: Can only be used if AppSettings__LoadBalancerSettings__UseRedis is set to true.

AppSettings__LoadBalancerSettings__SlidingExpirationTimeInSeconds

Number of seconds

The sliding expiration time of an item inside the cache. This expiration time applies to both Redis Cache and InMemory Cache.

AppSettings__UseRedisStoreCache

true/false

Set its value to true to enable Redis caching of OAuth client data. This helps prevent performance issues when using Interactive Sign In to connect a large number of robots in a short amount of time. This cache uses the same Redis connection string specified in the AppSettings__LoadBalancerSettings.
Note: This is not recommended if you are using the External Applications feature since this setting caches clients, and updates to External Applications will not be reflected.

WEBSITE_LOAD_CERTIFICATES

XXXXXXXXXXXXXXXXXXXXXXXXXXXX

The thumbprint value of your certificate that you've uploaded earlier.

WEBSITE_LOAD_USER_PROFILE

1

The user profile.

  1. Save the changes.

Find more details in the Microsoft Azure documentation.

Migrate to Identity Server

The following script is used to migrate user data from Orchestrator to Identity Server and set the configurations for both. It sets the identity authority of Orchestrator to Identity Server and it creates client configuration for Orchestrator in Identity Server.
The script assumes that Orchestrator and Identity Server are already published.

.\MigrateTo-IdentityServer.ps1 `
    -cliPackage "UiPath.IdentityServer.Migrator.Cli.zip" `
    -azureDetails @{azureSubscriptionId = "<subscription_id>"; azureAccountTenantId = "<azure_tenant_id>"; azureAccountApplicationId = "<azure_application_id>"; azureAccountPassword = "<azure_account_password>" } `
    -orchDetails @{ resourceGroupName = "<resourcegroup_name>"; appServiceName = "<appservice_name>";  targetSlot = "Production" } `
    -identityServerDetails @{ resourceGroupName = "<resourcegroup_name>"; appServiceName = "<appservice_name>"; targetSlot = "Production" } `
    -identityServerUrl "https://<IdentityServerURL>/identity" `
    -orchestratorUrl "https://<OrchestratorURL>"

Migrate Parameters Descriptions

The following table describes all the parameters that can be used with the MigrateTo-IdentityServer.ps1.

Parameter

Description

-azureDetails

This parameter is a hash table that contains the following values:
azureAccountApplicationId - Mandatory. The Azure service principal ID. Please note that the used service principal needs to be assigned the Contributor role to the app service at the subscription scope.
azureSubscriptionId - Mandatory. The Azure subscription ID for the App Service that hosts Orchestrator.
azureAccountTenantId - Mandatory. The Azure tenant ID.
azureAccountPassword - Mandatory. The Azure token password for the service principal ID.

-orchDetails

This parameter is a hash table that contains the following values:
resourceGroupName - Mandatory. The name of the Azure Resource Group that contains the Orchestrator App Service.
appServiceName - Mandatory. The Orchestrator Azure App Service name.
targetSlot - Mandatory. The Target App Service Slot set by Azure.

-identityServerDetails

This parameter is a hash table that contains the following values:
resourceGroupName - Mandatory. The name of the Azure Resource Group that contains the Identity Server App Service.
appServiceName - Mandatory. The Identity Server Azure App Service name.
targetSlot - Mandatory. The Target App Service Slot set by Azure.

-identityServerUrl

Mandatory. The public address of the Identity Server.

:warning: The Url must contain the address of Identity Server + the suffix /identity. Example:
https://[IdentityServer]/identity

-orchestratorUrl

Mandatory. The public address of the Orchestrator.

-tmpDirectory

Optional. Enables the specification of a directory where needed files are downloaded and unzipped.

Updated about a month ago


Publish-IdentityServer.ps1 Parameters


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.