Configuration of RoPE settings

You can configure Omada Identity RoPE:

• Within the Omada Identity Portal.
• Via XML-based configuration files (with a text editor), installed in a default installation here: C:\Program Files\Omada Identity Suite\Role and Policy Engine.

This section describes what can be configured in the configuration files and in Enterprise Server. For extensions, refer to the Extension model section.

info

You can configure those settings only in Omada Identity installed on premises, not in the Cloud version.

Connection strings

The connection strings to the RoPE and Enterprise Server databases are located in ConnectionStrings.config. The strings are set in the installation process, but you can change them if you need to.

When RoPE communicates with Omada Identity Data Warehouse, it uses the connection string defined in Enterprise Server. To edit the connection string for the Data Warehouse, edit the Connection string field of the ODW data connection object in Setup -> Administration -> Connectivity -> Data connections.

Encryption of connection strings

If the connection strings you use contain some sensitive data like usernames, passwords, etc., you can encrypt entire connection string or some part of the connection string to hide this sensitive data.

To encrypt the connection strings, you need to use the StringEncrypter tool. To encrypt only a part of the string you need to use the StringEncrypter on the desired part of the string and then paste the encrypted part manually into the target string. The encrypted part must include special tags at the start and the end of it. The starting tag is "AES256:" and the ending tag is "=AES256" for example:

Server=localhost; User Id=AES256:bGUt1APx1lRsvcdwdf9BXQ===AES256;Password=AES256:bGUt1APx1lRsvcdwdf9BXQ===AES256;Database=OIS

The StringEncrypter adds these tags automatically.

App settings

Edit this file only when your Enterprise Server master database points to multiple customer databases. In such cases, you must specify the customer database that RoPE should use for calculations. You do this by specifying the relevant customer ID as the value of OISX_ CustomerId, for example:

<add key="OISX_CustomerId" value="1000" />

ES RoPE Web Service configuration settings

info

If you upgraded Omada Identity to v14.0.8 (Update 8) from an earlier version and not migrated to the SoD v3 evaluation process yet, you do not have to go through the configuration described below.

These settings are used to establish communication with the RoPE web service located in the Enterprise Server. The web service is used in the constraint evaluator extension.

Setting	Description
ESRoPEWebServiceUrl	The URL for the RoPE web service.
ESUseDefaultCredentials	This setting must be True or False. If you set this setting to True, the web service is called using integrated security, with the user configured to run the Rope service. If you set this setting to False, the web service is called using basic authentication, with the configured credentials. The user calling the web service must be a member of the Data Admin group in.
ESUserName	The user that calls the web service when basic authentication is in use.
ESUserPassword	The encrypted password of the user that calls the web service when basic authentication is in use.

📄️ Engine configuration

Some basic configurations are set in the in EngineConfiguration.Config file located in C