Export (0) Print
Expand All

Session.config

Connected Services Framework

The following diagram shows how the Web.config file references the Common.config, EnterpriseInstrumentation.config, TraceSessions.config, PolicyCache.config, and Session.config configuration files.  The ConfigurationItem is a table in the CSF data base dedicated to session configuration parameters shared across multiple machines that can be updated at run time.

Please see the previous sections for Web.config, Common.config, EnterpriseInstrumentation.config, TraceSessions.config, and policyCache.config. These files are used by all of the Connected Services Framework components.

Session.config

The Session.config file contains all the Session configuration values that need not be shared across multiple Session servers. The items that need to be shared across multiple Servers are defined in the ConfigurationItem Table section.

It is located in the directory specified by the Session property of the Web.config file that is located in the Session deployment directory:


<Microsoft.Csf>
 …
 <ConfigFiles>
 …
 <add key="Session " value="C:\Program Files\Microsoft\Microsoft Csf\Configuration Session.config" />
 …
 </ConfigFiles>
 …
</Microsoft.Csf>

Here is an example of Session.config:

<?xml version="1.0" encoding="utf-8"?>
<SessionConfigurationSettings>
        <!-- SESSION LOCATIONS
        -->
    <SessionAddresses>
        <SessionAddress Transport = "http">
            <SessionManagerAdminWSUri>http://{0}/Session/SessionManagerAdmin.ashx</SessionManagerAdminWSUri>
            <SessionAdminWSUri>http://{0}/Session/SessionAdmin.ashx</SessionAdminWSUri>
            <SessionWSUri>http://{0}/Session/Session.ashx</SessionWSUri>
        </SessionAddress>
    </SessionAddresses>
    <!-- SESSION SECURITY POLICY CONFIGURATION
    -->
    <Security>
        <!-- USER GROUPS
        Define the users groups authorized to send messages to session
        manager admin web service, session admin web services and session
        web service.
        -->
        <SessionManagerAdminRoleName>CSF\Requestors@CSF_SessionManagerAdmin</SessionManagerAdminRoleName>
        <SessionAdminRoleName>CSF\Requestors@CSF_SessionAdmin</SessionAdminRoleName>
        <SessionUserRoleName>CSF\Requestors@CSF_Session</SessionUserRoleName>

        <!-- SECURITY POLICY FOR SESSION CONNECTOR
        Set to true if authorization has to be turned off totally for the
        Session connector. Setting this to true is very risky and it is
        highly recommended to set this to false so that only authorized users
        will be able to communicate.
        -->
        <TurnOffAuthorizationForAllRequests>false</TurnOffAuthorizationForAllRequests>

        <!-- SECURITY POLICY FOR ROUTE MESSAGES TO PARTICIPANTS
        Set to true if the messages being routed requires authorization
        check. Generally, The messages being routed are percieved as low
        risk messages. The system can gain performance if authorization
        check for these messages is turned off. By default seesion will
        not make authorization checks while routing the messages. This
        flag should be set to true if the authorization check is required
        for routing the messages.
        -->
        <RouteMsgToParticipantsRequireAuthorization>false</RouteMsgToParticipantsRequireAuthorization>
        <!-- DATA ENCRYPTION POLICY
        Set to true if the data should be encrypted while storing in the
        database. Session manifest can contain sensitive information. it
        can be security risk if the session manifest is stored in the db
        without encrypting the data. The performance of the session can
        degrade if the encryption is on data storage. By default session
        will not encrypt the data while saving into database. This falg
        should be true if session should encrypt the data when storing
        the data in the database.
        -->
        <EncryptSessionManifest>false</EncryptSessionManifest>
    </Security>

    <!-- SESSION CLUSTERING CONFIGURATION
    -->
    <SessionClustering>
        <!--
        Set to true if Session connector has to be configured to
        run under clustered environment. Please refer the installation
        guide on how to set up server clustering for session
        -->
        <IsClusteringEnabled>false</IsClusteringEnabled>

        <!--
        If the IsClusteringEnabled is set to false then
        please provide the fully qualified domain name of the node
        so that session connector will run under non-clustered mode.
        An empty string is also considered invalid.

        Note: If the IsClusteringEnabled is set to true then you MUST delete / comment out the
        following node <DNSAddressOfNonClusteredNode>
        -->
        <DNSAddressOfNonClusteredNode>csf-dev-02.csf.com</DNSAddressOfNonClusteredNode>

        <!--
        If the IsClusteringEnabled is set to true then
        the configuration is stored in the database.

        Following key is used to store the DNSaddresses of all the
        nodes in the session cluster.

        "SessionConfigurationSettings/SessionClustering/DNSAddressOfAllNodesInCluster"

        To add the entries in the DB, please use the Admin tool
        provided along with CSF tools. For more information please refer
        the deployment guide.
        -->

    </SessionClustering>

    <!-- SESSION PARTICIPANT CONFIGURATION -->
    <ParticipantConfiguration>
        <!--
        Physical directory path where the participant WSDL files are cached.
        -->
        <ProxyCacheDirectoryPath>C:\csf\session\participant\cache\</ProxyCacheDirectoryPath>

        <!--
        Amount of time in hours after which the cached WSDL files become invalid
        Minimum time for expiring the WSDL files is 1 hour
        -->
        <ProxyCacheFileExpirationTime>24</ProxyCacheFileExpirationTime>

        <!--
        Amount of time in seconds after which the secondary credentials cached in memory become invalid
        Valid range is from 0 seconds to 86400 seconds (1 day)
        -->
        <CredentialCacheExpirationTime>3600</CredentialCacheExpirationTime>

        <!--
        Specifies whether to use the primary credentials for a participant that specifies policy if
        the secondary credentials are missing in the SSO database.
        -->
        <AttachPrimaryCredentialWhenNoMapFound>true</AttachPrimaryCredentialWhenNoMapFound>
    </ParticipantConfiguration>

    <!-- APPLICATION MANAGEMENT CONFIGURATION -->
    <MemoryManagement>
    <!--
        The maximum percentage of the session faults allowed after which
        CreateSession requests will be turned down.
        Set this to 100 if you need to have large number of
        sessions and high performance is not important.
        -->
        <AllowedPercentageOfThrashing>25</AllowedPercentageOfThrashing>
    </MemoryManagement>
</SessionConfigurationSettings>
 

Session.config configuration values:

SessionManagerAdminWSUri

Description

Gives the Url for the SessionManagerAdmin end-point of the Web-Service facade

How it is used

The user gets back the Notifications and Responses from Session with the SessionManagerAdminUri set to this value

Default value

http://{0}/Session/SessionManagerAdmin.ashx

where in place of {0}, the DNS address identifying the current session server is used

Needs to be changed for each deployment

No

SessionAdminWSUri

Description

Gives the Url for the SessionAdmin end-point of the Web-Service facade

How it is used

The user gets back the Notifications and Responses from Session with the SessionAdminUri set to this value

Default value

http://{0}/Session/SessionAdmin.ashx

where in place of {0}, the DNS address identifying the current session server is used

Needs to be changed for each deployment

No

SessionWSUri

Description

Gives the Url for the Session end-point of the Web-Service facade

How it is used

The user gets back the Notifications and Responses from Session with the SessionUri set to this value

Default value

http://{0}/Session/Session.ashx

where in place of {0}, the DNS address identifying the current session server is used

Needs to be changed for each deployment

No

 SessionManagerAdminRoleName

Description

Name of the Active Directory group to which users must belong in order to successfully call CreateSession, TerminateSession, GetActiveSessions, and GetSessionIds.

How it is used

The user submitting the CreateSession, TerminateSession, GetActivieSessions, and GetSessionIds requests must belong to this group.

Default value

CSF\Requestors@CSF_SessionManagerAdmin

Where “CSF” is the domain name of the operator.

Needs to be changed for each deployment

No

 SessionAdminRoleName

Description

Name of the Active Directory group to which users must belong in order to successfully call SessionAdmin functions. None of these functions are currently exposed in the Connected Services Framework Consumer API.

How it is used

This setting is required by the Session component, but it is not used by any method calls from the Consumer API.

Default value

CSF\Requestors@CSF_SessionAdmin

Where “CSF” is the domain name of the operator.

Needs to be changed for each deployment

No

 SessionUserRoleName

Description

Name of the Active Directory group to which users must belong in order to successfully call RouteMsgToParticipants.

How it is used

The user submitting the RouteMsgToParticipants must belong to this group.

Default value

CSF\Requestors@CSF_Session

Where “CSF” is the domain name of the operator.

Needs to be changed for each deployment

No

 TurnOffAuthorizationForAllRequests

Description

True or false—enables/disables authorization checks for all requests.

How it is used

This setting determines if authorization checks are performed for CreateSession, TerminateSession, GetActiveSessions, GetSessionIds, and RouteMsgToParticipants calls.

Default value

false

Needs to be changed for each deployment

No

 RouteMsgToParticipantsRequireAuthorization

Description

True or falseenables/disables authorization checks for RouteMsgToParticipants calls.

How it is used

This setting determines if authorization checks are performed for RouteMsgToParticpants calls.

Default value

true

Needs to be changed for each deployment

No

 EncryptSessionManifest

Description

True or falseenables/disables encryption of Session Manifests when they are persisted in the database.

How it is used

Session Manifests are encrypted when stored in the database if this setting is true.

Default value

false

Needs to be changed for each deployment

No

 IsClusteringEnabled

Description

True or falsedetermines if clustering is enabled.

How it is used

This setting determines if the Session component has been configured to run in a clustered environment.

Default value

false

Needs to be changed for each deployment

No

 DNSAddressOfNonClusteredNode     

Description

Fully qualified DNS Address of the Session node when IsClusteringEnabled is false.

How it is used

When Session is not configured to run in a clustered environment, this setting specifies the name of the Session node.

Note: Fully qualified DNS Address is mandatory information required for Session to work correctly, including across a firewall.

Default value

Ex:Csf-dev-SQL02.csf.com

Needs to be changed for each deployment

Yes

 ProxyCacheDirectoryPath 

Description

Path to the directory on the file system where the Session component caches dynamically generated proxies for participants.

How it is used

In order for the Session to communicate with a participant Web service, a proxy class must be generated from the participant’s Web Services Description Language (WSDL). In order to save time, proxy information is stored in a “cache” directory so that it can be reused when Sessions are created.

Note: This configuration item is going to be deprecated for the future release.

Default value

C:\csf\session\participant\cache\

Needs to be changed for each deployment

No

ProxyCacheFileExpirationTime

Description

Amount of time after which the cached WSDL files become invalid Minimum time for expiring the WSDL file is 1 hour

How it is used

Every time Session needs to access the the participant WSDL, it checks if the WSDL is cached and the ProxyCacheFileExpirationTime has not expired for the participant. If it has expired, then the old WSDL is discarded and the latest WSDL is downloaded and used

Default value

24 (hours)

Needs to be changed for each deployment

No

 ThrottlingPath

Description

Physical directory path where the messages are temporarily stored by the memory manager while performing the request queue throttling

How it is used

Under high loads, session throttles the incoming messages by persisting them temporarily in a file and reads them back when it is ready to process them. This value gives the location on the disk where the files would be temporarily stored

Default value

C:\csf\session\throttling\

Needs to be changed for each deployment

No

CredentialCacheExpirationTime

Description

The expiration time for secondary credentials for the persona participant when they are retrieved from the Identity Manager and stored in a session.  These are retrieved only if needed and last as long as the session exists or until they expire.

How it is used

When the credentials expire, they will have to be re-retrieved from the Identity Manager.    

Default value

3600 (seconds)

Needs to be changed for each deployment

No

AttachPirmaryCredentialWhenNoMapFound

Description

When the session is configured to require secondary credentials for a service, the Session will query Identity Manager for those credentials.  If there are no credentials for that service, this flag will control the behavior. 

How it is used

If the flag is true, the primary credentials from the persona participant will be placed in the message to the service.  If the flag is false, no credentials will be placed in the message.

Default value

true

Needs to be changed for each deployment

No

AllowPercentageOfThrashing

Description

When a request is made to session and the session is not in memory but must be retrieved from the database that operation is tracked over time to determine what percentage of sessions have to be retrieved from the database.  This parameter sets the maximum value for that percentage.

How it is used

When this value is exceeded, new requests to create sessions will be denied until the percentage of sessions retrieved form memory is greater.  As sessions are normally terminated the number used from memory will increase and new sessions will be allowed..

Default value

25

Needs to be changed for each deployment

No

 

Show:
© 2014 Microsoft