Update the data protection settings for Identity Provider

When you install XProtect in a single-server environment, the Identity Provider configuration data is protected using Data Protection API (DPAPI). If you set up the management server in a cluster, you must update the Identity Provider configuration data to make it identical on both nodes.

To ensure fluent node failover, you must set up data protection and update the data protection keys for the user running the VideoOS IDP AppPool application pool.

You must have imported your certificate to the Personal store for the user running VideoOS IDP AppPool and given it Read permissions. Also, if you use a self-signed certificate, you must add it to the Trusted Root Certificates Authorities store on your local computer.

On Node 1:

  1. Locate the appsettings.json file in the installation path of the Identity Provider ([Install path]\Milestone\XProtectManagement Server\IIS\IDP).

  2. In the DataProtectionSettings section, make the following changes:

    • To set up data protection, set the thumbprint of the certificate that's used by the IDP application pools and the Management Server service. See How to: Retrieve the Thumbprint of a Certificate.

    • To remove the old certificate key, set CleanUpNonCertificateKeys to true. 

    3. "DataProtectionSettings": {
  "ProtectKeysWithCertificate": {
    "Thumbprint": "" 
    "CleanUpNonCertificateKeys": true
  }
},

  1. Repeat steps 1-2 on Node 2.