Database Configuration
Overview
Version 4.0 of PAS introduced a new internal database, which is used by default. Version 4.0 also introduces the possibility to use an external database, where MySQL or MSSQL is supported. This option can be used if desired and is mandatory for installations where the database should be clustered.
This document will explain the steps to configure the database of choice and also migrate current data.
Note
Depending on the choice of database, default reports might need to be adjusted. The query used for the report can contain statements that are not supported.
Configure database
Create database
HSQLDB will be created when PAS is started, which is the internal database.
For Mysql and MSSQL, use the "mssql_phenixid.sql" for MSSQL and "mysql_phenixid.sql" for MySQL to create the initial database structure. These files are included in the migration application package.
NOTE: When using MSSQL Integrated authentication, the command needs to be run with an account that has correct privileges to the database.
Configure database in boot.json
We will now add configuration for the database of choice.
In boot.json, set the mpl module according to the examples below.
NOTE: For MySQL and MSSQL, the parameter "url" will be dependent on the database of choice. This value should be provided by the person(s) responsible for the database configuration.
NOTE2: The default database name, "phenixid", can be changed on MySQL/MSSQL (NOT on internal HSQLDB).
To use a different database name than phenixid, on MySQL/MSSQL, set the parameter:
"catalog":"<databasename>"
in the mpl section of boot.json.
Examples
"user": "<user_name>","
"password": "<password>",
"encryption.key": "<encryptionkey>",
"catalog":"phxprod",
"export_start": "15:00"
HSQLDB (default)
{
"name": "com.phenixidentity~phenix-store-mpl",
"config": {
"user": "phenixid",
"password": "<password>",
"encryption.key": "<encryptionkey>",
"export_start": "15:00",
"driver_class": "org.hsqldb.jdbc.JDBCDriver",
"dataretention": "60",
"is_server": "true",
"server.address": "0.0.0.0",
"url": "jdbc:hsqldb:hsql://localhost:9001/phenixid"
}
}
MySQL/MariaDB
{
"name": "com.phenixidentity~phenix-store-mpl",
"config": {
"user": "<user_name>",
"password": "<password>",
"encryption.key": "<encryptionkey>",
"export_start": "15:00",
"driver_class": "com.mysql.cj.jdbc.Driver",
"dataretention": "60",
"is_server": "false",
"url": "jdbc:mysql://172.24.0.3:3306/phenixid"
}
}
MSSQL (SQL authentication)
{
"name": "com.phenixidentity~phenix-store-mpl",
"config": {
"user": "<user_name>",
"password": "<password>",
"encryption.key": "<encryptionkey>",
"export_start": "15:00",
"driver_class": "com.microsoft.sqlserver.jdbc.SQLServerDriver",
"dataretention": "60",
"is_server": "false",
"url": "jdbc:sqlserver://172.24.0.3:1433;instance=sqlexpress;databaseName=phenixid"
}
}
MSSQL (Integrated authentication)
{
"name": "com.phenixidentity~phenix-store-mpl",
"config": {
"user": "dummy",
"password": "dummy",
"encryption.key": "<encryptionkey>",
"export_start": "15:00",
"driver_class": "com.microsoft.sqlserver.jdbc.SQLServerDriver",
"dataretention": "60",
"is_server": "false",
"url": "jdbc:sqlserver://172.24.0.3:1433;instance=sqlexpress;databaseName=phenixid;integratedSecurity=true;"
}
}
Note
When using integrated authentication, the PAS windows service has to be launched with the same account used for the database connection. This account also needs privilege to right to disk.