Administration manual - Documentation Ametys

This page concerns Ametys configuration. To configure your Exchange server with Microsoft Graph, go to Microsoft Configuration

Java Cryptography Extension (JCE)
Configuration

Java Cryptography Extension (JCE)

In order to encrypt Exchange passwords (if identity borrowing is not enabled), it is essential to have an extended version of "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy", which can be found here :

http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

Les 2 fichiers jar présents dans le zip téléchargés doivent être positionnés dans <java-home>/lib/security

(save the 2 files already present if this is the case)

Configuration

The following configuration is available from version 1.12.0 onwards

General configuration

Parameter	Description	Mandatory
Exchange online	Check to connect to the exchange online server. The associated parameters are defined below, in the "Exchange online" section.	No
Exchange Server	Check to connect to the exchange server The associated parameters are defined below, in the "Exchange Server" section.	No
Cache settings / Lifetime	Corresponds to the lifetime of an entry in the cache, in minutes.	Yes
Population / Population ID	Identifier of the population associated with the messaging service.	Yes, if there are at least 2 defined populations.
Applications
Url Webmail	URL to Webmail application	No
Url agenda	URL complete to agenda application	No

Exchange online configuration

Parameter	Description	Mandatory
Use administrator permissions	Allows you to connect to the Exchange online server based on administrator permissions. If this box is unchecked, then the population used must use AzureAD as Credential Providers.	Yes
Azure application identifier	Azure application ID, available on the Azure portal	Yes if "Use administrator permissions" is checked.
Azure directory identifier	Azure directory ID (tenant), available on the Azure portal	Yes if "Use administrator permissions" is checked.
Secret key	Application secret key, generated on the Azure portal	Yes if "Use administrator permissions" is checked.
Identification	Server identification. Two values are possible: by email per login	Yes if "Use administrator permissions" is checked.
User directory identifier	Identifier of the user directory associated with the mailbox. User directories must correspond to the population defined for messaging.	Yes, if both types of exchange connector are used.

Exchange Server configuration

Parameter	Description	Mandatory
URL	URL to connect to the mail exchange server	Yes
Identification	Server identification. Two values are possible: by email per login	Yes
Authentication method	Method for authenticating a given user to the Exchange server. The following options are available: Identity borrowing: access the connector using the credentials of a given administrator, who will borrow the identity of others. Save password in user preferences: saves the password in encrypted form in user preferences for later use. 🔐In this case, the password is stored in the database with no time limit, using AES SHA-256 encryption. Use password from authentication form: allows you to retrieve the password during authentication, and store it in session for later reuse. ⚠Usableonly with form authentication, when the corresponding box is checked. 🔐In this case, the password is not stored, but only retained in memory, for the lifetime of the user session (30mn after the last activity in the default configuration of Tomcat or immediately in the event of disconnection).	Yes
Login	Login to mail exchange server	Yes if "Identity borrowing" is selected as the authentication method.
Password	Password to connect to mail exchange server	Yes if "Identity borrowing" is selected as the authentication method.
User directory identifier	Identifier of the user directory associated with the mailbox. User directories must correspond to the population defined for messaging.	Yes, if both types of exchange connector are used.