This is currently untested and under review by Claude, do not provide to customers until vetted.
Copy these files onto the target AuthAnvil server
- Run AAOfflineALMPrep.vbs to generate an ALMPrep.XML
- Edit generated ALMPrep.XML to make sure it has your proper subscription email
- Run the .\AAOfflineALMHash.ps1
<MaxTokens> <Expiration> where <expiration> is a string in the format mm/dd/yyyy.
This generates an ALM_OfflineHashGenerator.exe.config file.
2FA Offline ALM
- Open the ALM_OfflineHashGenerator.exe.config and copy the 3 keys from there into the 2FA web.config under <appSettings>, overwriting the existing keys.
- (Debug verification): Set DebugLevel to 55 in the SAS web.config. Run an IISreset and refresh the ALM by going to Actions -> "Change Subscription Info" on the Settings page, typing the master admin, saving the config (no changes) and logging out of the Manager. Check Event Viewer for subscription messages
PWS Offline ALM
- Open the ALM_OfflineHashGenerator.exe.config and copy the 3 keys from there into the AAPS web.config under <appSettings>. Rename these three keys to:
"MaxTokens" -> "OffMaxSeats"
? "Expiration" -> "OffExpiration"
? "ALMFingerprint" -> "OfflineHash"
(Optional verification): To confirm the offline success for Password Vault, open dbo.OrganizationStatusTable. If the offline ALM succeeded, the column "LastLicenseFailure" will have a value of 1753-01-01 12:00:00.000. If it failed, it will have the Date/Time of the last failed attempt.
- Verify by shutting down external access and trying to use the software normally
Note: Single Sign On does not require extra configuration as it is handled by the 2FA licensing check.