Skip to main content

ControlSuite: Security Framework credentials

Article # 3015384 - Page views: 292


In ControlSuite, the Security Framework Service (SFS) credentials are used to enroll and unenroll services with the SSDS (Secure Service Discovery Service) amongst other things.  This credential is in the form "domain\user" even though it need not be associated with any Windows domain or user, and an associated password. These credentials are created in Configuration Assistant, on the "Authorization & Security" tab.  Once created, there is no way to recover them, so these must be kept in a secure place for future reference.  If this information is lost or forgotten, certain actions requiring the SFS Credentials will be impacted.  So, action must be taken to avoid this.     [Kofax / NDI Internal Information]   This information can be use to perform recovery for a customer who has lost the credentials, however it should not be widely shared.  

  1. Back up the appsettings.json file (Default Path ->  C:\Program Files\Kofax\Shared Services\SecurityFrameworkService)
  2. Edit the appsettings.json file and set "LocalRecoveryMode": true (default is false).
  3. Restart IIS service hosting the SecurityFramework (NDI Site).  
  4. Run the following at an elevated CMD prompt NDISecTool.exe -addbootstrapuser -domain -username -password -aasurl "https://localhost:8181/SecurityFrameworkService".   where is the arbitrary domain to be used for the SFS credential where  is the user name to be used for the SFS credential and  is the password to be used for the SFS credential  
  5. Restore the appsettings.json backed up in step 1 (or edit the file and set "LocalRecoveryMode": false)