Configure the Advanced Security Module for Debugging

This section applies only to installations that include Elasticsearch.

Go to the Federator Administration page.
OpenRegistered Pipeline Stages and click Federator Settings
1. . The Properties for Federator SSA page appears.
  See the Registered Pipeline Stages graphic below.
Register New Pipeline Stage Pipeline stages offer uniformity to the end user. Various functions include mapping names and values to match local refinements.: Scroll down and click.
The Federator Search Service Application settings appear.
Federator Pipeline Stage: Add the following values:
- Class Name: BAInsight.AdvancedSecurityModule.SecurityPipeline
- Assembly Name: BAInsight.AdvancedSecurityModule, Version=1.0.0.0, Culture=neutral, PublicKeyToken=8b346c7a0df406fd
OK: Click OK to see the SmartHub Administration page.
See the Longitude Security Trimmer.
Back: Click Back to return to the previous page: SmartHub Administration.
Add New Results Stage: Scroll to the bottom of the page and click. The Federator Search Service Application page appears.
Pipeline Stage: Use the down arrow to select Longitude Security Trimmer.

After you complete the previous steps, copy and paste the following code. Replace the sample values with the appropriate values based on their descriptions.

See the config node

Copy

<config>   
    <pathToGroupService>http:...</pathToGroupService>   
    <domainRemapping>domain=domain.local</domainRemapping>   
    <groupCacheTimeout>5</groupCacheTimeout>   
    <additionalSecurityLevels>0</additionalSecurityLevels>   
    <enableSidSecurity>false</enableSidSecurity>   
    <includeResultSources>*</includeResultSources>   
    <excludeResultSources></excludeResultSources>   
    <impersonateUser>domain\uA=domain\uB</impersonateUser>   
    <debug>false</debug>   
    <userForGroupService>user</userForGroupService>   
    <passForGroupService>password</passForGroupService>
</config>

Click OK.

Parameter	Required	Description
`pathToGroup` `Service`	X	This URL must point to the `UserNamtiveGroups.asmx` file in your BA Insight Connector Framework administration site. This site is typically deployed as a subsite of your SharePoint Central Administration Site. The URL should be similar to the following: `http://<url of your SharePoint Central Administration Site>/longitude.connectors/_layouts/15/esc.search.services/usernativegroups.asmx`
`domainRemapping`		The default value is an empty string (that is, no domain remapping). Use this parameter to remap the possible combinations of user log in domains to the BA Insight Connectors mapped domains, such as: `SourceDomain1=TargetDomain1&SourceSourceDomain2=TargetDomain2&…` The user from the source domain is treated as if this user was one (1) of the users for from the target domain. `domain=domain.local&corp=corp.local`
`groupCacheTimout`		The default value is `5 minutes`. Specify the time in minutes for the group cache expiration time.
`additional` `Security` `Levels`		`The default value is 0. The maximum value is 10.` `For Connectors using multilevel security, the value should be greater than 0.` Connector Framework `calculates this value automatically; override this value by specifying a new value.` If items secured with multiple levels are incorrectly returned in the search results, increase this value. The higher the value, the slower the query.
`enableSidSecurity`		The default value is `false`. `Set this parameter to True if the source system relies on Active Directory for both its users and groups (such as the FileNet and FileShare Connectors).` `This setting also implements multilevel security: For example, multilevel security is implemented for a FileNet source system using the marking sets capability.`
`includeResultSources`		The default value is `*` (in other words, all of the sources are processed). Specify a list of result source names for which this stage will transform the query. This parameter must include all of the result sources returning results from content sources that are secured using the native security model. Specify your values using a semicolon-separated (`;`) list of names. For example, specify: `Local SharePoint Sites;CustomSource`
`excludeResult Sources`		The default value is an empty string (that is, no source is excluded). Use this setting for scenarios where you want to apply security to some, but not all sources. Specify a list of result sources for which the security transformation is not applied. Specify your values using a semicolon separated (`;`) list of names. For example, specify: `Local SharePoint Sites;CustomSource`
`impersonate` `User`		The default value is an empty string (that is, no impersonation). Enter the domain and user name of a user that you want to impersonate in the search results. This parameter can contain a string with one (1) user specified. Use the following format: `domain\user` Alternatively, specify the user mapping string using the following format: S`ourceDomain1\SourceUser1=TargetDomain1\TargetUser1;` `SourceDomain2\SourceUser2=TargetDomain2\TargetUser2;` In the first example, the security level for this user is applied to all of the users. This specification overrides the current user security level so that all of the users have the same access as this user. In the second case, if mapping is found for the user name under which the request is performed, the target user security is applied.
`debug`		The default value is `false.` Specify an internal parameter that is used for advanced troubleshooting.
`userForGroupService`	X	This is the user that is used to get users and groups from Connector Framework. You must specify this parameter using the format `DOMAIN\USER`.
`passForGroupService`	X	This is the password for the userForGroupService Make sure the password is properly encoded for XML. If your password contains special characters, use the syntax `<![CDATA[password]]>`.