1.2 System Requirements and Prerequisites for Standalone Installation (Non-Docker)

1.2.1 System Requirements

This section explains the system requirements and prerequisites to install standalone Identity Console.

Category

Minimum Requirement

Processor

1.4 GHz 64-bit

Memory

2GB

Disk Space

200 MB on Linux

Supported Browser

  • Latest version of Microsoft Edge

  • Latest version of Google Chrome

  • Latest version of Mozilla Firefox

NOTE:While using Identity Console in Mozilla Firefox, the operation might fail with Origin Mismatch error message. To troubleshoot, perform the following steps:

  1. Update Firefox to the latest version.

  2. Specify about:config in the Firefox URL field and press Enter.

  3. Search for Origin.

  4. Double-click on network.http.SendOriginHeader and change its value to 1.

Supported Operating System

  • Certified:

    • SUSE Linux Enterprise Server (SLES) 15 SP5

    • Red Hat Enterprise Linux (RHEL) 8.7, 8.8, 9.2, and 9.3

    • In Docker: Red Hat Universal Base Image 9.3

  • Supported: Supported on later versions of support packs of the above certified Operating Systems.

Certificates

  • Obtain a pkcs12 server certificate with the private key to encrypt/decrypt data exchange between the client and the Identity Console server. From Identity Console 1.7.2 onwards users can generate server certificate during the installation process. This server certificate is used to secure the http connection. You can use server certificates generated by any external CA. For more information, see Creating Server Certificate Objects. The server certificate should contain the Subject Alternative Name with IP address and DNS of the Identity Console server. Once the server certificate object is created, you must export it in .pfx format.

  • Obtain a CA certificate for all trees in.pem format to validate the CA signature of the server certificates obtained in the previous step. From Identity Console 1.7.2 onwards users can import CA Certificate (SSCert.pem) by providing IP address and port information during installation process. This rootCA certificate also ensures establishing a secured ldap communication between the client and the Identity Console server. For example, you can obtain the eDirectory CA certificate (SSCert.pem) from /var/opt/novell/eDirectory/data/SSCert.pem.

Once you are ready, proceed with installing Identity Console. For more information, see Deploying Standalone Identity Console (Non-Docker).

1.2.2 (Optional) Prerequisite for OSP Configuration

Using the One SSO Provider (OSP), you can enable the single sign-on authentication for your users to the Identity Console portal. You must install OSP before installing Identity Console. To configure OSP for Identity Console, follow the on-screen prompts and provide the required values for configuration parameters. To register Identity Console to an existing OSP server, you must manually add the following to the ism-configuration.properties file in /opt/netiq/idm/apps/tomcat/conf/ folder:

com.netiq.edirapi.clientID = identityconsole
com.netiq.edirapi.redirect.url = https://<Identity Console Server IP>:<Identity Console Listener Port>/eDirAPI/v1/<eDirectory Tree Name>/authcoderedirect
com.netiq.edirapi.logout.url = https://<Identity Console Server IP>:<Identity Console Listener Port>/eDirAPI/v1/<eDirectory Tree Name>/logoutredirect
com.netiq.edirapi.logout.return-param-name = logoutURL
com.netiq.edirapi.response-types = code,token
com.netiq.edirapi.clientPass._attr_obscurity = NONE
com.netiq.edirapi.clientPass = novell

NOTE:

  • If you are installing OSP for the first time, specify the option 'y' for Configure OSP with eDir API and follow the on-screen prompts to register Identity Console with OSP.

  • Ensure to specify the eDirectory tree name in lowercase while configuring Identity Console. In case, the tree name is not specified in lowercase, the login to the Identity Console server might fail.

  • With OSP, you can connect to only a single eDirectory tree as OSP does not support multiple eDirectory trees.