1.2 System Requirements and Prerequisites for Standalone Installation (Non-Docker)

1.2.1 System Requirements

This section explains the system requirements and prerequisites to install standalone OpenText Identity Console.

Category	Minimum Requirement
Processor	1.4 GHz 64-bit
Memory	2GB
Disk Space	200 MB on Linux
Supported Browser	Latest version of Microsoft Edge Latest version of Google Chrome Latest version of Mozilla Firefox NOTE:While using OpenText Identity Console in Mozilla Firefox, the operation might fail with Origin Mismatch error message. To troubleshoot, perform the following steps: Update Firefox to the latest version. Specify about:config in the Firefox URL field and press Enter. Search for Origin. Double-click on network.http.SendOriginHeader and change its value to 1.
Supported Operating System	Certified: SUSE Linux Enterprise Server (SLES) 15 SP5, (SLES) 15 SP6 Red Hat Enterprise Linux (RHEL) 8.7, 8.8, 8.9, 9.2, 9.3, and 9.4 In Docker: Red Hat Universal Base Image 9.5 Supported: Supported on later versions of support packs of the above certified Operating Systems.
Certificates	Obtain a pkcs12 server certificate with the private key to encrypt/decrypt data exchange between the client and the OpenText Identity Console server. From OpenText Identity Console 1.7.2 onwards users can generate server certificate during the installation process. This server certificate is used to secure the http connection. You can use server certificates generated by any external CA. For more information, see Creating a Server Certificate Object. The server certificate should contain the Subject Alternative Name with IP address and DNS of the OpenText Identity Console server. Once the server certificate object is created, you must export it in .pfx format. From OpenText Identity Console 1.9 onwards, you can choose to auto fetch the CA certificate as per your requirement. From OpenText Identity Console 1.7.2 onwards users can import CA Certificate (SSCert.pem) by providing IP address and port information during installation process. For more information, see Generate CA certificate.

Once you are ready, proceed with installing OpenText Identity Console. For more information, see Installing Standalone OpenText Identity Console (Non-Docker).

1.2.2 (Optional) Prerequisite for OSP Configuration

Using the One SSO Provider (OSP), you can enable the single sign-on authentication for your users to the OpenText Identity Console portal. You must install OSP before installing OpenText Identity Console. To configure OSP for OpenText Identity Console, follow the on-screen prompts and provide the required values for configuration parameters. To register OpenText Identity Console to an existing OSP server, you must manually add the following to the ism-configuration.properties file in /opt/netiq/idm/apps/tomcat/conf/ folder:

com.netiq.edirapi.clientID = identityconsole
com.netiq.edirapi.redirect.url = https://<Identity Console Server IP>:<Identity Console Listener Port>/eDirAPI/v1/<eDirectory Tree Name>/authcoderedirect
com.netiq.edirapi.logout.url = https://<Identity Console Server IP>:<Identity Console Listener Port>/eDirAPI/v1/<eDirectory Tree Name>/logoutredirect
com.netiq.edirapi.logout.return-param-name = logoutURL
com.netiq.edirapi.response-types = code,token
com.netiq.edirapi.clientPass._attr_obscurity = NONE
com.netiq.edirapi.clientPass = novell

NOTE:

If you are installing OSP for the first time, specify the option 'y' for Configure OSP with eDir API and follow the on-screen prompts to register OpenText Identity Console with OSP.
Ensure to specify the OpenText eDirectory tree name in lowercase while configuring OpenText Identity Console. In case, the tree name is not specified in lowercase, the login to the OpenText Identity Console server might fail.
With OSP, you can connect to only a single OpenText eDirectory tree as OSP does not support multiple OpenText eDirectory trees.
Third party OSP is not supported in OpenText Identity Console.
In a NAM integrated environment, OpenText Identity Console with OSP is currently not supported.