In some installation scenarios, you must take additional steps to prepare OSP for use with Identity Governance. For example, running OSP in an environment without Identity Manager or using Active Directory as your LDAP authentication server require some additional steps. Also, if you did not enable auditing during the installation process, you must run some additional steps.
When you run OSP on a different Tomcat server than Identity Governance, and you do not have Identity Manager in your environment, you must ensure that the OSP Configuration Update utility has the appropriate values to run OSP. The OSP Configuration Update utility (configupdate.sh or configupdate.bat) contains the settings that allow OSP to function and it is a separate utility from the Configuration Update utility for Identity Governance. After installing Identity Governance, you must update several settings in both utilities. see SSO Clients Parameters
in the NetIQ Identity Manager Setup Guide for Linux.
Create a backup copy of the ism-configuration.properties file.
Linux: Default location in /opt/netiq/idm/apps/tomcat/conf
Windows: Default location in C:\opt\netiq\idm\apps\tomcat\conf
In a text editor, open the configupdate.sh.properties or configupdate.bat.properties.to update values.
Linux: Default location in /opt/netiq/idm/apps/osp/bin
Windows: Default location in c:\netiq\idm\apps\osp\bin
In the file, modify the properties to the following values:
Change is_prov to false
(Conditional) Change use_ssl to false, if your LDAP server is not set up for SSL communication
(Option) Change use_console to true, if you want to run the utility in console mode, otherwise change use_console to false for opening in the console in GUI mode
Save and close the file.
Update settings in the OSP Configuration Update utility.
Launch the Configuration Update utility.
Linux: Default location in the /opt/netiq/idm/apps/osp/bin
./configupdate.sh edition=none
Windows: Default location in C:\netiq\idm\apps\osp\bin
configupdate.bat edition=none
NOTE:Adding edition=none on the command line avoids needing to modify this value within configupdate.sh.properties or the configupdate.bat.properties file. It also avoids certain unnecessary fields which the config update utility would otherwise require values for in order to save.
Select SSO Clients.
Under Reporting, specify values for the following parameters:
NOTE:Regardless whether you use Identity Reporting, the utility requires values in these fields.
OAuth client ID
For example, rpt.
OAuth client secret
URL link to landing page
For example, http://123.456.78.90:8180/#/landing
URL link to Identity Governance
For example, http://123.456.78.90:8080/#/nav
OSP Oauth redirect url
For example, http://123.456.78.90:8180/IDMRPT/oauth.html
Under DCS Driver, specify values for the following parameters:
NOTE:Regardless whether you use Identity Reporting, the utility requires values in these fields.
OAuth client ID
For example, dcsdriver.
OAuth client secret
To save your changes, select OK.
Update the settings for Identity Vault and Authentication, as needed.
To use Active Directory for your LDAP authentication server, you need to update the settings using the OSP Configuration Update utility and in the Identity Governance configuration utility.
Ensure that you have prepared the Configuration Update utility for OSP. For more information, see Ensuring the Configuration Update Utility Can Run OSP.
Stop Tomcat, if it is running. For examples, see Stopping, Starting, and Restarting Tomcat.
Update settings in the Configuration Update utility.
Launch the Configuration Update utility.
Linux: Default location in the /opt/netiq/idm/apps/osp/bin
./configupdate.sh edition=none
Windows: Default location in C:\netiq\idm\apps\osp\bin
configupdate.bat edition=none
NOTE:Adding edition=none on the command line avoids needing to modify this value within configupdate.sh.properties or configupdate.bat.properties file. It also avoids certain unnecessary fields which the config update utility would otherwise require values for in order to save.
Select Reporting > Identity Vault Settings > Identity Vault User Identity > Login Attribute.
For Login Attribute, specify the attribute in Active Directory that you want to use for logging in to Identity Governance. For example, sAMAccountName.
NOTE:This value is case-sensitive.
To save your change, select OK.
Update settings in the Identity Governance Configuration utility:
Launch the Identity Governance Configuration utility.
Linux: Default location in /opt/netiq/idm/apps/idgov/bin
./configutil -password database_passwordWindows: Default location in c:\netiq\idm\apps\idgov\bin
configutil -password database_passwordSelect Security Settings.
For Auth Matching Rules, add the same attribute from Active Directory that you specified for Login Attribute in Step 3.c.
Do not delete dn. For example, the setting should now list dn and sAMAccountName.
Select Save.
Continue with the post-installation tasks, as required.
If during the OSP installation process you did not enable auditing, you can enable it at anytime. For more information, see Enabling Auditing for OSP after the Installation.