You can use the Transport Layer Security/Secure Sockets Layer (TLS/SSL) protocol to ensure the following types of secure network connections for Identity Governance:
HTTP, which provides end-user access to and from Identity Governance
LDAP, which ensures secure communication between Identity Governance and the authentication server
JDBC, which ensures secure communication between Identity Governance and the database server
TLS/SSL protocols are not configured by default. During installation, you should specify https as the protocol for communication with the database and authentication server. The OSP installation process creates symmetric keys and key pairs for signing, encryption, and TLS and stores them in the OSP key store. The Identity Governance installer places a single invalid certificate in its trust store. Both installation programs place trusted certificates from external servers into their respective trust stores to allow communications with the external servers. You can configure Identity Governance to use the TLS/SSL protocol before putting the system into production.
We highly recommend that you configure Tomcat to use https with either TLSv1.2 or TLS1.1. Any prior version of TLS should not be used. For more information, see Securing Tomcat.
For more information about the Identity Governance Configuration Utility, see Section A.0, Running the Identity Governance Configuration Utility.
To configure secure communication with the authentication server:
Stop Identity Governance (and Tomcat). For examples, see Stopping, Starting, and Restarting Tomcat.
Run the Identity Governance Configuration Utility.
For Authentication Server Details and Network Topology, verify that the connection protocol for the servers is set to https.
Select Save, and then close the utility.
Ensure that the specified host and port for the authentication server support TLS/SSL communication.
Start Identity Governance (and Tomcat). For examples, see Stopping, Starting, and Restarting Tomcat.