3.2 Prerequisites for One SSO Provider

Before installing OSP, review the following considerations:

  • (Conditional) Even if you installed OSP with Identity Manager 4.5 or later, if you want to use OSP as your authentication service, you must install a separate instance of OSP for use with Identity Governance.

  • (Conditional) OSP requires trust certificates configured for secure communication for user authentication in a production environment. Depending on your Identity Governance solution, OSP might need to communicate with an authentication server, a SAML provider, or one or more Advanced Authentication servers. For more information, see Section 1.2.6, Understanding the Keystore for the Authentication Server.

  • OSP requires several generated symmetric keys along with public/private key pairs for signing, encryption, and TLS for use during normal operations to generate other key material. The installation program automatically creates the symmetric keys and key pairs and places them in the osp.pkcs12 file.

  • (Conditional) If you set up multiple instances of OSP for use in a high availability cluster, copy the osp.pkcs12 file from the installed location on the first server to the same location on the other member servers in the cluster. OSP must use the same key material.