8.5 Changing Host File IP Addresses to DNS Names

Beginning with Identity Governance 3.5.0, the product installation requires you to identify host servers using only fully-qualified DNS names. In previous releases, you could specify either the IP address or the DNS name to identify host servers.

If you used IP addresses when you installed a previous version of the product, ensure you use fully-qualified DNS names when you install the latest version. If you are able to successfully install the product using IP addresses, users might get an OAuth2 error when logging in to the product. If this happens, you must modify settings in three places after you upgrade to use the latest version of Identity Governance.

To update DNS names in setenv:

  1. Stop Tomcat.

  2. Open the setenv file in a text editor. In Linux environments, the file location is /opt/netiq/idm/apps/tomcat/bin/setenv.sh. In Windows environments, the file location is C:\netiq\idm\apps\tomcat\bin\setenv.bat.

  3. Change the IP address associated with com.netiq.idm.osp.client.host to the fully-qualified DNS name.

  4. Save and close the file.

To update DNS names in ism-configuration.properties:

  1. Open the ism-configuration.properties file in a text editor. In Linux environments, this file is located in the /opt/netiq/idm/apps/tomcat/conf directory. In Windows environments, this file is located in the C:\netiq\idm\apps\tomcat\conf folder.

  2. Change the IP address associated with the following attributes to the fully-qualified DNS name:

    • com.netiq.idm.osp.url.host

    • com.netiq.iac.url.local.host

    • com.netiq.rpt.authserver.url

    • com.netiq.rpt.access.review.url

    • com.netiq.rpt.landing.url

    • com.netiq.rpt.redirect.url

  3. Save and close the file.

To update DNS names in the Identity Governance Configuration utility:

  1. Ensure that the Identity Governance database is running.

  2. Start the Identity Governance Configuration utility with the database password. In Linux environments, run /opt/netiq/idm/apps/idgov/bin/configutil.sh. In Windows environments, run C:\netiq\idm\apps\idgov\bin\configutil.bat.

    For example, use the following command in Linux environments:

    ./configutil.sh -password %PASSWORD%

  3. Change the IP address associated with the following attributes on the specified tabs to the fully-qualified DNS name:

    Tab

    Setting

    Authentication Server Details

    • IG Redirect URL

    • IG Request Redirect URL

    Network Topology

    Nodes Host Name

    Workflow Settings

    JMS broker URI

  4. Exit the utility.

  5. Start Tomcat.