25.2 Enabling Client Authentication

By default, client authentication is disabled in Transformation Hub. To enable client authentication after installation, perform the following:

  1. Replace the default CA with a new CDF root CA. For more information, see Changing the CDF Certificate Authority.

  2. Log in to CDF Management Portal.

  3. Click Deployment > Deployments.

  4. Click of arcsight-installer, then click Uninstall to uninstall all the software.

  5. Click of arcsight-installer, then click Install to reinstall Identity Intelligence and all the software.

  6. Select the metadata file version in version and click Next.

  7. Read the license agreement and select I agree.

  8. Click Next.

  9. In the Capabilities page, select the following and click Next:

    • Transformation Hub

    • Identity Intelligence

    • Fusion

  10. Specify the values you provided during installation:

    1. In the Transformation Hub configuration page, enable Enable Connection to Kafka uses TLS Client Authentication.

      Ensure that you provide the appropriate values for other configuration fields. For more information, see the Transformation Hub Tuning section in the Hardware Requirements and Tuning Guidelines.

    2. In the Fusion configuration page:

      • Specify database connection details

        NOTE:Ensure to provide same value for both Database Application Admin User Name and Search User Name as the database search user must have write privilege to make changes to Identity Intelligence schema.

      • Specify values for Client ID and Client Secret for Single Sign-On

    For more information about the values, see Installing Identity Intelligence.

  11. Click Next until you reach the Configuration Complete page.

  12. Restart the ITOM-DI pods manually after all the pods are displayed in green in the Configuration Complete page:

    1. Get the name of all ITOM-DI pods:

      kubectl get pods --all-namespaces | grep itom-d

    2. Restart all the pods individually by executing the command:

      kubectl delete pod -n <namespace> <ITOM-DI pod name>

  13. Ensure to configure mutual authentication SSL in all the following components:




    Configuring SSL for Database

    Identity Governance

    Configuring SSL between Identity Governance and Transformation Hub

    Identity Manager Driver for Entity Data Model

    Creating and Configuring the Driver.


    Configuring the SmartConnector