The following Identity Manager components require OSP for user authentication:
Identity Applications
Identity Reporting
Before installing OSP, NetIQ recommends that you review the following considerations:
To run OSP, you can use your own Tomcat installation program instead of the one provided in the Identity Manager installation kit. However, to use the Apache Log4j service with your version of Tomcat, ensure that you have the appropriate files installed. For more information, see Using the Apache Log4j Service to Log Sign-on.
You can configure OSP to work with NetIQ Access Manager 4.0 using SAML 2.0 authentication. For more information, see Section 49.0, Using SAML Authentication with NetIQ Access Manager for Single Sign-on.
OSP requires trust certificates to ensure that the identity applications and reporting can communicate with the authentication server. The installation process automatically creates a certificate for TLS/SSL in the osp.jks file. You can also have the process create the Trusted Root Certificate for a SAML Assertion to eDirectory.
NOTE:These certificates expire two years after their creation date. You must create new certificates when the original ones expire. For more information, see Authentication Server and Section XV, Configuring Single Sign-on Access in Identity Manager.