37.3 Configuring Identity Manager for Integration

To ensure proper integration, you must update your version of Identity Manager identity applications to recognize Identity Governance. The process includes copying files from the Identity Governance installation to the Identity Manager identity applications installation.

This procedure assumes that you have configured single sign-on for the identity applications.

  1. On the server where you installed Identity Governance, log in as an administrator.

  2. Navigate to the /osp folder in the installation directory for Identity Governance. For example, /opt/netiq/idm/apps/idgov/osp.

  3. Copy the uaconfig-ig-defs.xml file to a location or a thumb drive that you can access from the server running identity applications.

  4. Sign out of the Identity Governance server.

  5. On the server where you installed the identity applications, log in as an administrator.

  6. Stop the application server.

    For example:

    /etc/init.d/netiq-tomcat stop

  7. NOTE:Perform this step only if you are using Identity Governance 3.5 or later. You must have OSP 6.3.1 installed.

    Navigate to the /conf directory of the application server. For example, installation_path/idm/apps/tomcat/conf.

    Edit the ism-configuration.properties file and add the following if you want to use the new jwt token introduced in OSP 6.3.1:

    • com.netiq.idm.osp.oauth.access-token-format.format = jwt

    • com.netiq.idm.osp.oauth.attr.roles.maxValues = 1

    Edit the ism-configuration.properties file and add the following if you want to use the new jwt token introduced in OSP 6.3.1:

    • com.netiq.idm.osp.oauth.access-token-format.format = jwt

    • com.netiq.idm.osp.oauth.attr.roles.maxValues = 1

  8. Place the uaconfig-ig-defs.xml file in the /conf directory. You copied this file from the Identity Governance installation directory in Step 3.

  9. Open the configupdate.sh file in a text editor.

    By default, the file is located in the Identity Applications installation directory. For example, /opt/netiq/idm/apps/configupdate/configupdate.sh.

  10. Add the following line before -Duser.language entry in the file:

    -Dcom.netiq.uaconfig.impl.custom.clients=path_to_conf_dir/uaconfig-ig-defs.xml

    For example:

    -Dcom.netiq.uaconfig.impl.custom.clients=/opt/netiq/idm/apps/tomcat/server/IDMProv/conf/uaconfig-ig-defs.xml

  11. Save and close the file.

  12. Launch the configuration update utility by running ./configupdate.sh from the command prompt.

  13. Select Identity Governance SSO Client tab.

    NOTE:If Identity Governance SSO Client tab is not displayed, ensure that you copied the correct file from the Identity Governance installation directory to the identity applications installation directory.

  14. Specify the values based on the OAuth SSO Client and Security Settings > General Service settings that you specified in Step 6 through Step 7 in Using the Same Authentication Server as Identity Manager.

    The following considerations apply to these settings:

    • By default, the OAuth client ID is iac. You specified the client ID and its password when you specified the client secret during the Identity Governance installation.

    • OAuth redirect URL must be an absolute URL and include the specified value for OAuth client ID. For example, http://myserver.host:8080/oauth.html. By default, the configuration utility provides some of this URL. However, you must ensure that you add the server and port information.

  15. Update the File authentication source with the location of adminusers.txt from /opt/netiq/idm/apps/osp/ directory.

  16. On the Identity Governance server navigate to the /opt/netiq/idm/apps/idgov/bin directory and run the ./configutil.sh -password <passwd> command. In the config utility, point the osp to the common OSP setup.

  17. Run the /opt/netiq/idm/apps/configupdate/configupdate.sh to verify that the OSP server is poining to Identity Manager OSP server.

  18. Update the File authentication source with the location of adminusers.txt from /opt/netiq/idm/apps/osp/ directory.

  19. On the Identity Governance server navigate to the /opt/netiq/idm/apps/idgov/bin directory and run the ./configutil.sh -password <passwd> command. In the config utility, point the osp to the common OSP setup.

  20. Run the /opt/netiq/idm/apps/configupdate/configupdate.sh to verify that the OSP server is poining to Identity Manager OSP server.

  21. Save your changes and close the utility.

  22. Clear the /temp and /work directories in the application server directory.

  23. (Optional) If you are using a secured connection, import the Identity Governance certificate into the Identity Applications trust store.

  24. Start the application server.

    For example:

    /etc/init.d/netiq-tomcat start

  25. Add a link to Identity Governance on the Identity Manager Home page.

  26. On the Identity Governance server, start Identity Governance (and Tomcat).

    For example:

    /etc/init.d/idmapps_tomcat_init start