For proper integration, you must link Identity Governance to the Identity Manager Home page for the identity applications. You can also choose to use the same authentication server that the identity applications use to verify login attempts. This process includes the following activities:
This section describes how to add a link in Identity Governance so users can easily switch to Identity Manager Home.
Log in to Identity Governance with an account that has the Global Administrator authorization.
Select Administration > General Settings.
For Home Page URL, specify the URL for Identity Manager Home.
Select Save.
Sign out of Identity Governance.
(Optional) To verify the integration, complete the following steps:
Log in to Identity Governance. Verify that Identity Governance lists Home in the navigation pane.
Select Home, and verify that it takes you to the Identity Manager Home page.
This section describes how to configure Identity Governance to use the same authentication server as Identity Manager identity applications for verifying users who log in. This section assumes that, when you installed Identity Governance, you did not specify the Identity Manager authentication server. For example, you might have installed Identity Governance before adding Identity Manager to your environment.
NOTE:Identity Applications use https communication by default. You should create a wildcard certificate on one of the servers and copy the certificate on all the servers.
For example, the wildcard certificate *.example.com is created on OSP server.
Add this certificate to the keystoreFile on all the servers.
Restart Tomcat on all the servers.
Ensure that keystoreFile is updated in the server.xml.
<Connector port="8543" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="conf/tomcat.ks" keystorePass="novell" sslEnabledProtocols="TLSv1.2" />
Stop Identity Governance (and Tomcat).
For example:
/etc/init.d/idmapps_tomcat_init stopIn the Identity Governance Configuration Utility, select Authentication Server Details.
Clear Same as IG Server.
Specify the protocol, DNS host name or IP address, and port that represent the authentication server for Identity Manager identity applications.
NOTE:To use TLS/SSL protocol for secure communications, select https.
Select Save.
Make a note of the settings for the authentication server.
The values for these settings must match the settings that you specify for Identity Governance in the RBPM Configuration utility. For more information, see Configuring Identity Manager for Integration.
Select Security Settings, and make a note of the settings in the General Service section.
The values for these settings must match the settings that you specify for Identity Governance in the RBPM Configuration utility. For more information, see Configuring Identity Manager for Integration.
Close the utility.
(Optional) If you are using a secured connection, import the Identity Applications certificate into the Identity Governance trust store.
Start Identity Governance. For example:
/etc/init.d/idmapps_tomcat_init start
You should register Identity Applications server details on Identity Governance server that allows Identity Applications to access Identity Governance through Identity Manager Dashboard.
Perform the following steps to register Identity Applications server:
Log in to Identity Governance server as an administrator.
Stop the application server.
/etc/init.d/idmapps_tomcat_init stop
Launch the configuration update utility in the console mode.
For example,
/opt/netiq/idm/apps/idgov/bin/configutil.sh -password $db_password -console
Specify the following commands to register the Identity Applications server.
ap com.netiq.iac2.clientID $OSP_CLIENT_OF_RBPM
For example, ap com.netiq.iac2.clientID rbpm
ap com.netiq.iac2.clientPass $CLIENT_PASSWORD_OF_RBPM
For example, ap com.netiq.iac2.clientPass novell
ap com.netiq.iac.CORSclient $URL_OF_RBPM_MACHINE
For example, ap com.netiq.iac.CORSclient https://myhost:8543
ap com.netiq.iac2.redirect.url $RBPM_OSP_CLIENT_REDIRECT_URL
For example, ap com.netiq.iac2.redirect.url https://myhost:8543/idmdash/oauth
Verify the values using following commands.
dc com.netiq.iac2.clientID dc com.netiq.iac2.clientPass dc com.netiq.iac.CORSclient dc com.netiq.iac2.redirect.url
These values are stored in th ism-configuration.properties file that is located at:
/opt/netiq/idm/apps/tomcat/conf/ism-configuration.properties
After registering the Identity Applications server on the Identity Governance server, you should update the Identity Governance URL in the Identity Manager Dashboard to see the Identity Governance tasks.
Log in to Identity Manager Dashboard as an administrator.
Select YourID > Settings > Customization.
Select General from Navigation items and specify the Identity Governance URL.
For more information, see Changing Identity Applications Client Settings and Customizing the Views.