This section provides information prerequisites, considerations, and system setup that are needed to install One SSO Provider (OSP).
NetIQ recommends that you complete the steps in the following checklist:
Checklist Items |
|
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
The following Identity Manager components require OSP for user authentication:
Identity Applications
Identity Reporting
Before installing OSP, NetIQ recommends that you review the following considerations:
To run OSP, you can use your own Tomcat installation program instead of the one provided in the Identity Manager installation kit. However, to use the Apache Log4j service with your version of Tomcat, ensure that you have the appropriate files installed. For more information, see Using the Apache Log4j Service to Log Sign-on.
OSP requires trust certificates to ensure that the identity applications and reporting can communicate with the authentication server. The installation process automatically creates a certificate for TLS/SSL in the osp.jks file. You can also have the process create the Trusted Root Certificate for a SAML Assertion to eDirectory.
NOTE:These certificates expire two years after their creation date. You must create new certificates when the original ones expire. For more information, see Authentication Server and Configuring Single Sign-on Access in Identity Manager in the NetIQ Identity Manager - Administrator’s Guide to the Identity Applications.
OSP requires Apache Tomcat application server. The version of Tomcat must be the same as required for the identity applications.
All other server requirements match the server requirements for the identity applications. For more information, see Prerequisites and Considerations for Installing the Identity Applications and the most recent Release Notes for this version.
You can use either the Apache Log4j or java.util.logging service to record events that occur in Tomcat. The Tomcat installer in the Identity Manager installation kit includes the files that you need for Log4j. However, if you install your own version of Tomcat, you need the following files to use the Apache logging service:
log4j-1.2.16.jar
tomcat-juli-adapters.jar
tomcat-juli.jar
To add the files to your Tomcat installation, complete the following steps:
Download the “JULI” files for Tomcat v8.5.x from the Apache website:
tomcat-juli.jar
tomcat-juli-adapters.jar
Download the log4j-1.2.16.jar file from the Apache website.
Place the following files in the $TOMCAT_HOME\lib directory:
log4j-1.2.16.jar
tomcat-juli-adapters.jar
Place the tomcat-juli.jar file in the $TOMCAT_HOME\bin directory.
Specify a value for -Dlog4j.configuration in CATALINA_OPTS or create a log4j.properties file in the $TOMCAT_HOME\lib directory.