36.2 Modifying the Basic Settings for Single Sign-on Access

When you install the identity applications, you generally configure the basic settings for single sign-on access. This section helps you ensure that the settings work for your environment.

  1. Run the RBPM Configuration utility.

  2. To modify the authentication settings, complete the following steps:

    1. Click Authentication.

    2. (Conditional) To specify the actual server DNS name or IP address, change all instances of localhost.

      • The specified address must be resolvable from all clients. Use localhost only if all access to Identity Manager will be local, including access through a browser.

      • This “public” host name or IP address should be the same as the value of PublicServerName that you specified when you installed OSP.

      • In a distributed or clustered environment, all of the OAuth URLs should be the same value. The URL should drive client access through your L4 switch or load balancer. Also, the osp.war and configuration files must be installed on each deployment in the environment.

    3. For LDAP DN of Admins Container, click the Browse button, then select the container within the Identity Vault that contains your identity applications administrator.

    4. Specify the OAuth keystore file that you created when you installed OSP.

      Include the keystore file path, keystore file password, key alias, and key password. The default keystore file is osp.jks, and the default key alias is osp.

  3. To modify the single sign-on settings, complete the following steps:

    1. Click SSO Clients.

    2. (Conditional) To specify the actual server DNS name or IP address, change all instances of localhost.

      • The specified address must be resolvable from all clients. Use localhost only if all access to the Dashboard will be local, including access through a browser.

      • This “public” host name or IP address should be the same as the value of PublicServerName that you specified when you installed OSP.

      • In a distributed or clustered environment, all of the OAuth redirect URLs should be the same value. The URL should drive client access through your L4 switch or load balancer.

    3. (Conditional) If you use non-default ports, update the port numbers for the following Identity Manager components:

      • Identity Applications Administration

      • Identity Manager Dashboard

      • Identity Reporting

      • Identity Applications

  4. Click OK to save your changes, then close the configuration utility.

  5. Start Tomcat.