2.13 Configuring the Roles Based Provisioning Module and Application Server

Before using Identity Manager Home and the Provisioning Dashboard, you must run the Roles Based Provisioning Module Configuration utility (configupdate.sh) and configure the Roles Based Provisioning Module and JBoss application server.

The Roles Based Provisioning Module Configuration utility allows you to configure the following “realms” within Identity Manager:

NOTE:

  • You should not need to modify any settings in the User Application or Reporting tabs of the utility.

  • The utility only displays the Reporting tab if you have the Reporting Module installed in your environment.

To run the utility, complete the following steps:

  1. Using a text editor, open the configupdate.sh file, located in the User Application installation directory. For example: /opt/novell/idm/configupdate.sh

  2. In configupdate.sh, ensure the following options are configured correctly:

    -edit_admin true

    -use_console false

    NOTE:You should only configure the value of -use_console to be true if you want to run the utility in console mode.

  3. Save and close configupdate.sh.

  4. Start the User Application Configuration utility by running ./configupdate.sh from the command prompt.

    NOTE:You may need to wait a few minutes for the utility to finish starting up.

  5. Click the Authentication tab.

  6. (Conditional) Change all instances of localhost to specify the actual server DNS name or IP address. You should only use localhost if all access to Identity Manager Home and the Provisioning Dashboard will be local, including access through a browser. The address must be resolvable from all clients.

    NOTE:This “public” host name or IP address should be the same as the value of the -dname option specified in Creating a Keystore for One SSO Provider.

  7. For the LDAP DN of Admins Container setting, click the Browse button and select the container within the Identity Vault that contains your User Application administrator.

  8. Specify the OAuth keystore file you created in Creating a Keystore for One SSO Provider, including the keystore file path, keystore file password, key alias, and key password. The default keystore file is osp.jks, and the default key alias is osp.

  9. Click the SSO Clients tab.

  10. (Conditional) Change all instances of localhost to specify the actual server DNS name or IP address. You should only use localhost if all access to Identity Manager Home and the Provisioning Dashboard will be local, including access through a browser. The address must be resolvable from all clients.

    NOTE:This “public” host name or IP address should be the same as the value of the -dname option specified in Creating a Keystore for One SSO Provider.

  11. (Conditional) If you configured specific ports in your environment for use with the User Application, Identity Manager Home, the Provisioning Dashboard, the Reporting Module, or the Catalog Administrator, modify the port numbers as necessary.

  12. Click OK to save your changes.