44.2 Modifying the Basic Settings for Single Sign-on Access

When you install the identity applications, you generally configure the basic settings for single sign-on access. This section helps you ensure that the settings work for your environment.

  1. Run the RBPM Configuration utility. For more information, see Section 35.1, Running the Identity Applications Configuration Utility.

  2. To modify the authentication settings, complete the following steps:

    1. Click Authentication.

    2. (Conditional) To specify the actual server DNS name or IP address, change all instances of localhost.

      • The specified address must be resolvable from all clients. Use localhost only if all access to Identity Manager will be local, including access through a browser.

      • This “public” host name or IP address should be the same as the value of PublicServerName that you specified when you installed OSP. For more information, see Section 27.0, Installing Single Sign-on and Password Management for Identity Manager.

      • In a distributed or clustered environment, all of the OAuth URLs should be the same value. The URL should drive client access through your L4 switch or load balancer. Also, the osp.war and configuration files must be installed on each deployment in the environment.

    3. For LDAP DN of Admins Container, click the Browse button, then select the container within the Identity Vault that contains your identity applications administrator.

    4. Specify the OAuth keystore file that you created when you installed OSP. For more information, see Section 27.0, Installing Single Sign-on and Password Management for Identity Manager.

      Include the keystore file path, keystore file password, key alias, and key password. The default keystore file is osp.jks, and the default key alias is osp.

  3. To modify the single sign-on settings, complete the following steps:

    1. Click SSO Clients.

    2. (Conditional) To specify the actual server DNS name or IP address, change all instances of localhost.

      • The specified address must be resolvable from all clients. Use localhost only if all access to Identity Manager Home and the Provisioning Dashboard will be local, including access through a browser.

      • This “public” host name or IP address should be the same as the value of PublicServerName that you specified when you installed OSP. For more information, see Section 27.0, Installing Single Sign-on and Password Management for Identity Manager.

      • In a distributed or clustered environment, all of the OAuth redirect URLs should be the same value. The URL should drive client access through your L4 switch or load balancer.

    3. (Conditional) If you use non-default ports, update the port numbers for the following Identity Manager components:

      • Catalog Administrator

      • Identity Manager Home

      • Provisioning Dashboard

      • Reporting Module

      • User Application

  4. Click OK to save your changes, then close the configuration utility.

  5. Start the application server.