3.1 Configuring a New Identity Server Cluster with SSL

This section explains how to add your Identity Server to a cluster, how to configure the cluster to use SSL, and how to configure the cluster to communicate with the LDAP server so users can access their authentication credentials.

What You Need to Know


Your Value

LDAP server information:



DN of the administrator




Password of the administrator




IP address of the LDAP server



DN of the user container



DNS name of the Identity Server



Certificate name



Certificate subject fields:




Common name




Organizational unit








City or town




State or province







Names you need to create:




Identity Server cluster name




User store name

User Store



Replica name

User Store Replica



Alias certificate name



Organization information for the Identity Server cluster:





Access Manager



Display name

Access Manager 3






For more information, see Creating a Basic Identity Server Configuration in the NetIQ Access Manager 3.1 SP5 Setup Guide.

  1. In the Administration Console, click Devices > Identity Servers.

  2. Click New Cluster.

  3. Specify a name such as idpa, select your Identity Server, then click OK.

  4. Configure the Base URL of the Identity Server, using the DNS name of the Identity Server:

  5. On the SSL Certificate line, click the Select Certificate icon, then click Replace.

  6. In the Replace box, click the Select Certificate icon.

  7. On the Certificates page, click New.

  8. Select Use local certificate authority.

  9. Fill in the following fields:

    Certificate name: idpa_test

    Signature algorithm: Accept the default.

    Valid from: Accept the default.

    Months valid: Accept the default.

    Key size: Accept the default.

  10. Click the Edit icon on the Subject line.

  11. Fill in the following fields:

    Common name: idpa.test.novell.com

    Organizational unit: o=novell

    Organization: test

    City or town: Provo

    State or province: Utah

    Country: US

  12. Click OK twice.

  13. Verify that the new certificate is selected, then click OK.

  14. In the Replace box, click OK, then click Close.

  15. To configure the organization information, click Next, then fill in the following fields:

    Name: Access Manager

    Display name: Access Manager 3

    URL: idpa.am.novell.com

  16. Click Next, then configure the user store:

    Name: User Store

    Admin name: cn=admin,o=novell

    Admin password: novell

    Confirm password: novell

    Directory Type: Select a type from the drop-down menu.

  17. In the Server replicas section, click New, then fill in the following fields:

    Name: User Store Replica

    IP Address:

    Use secure LDAP connections: Select this option.

    Auto import trusted root: Click this link, follow the prompts, and specify UserStoreRoot for the alias.

  18. Click OK, then make sure the Validation Status of the replica displays a green check mark. If the check mark is red, you have a configuration error:

    • Check the distinguished name of the admin user, the password, and the IP address of the replica.

    • Check for network communication problems between the Identity Server and the LDAP server.

  19. In the Search Contexts section, click New, then specify the following:

    Search context: ou=users,o=novell

    Scope: Subtree

  20. Click OK, click Finish, then restart Tomcat as prompted.

  21. Wait for the health status of the Identity Server to turn green, then verify the configuration:

    1. Enter the Base URL of the Identity Server in a browser.

    2. Log in using the credentials of a user in the LDAP server.

      The user portal appears.

      If the URL returns an error rather than displaying a login page, verify the following:

      • The browser machine can resolve the DNS name of the Identity Server.

      • The browser machine can access port 8443.