3.1 Configuring a New Identity Server Cluster with SSL

This section explains how to add your Identity Server to a cluster, how to configure the cluster to use SSL, and how to configure the cluster to communicate with the LDAP server so users can access their authentication credentials.

What You Need to Know

Example

Your Value

LDAP server information:

 

 

DN of the administrator

cn=admin,o=novell

_______________________

 

Password of the administrator

novell

_______________________

 

IP address of the LDAP server

10.10.10.16

_______________________

 

DN of the user container

ou=users,o=novell

_______________________

DNS name of the Identity Server

idpa.test.novell.com

_______________________

Certificate name

idpa_test

________________________

Certificate subject fields:

 

 

 

Common name

idpa.test.novell.com

________________________

 

Organizational unit

o=novell

________________________

 

Organization

test

_______________________

 

City or town

Provo

________________________

 

State or province

Utah

_______________________

 

Country

US

_______________________

Names you need to create:

 

 

 

Identity Server cluster name

idpa

_______________________

 

User store name

User Store

_______________________

 

Replica name

User Store Replica

_______________________

 

Alias certificate name

UserStoreRoot

_______________________

Organization information for the Identity Server cluster:

 

 

 

Name

Access Manager

________________________

 

Display name

Access Manager 3

________________________

 

URL

idpa.am.novell.com

________________________

For more information, see Creating a Basic Identity Server Configuration in the NetIQ Access Manager 3.1 SP5 Setup Guide.

  1. In the Administration Console, click Devices > Identity Servers.

  2. Click New Cluster.

  3. Specify a name such as idpa, select your Identity Server, then click OK.

  4. Configure the Base URL of the Identity Server, using the DNS name of the Identity Server:

    https://idpa.test.novell.com:8443/nidp
    
  5. On the SSL Certificate line, click the Select Certificate icon, then click Replace.

  6. In the Replace box, click the Select Certificate icon.

  7. On the Certificates page, click New.

  8. Select Use local certificate authority.

  9. Fill in the following fields:

    Certificate name: idpa_test

    Signature algorithm: Accept the default.

    Valid from: Accept the default.

    Months valid: Accept the default.

    Key size: Accept the default.

  10. Click the Edit icon on the Subject line.

  11. Fill in the following fields:

    Common name: idpa.test.novell.com

    Organizational unit: o=novell

    Organization: test

    City or town: Provo

    State or province: Utah

    Country: US

  12. Click OK twice.

  13. Verify that the new certificate is selected, then click OK.

  14. In the Replace box, click OK, then click Close.

  15. To configure the organization information, click Next, then fill in the following fields:

    Name: Access Manager

    Display name: Access Manager 3

    URL: idpa.am.novell.com

  16. Click Next, then configure the user store:

    Name: User Store

    Admin name: cn=admin,o=novell

    Admin password: novell

    Confirm password: novell

    Directory Type: Select a type from the drop-down menu.

  17. In the Server replicas section, click New, then fill in the following fields:

    Name: User Store Replica

    IP Address: 10.10.10.16

    Use secure LDAP connections: Select this option.

    Auto import trusted root: Click this link, follow the prompts, and specify UserStoreRoot for the alias.

  18. Click OK, then make sure the Validation Status of the replica displays a green check mark. If the check mark is red, you have a configuration error:

    • Check the distinguished name of the admin user, the password, and the IP address of the replica.

    • Check for network communication problems between the Identity Server and the LDAP server.

  19. In the Search Contexts section, click New, then specify the following:

    Search context: ou=users,o=novell

    Scope: Subtree

  20. Click OK, click Finish, then restart Tomcat as prompted.

  21. Wait for the health status of the Identity Server to turn green, then verify the configuration:

    1. Enter the Base URL of the Identity Server in a browser.

      https://idpa.test.novell.com:8443/nidp
      
    2. Log in using the credentials of a user in the LDAP server.

      The user portal appears.

      If the URL returns an error rather than displaying a login page, verify the following:

      • The browser machine can resolve the DNS name of the Identity Server.

      • The browser machine can access port 8443.