6.0 Security Best Practices

This section contains a description of the security parameters unique to the SAP Portal driver.

For additional information about securing your Identity Manager system, see the Identity Manager 3.6 Security Guide.

To increase security, you can configure the SAP Portal driver to communicate over HTTPS, then create a secure connection for it to use.

To create a secure connection:

  1. Create a server certificate in iManager.

    1. In the Roles and Tasks view, click Novell Certificate Server > Create Server Certificate.

    2. Browse to and select the server object where the SAP Portal driver is installed.

    3. Specify a certificate nickname.

    4. Select Standard as the creation method, then click Next.

    5. Click Finish, then click Close.

  2. Export a self-signed certificate from the certificate authority in eDirectory™.

    1. In the Roles and Tasks view, click Directory Administration > Modify Object.

    2. Select your tree’s certificate authority object, then click OK.

      It is usually found in the Security container and is named something like TREENAME CA.Security.

    3. Click Certificate > Self Signed Certificate.

    4. Click Export.

    5. When you are asked if you want to export the private key with the certificate, click No, then click Next.

    6. Depending on the client to be accessing the Web service, select either File in binary DER format or File in Base64 format for the certificate, then click Next.

      If the client uses a Java-based keystore or trust store, then you can choose either format.

    7. Click Save the exported certificate to a file.

    8. Click Save and browse to a known location on your computer.

    9. Click Save, then click Close.

  3. Import the self-signed certificate into the client’s trust store:

    1. Use the keytool executable that is included with any Java* JDK*.

      For more information on keytool, see Keytool - Key and Certificate Management Tool.

    2. Import the certificate into your trust store or create a new trust store by entering the following command at a command prompt:

      keytool -import -file name_of_cert_file -trustcacerts -noprompt 
      -keystore filename -storepass password        

      For example:

      keytool -import -file tree_ca_root.b64 -trustcacerts -noprompt -keystore dirxml.keystore -storepass novell
  4. Configure the Subscriber channel to use the trust store you created in Step 3:

    1. In iManager, in the Roles and Tasks view, click Identity Manager > Identity Manager Overview.

    2. Locate the driver set containing the SAP Portal driver, then click the driver’s icon to display the Identity Manager Driver Overview page.

    3. On the Identity Manager Driver Overview page, click the driver’s icon again, then scroll to Subscriber Settings.

    4. In the Keystore File setting, specify the path to the trust store you created in Step 3.

  5. Click Apply, then click OK.