6.2 Modifying the Base URL

When configuring an Identity Server, you must carefully determine your settings for the base URL, protocol, and domain. Changing the base URL invalidates the trust model and requires a reimport of the provider’s metadata, and a restart of the affected Access Gateway embedded service providers. It also changes the ID of the provider and the URLs that others use for access.

When you change the base URL of the Identity Server, you invalidate the following trusted relationships:

The sessions of any logged in users are destroyed and no user can log in and access protected resources until the trust relationships are re-established.

To modify the base URL and re-establish trust relationships:

  1. In the Administration Console, click Access Manager > Identity Servers > Edit.

  2. Change the protocol, domain, port, and application settings, as necessary.

  3. Click OK.

  4. On the Identity Servers page, click Update.

    This re-creates the trusted Identity Server configuration to use the new Base URL and metadata.

  5. Restart Tomcat on each Identity Server in the configuration. Go to each machine, then enter the following command.

    /etc/init.d/novell-tomcat4 restart

  6. For each Access Manager device configured to trust the configuration of this modified base URL, you must update the device so that the embedded service provider trusts the new Identity Server configuration:

    • Click Access Gateways, then click Update on any servers with a Status of Update.

    • Click SSL VPNs, then click Update on any servers with a Status of Update.

    • Click J2EE Agents, then click Update on any agents with a Status of Update.

  7. For each service provider you have configured to trust the configuration of this modified base URL, you must send them the new metadata and have them re-import it.

For information about setting up SSL and changing an Identity Server from HTTP to HTTPS, see Enabling SSL Communication in the Novell Access Manager 3.0 SP4 Setup Guide.