2.1 New Identity Server Cluster Configuration

This section explains how to add your Identity Server to a cluster and how to configure the cluster to communicate with the LDAP server and use its authentication credentials.

What you need to know

Example

Your Value

LDAP server information:

 

 

DN of the administrator

cn=admin,o=novell

______________________

 

Password of the administrator

novell

_______________________

 

IP address of the LDAP server

10.10.10.16

______________________

 

DN of the user container

o=novell

______________________

DNS name of the Identity Server

ipda.test.novell.com

______________________

Names you need to create:

 

 

 

Identity Server cluster name

idpa

______________________

 

User store name

User Store

_______________________

 

Replica name

User Store Replica

_______________________

 

Alias certificate name

UserStoreRoot

_______________________

Organization information for the Identity Server cluster:

 

 

 

Name

Access Manager

________________________

 

Display name

Access Manager 3

________________________

 

URL

ipda.am3sp3.com

________________________

For more information, see Creating a Basic Identity Server Configuration in the Novell Access Manager 3.0 SP4 Setup Guide.

  1. In the Administration Console, click the Identity Servers task.

  2. Click New Cluster.

  3. Specify a name such as idpa, select your Identity Server, then click OK.

  4. Configure the Base URL of the Identity Server, using the DNS name of the Identity Server:

    http://idpa.test.novell.com:8080/nidp

  5. Click Next, then configure the organization information.

    Name: Access Manager

    Display name: Access Manager 3

    URL: ipda.am3sp3.com

  6. Click Next, then configure the user store:

    Name: User Store

    Admin name: cn=admin,o=novell

    Admin password: novell

    Confirm password: novell

    Directory Type: Select a type from the drop-down menu.

  7. In the Server replicas section, click New, then fill in the following fields:

    Name: User Store Replica

    IP Address: 10.10.10.16

    Use secure LDAP connections: Select this option.

    Auto import trusted root: Click this link, follow the prompts, and specify UserStoreRoot for the alias.

  8. Click OK, then make sure the Validation Status of the replica displays a green check mark. If it is red, you have a configuration error:

    • Check the distinguished name of the admin user, the password, and the IP address of the replica.

    • Check for network communication problems between the Identity Server and the LDAP server.

  9. In the Search Contexts section, click New, then specify the following:

    Search context: o=novell

    Scope: Subtree

  10. Click OK > Finish, then restart Tomcat as prompted.

  11. Wait for the health status of the Identity Server to turn green, then verify the configuration:

    1. Enter the Base URL of the Identity Server in a browser. 

      http://idpa.test.novell.com:8080/nidp

    2. Log in using the credentials of a user in the LDAP server.

      The user portal appears.

      If the URL returns an error rather than displaying a login page, verify the following:

      • The browser machine can resolve the DNS name of the Identity Server.

      • The browser machine can access the port.

IMPORTANT:Please provide feedback on this document by using the Add Comment link at the bottom of each page. We need to know whether it provides the right amount of information (too much? too little?) to get the Identity Server configured.