This section explains how to add your Identity Server to a cluster, how to configure the cluster to use SSL, and how to configure the cluster to communicate with the LDAP server so users can access their authentication credentials.
What You Need to Know |
Example |
Your Value |
|
---|---|---|---|
LDAP server information: |
|
|
|
DN of the administrator |
cn=admin,o=novell |
_______________________ |
|
|
Password of the administrator |
novell |
_______________________ |
|
IP address of the LDAP server |
10.10.10.16 |
_______________________ |
|
DN of the user container |
o=novell |
_______________________ |
DNS name of the Identity Server |
ipda.test.novell.com |
_______________________ |
|
Certificate name |
ipda_test |
________________________ |
|
Certificate subject fields: |
|
|
|
|
Common name |
ipda.test.novell.com |
________________________ |
|
Organizational unit |
o=novell |
________________________ |
|
Organization |
test |
_______________________ |
|
City or town |
Provo |
________________________ |
|
State or province |
UT |
_______________________ |
|
Country |
US |
_______________________ |
Names you need to create: |
|
|
|
|
Identity Server cluster name |
idpa |
_______________________ |
|
User store name |
User Store |
_______________________ |
|
Replica name |
User Store Replica |
_______________________ |
|
Alias certificate name |
UserStoreRoot |
_______________________ |
Organization information for the Identity Server cluster: |
|
|
|
|
Name |
Access Manager |
________________________ |
|
Display name |
Access Manager 3 |
________________________ |
|
URL |
ipda.am3sp3.com |
________________________ |
For more information, see |
In the Administration Console, click
> .Click
.Specify a name such as idpa, select your Identity Server, then click .
Configure the Base URL of the Identity Server, using the DNS name of the Identity Server:
https://idpa.test.novell.com:8443/nidp
On the
line, click the icon, then click .In the
box, click the icon.On the Certificates page, click
.Select
.Fill in the following fields:
Certificate name: idpa_test
Signature algorithm: Accept the default.
Valid from: Accept the default.
Months valid: Accept the default.
Key size: Accept the default.
Click the
icon on the line.Fill in the following fields:
Common name: idpa.test.novell.com
Organizational unit: o=novell
Organization: test
City or town: Provo
State or province: UT
Country: US
Click
twice.Verify that the new certificate is selected, then click
.In the
box, click , then click .To configure the organization information, click
, then fill in the following fields:Name: Access Manager
Display name: Access Manager 3
URL: ipda.am3sp3.com
Click
, then configure the user store:Name: User Store
Admin name: cn=admin,o=novell
Admin password: novell
Confirm password: novell
Directory Type: Select a type from the drop-down menu.
In the
section, click , then fill in the following fields:Name: User Store Replica
IP Address: 10.10.10.16
Use secure LDAP connections: Select this option.
Auto import trusted root: Click this link, follow the prompts, and specify UserStoreRoot for the alias.
Click
, then make sure the Validation Status of the replica displays a green check mark. If it is red, you have a configuration error:Check the distinguished name of the admin user, the password, and the IP address of the replica.
Check for network communication problems between the Identity Server and the LDAP server.
In the
section, click , then specify the following:Search context: o=novell
Scope: Subtree
Click
, click , then restart Tomcat as prompted.Wait for the health status of the Identity Server to turn green, then verify the configuration:
Enter the Base URL of the Identity Server in a browser.
https://idpa.test.novell.com:8443/nidp
Log in using the credentials of a user in the LDAP server.
The user portal appears.
If the URL returns an error rather than displaying a login page, verify the following:
The browser machine can resolve the DNS name of the Identity Server.
The browser machine can access port 8443.