When configuring an Identity Server, you must carefully determine your settings for the base URL, protocol, and domain. Changing the base URL invalidates the trust model and requires a reimport of the provider’s metadata, and a restart of the affected Access Gateway embedded service providers. It also changes the ID of the provider and the URLs that others use for access.
When you change the base URL of the Identity Server, you invalidate the following trusted relationships:
The trusted relationships that the Identity Server has established with each Access Manager device that has been configured to use the Identity Server for authentication
The trusted relationship that each Access Manager device has established with the Identity Server when the Identity Server configuration was selected.
The trusted relationships that the Identity Server has established with other service providers.
The sessions of any logged in users are destroyed and no user can log in and access protected resources until the trust relationships are re-established.
To modify the base URL and re-establish trust relationships:
In the Administration Console, click
> > .Change the protocol, domain, port, and application settings, as necessary.
Click
.On the Identity Servers page, click
.This re-creates the trusted Identity Server configuration to use the new Base URL and metadata.
Restart Tomcat on each Identity Server in the configuration. Go to each machine, then enter the following command.
/etc/init.d/novell-tomcat4 restart
For each Access Manager device configured to trust the configuration of this modified base URL, you must update the device so that the embedded service provider trusts the new Identity Server configuration:
Click
, then click on any servers with a of .Click
, then click on any servers with a of .Click
, then click on any agents with a of .For each service provider you have configured to trust the configuration of this modified base URL, you must send them the new metadata and have them re-import it.
For information about setting up SSL and changing an Identity Server from HTTP to HTTPS, see Enabling SSL Communication
in the Novell Access Manager 3.0 SP4 Setup Guide.