When you configure an Identity Server, you must carefully determine your settings for the base URL, protocol, and domain. Changing the base URL invalidates the trust model and requires a re-import of the provider’s metadata, and a restart of the affected Embedded Service Providers. It also changes the ID of the provider and the URLs that others use for access.
When you change the base URL of Identity Server, you invalidate the following trusted relationships:
The trusted relationships that Identity Server has established with each Access Manager device that has been configured to use Identity Server for authentication
The trusted relationship that each Access Manager device has established with Identity Server when Identity Server configuration was selected.
The trusted relationships that Identity Server has established with other service providers.
The sessions of any logged-in users are destroyed and no user can log in and access protected resources until the trust relationships are reestablished.
Perform the following steps to modify the base URL and reestablish trust relationships:
Click Devices > Identity Servers > Edit.
Change the protocol, domain, port, and application settings, as necessary.
Click OK.
On the Identity Servers page, click Update.
This re-creates the trusted Identity Server configuration to use the new base URL and metadata.
Restart Tomcat on each Identity Server in the configuration:
Specify one of the following commands:
/etc/init.d/novell-idp restart
systemctl restart -idp
For the Docker deployment, perform the following steps:
Run the kubectl get pods command to view the Access Manager pods.
Go to the Identity Server pod by running the kubectl exec --namespace <name-of-the-namespace> -it pod/<name-of-the-identity-server-pod> -- sh command.
Run the /etc/init.d/novell-idp restart or systemctl restart -idp command.
For each Access Manager device configured to trust the configuration of this modified base URL, you must update the device so that the Embedded Service Provider trusts the new Identity Server configuration:
Click Access Gateways, then click Update for any servers with a Status of Update.
For each service provider you have configured to trust the configuration of this modified base URL, you must send them the new metadata and have them re-import it.
For information about setting up SSL and changing an Identity Server from HTTP to HTTPS, see Section 20.0, Enabling SSL Communication.