Let us assume that your setup details are as follows:
Base URL of the Identity Server cluster: https://abc.idp.com:8443/nidp
Value of the common name of the Certificate, cn=*.idp.com
Details of the Identity Server nodes:
Identity Server |
IP Address |
Host |
---|---|---|
Node 1 |
1.1.1.10 |
abc |
Node 2 |
1.1.1.11 |
auth |
Perform the following steps to configure a dual connector setup:
NOTE:The second Identity Sever node acts as a connector host.
Create an X.509 authentication class and method. See Configuring X.509 Authentication and Configuring Attribute Mappings.
Navigate to Devices > Identity Servers > Edit > Local > Methods.
Select the X.509 authentication method and click New under Properties.
Specify the following details:
Property Name: CONNECTOR_HOST
Property Value: https://auth.idp.com:8448
NOTE:Do not add a / after the port number.
Navigate to Devices > Identity Servers > Edit > Options.
Click New and specify the following details:
Property Name: CLUSTER COOKIE DOMAIN
Property Value: .idp.com
Property Name: CLUSTER COOKIE PATH
Property Value: /nidp
(Identity Server Node 1 and Node 2) Back up server.xml and context.xml files located at the following paths:
server.xml: /opt/novell/nam/idp/conf
context.xml: /opt/novell/nids/lib/webapp/META-INF
In the Identity Server Node 1, navigate to the /opt/novell/nam/idp/conf directory.
Open the server.xml file.
Search the <Connector NIDP_Name="connector" string and create a copy of the existing connector in the same file.
In the new connector, change the port number to 8448.
NOTE:Ensure that clientAuth="false".
Save the server.xml file.
In the Identity Server Node 2, navigate to the /opt/novell/nam/idp/conf directory.
Open the server.xml file.
Search the <Connector NIDP_Name="connector" string and create a copy of the existing connector in the same file.
In the new connector, change the port number to 8448.
Change the clientAuth="false" string to clientAuth="want".
Add protocol="org.apache.coyote.http11.Http11NioProtocol".
Save the server.xml file.
(Identity Server Node 1 and Node 2) Navigate to the /opt/novell/nids/lib/webapp/META-INF directory and open the context.xml file.
Ensure that the following strings are available:
<Context sessionCookiePath="/" sessionCookieDomain=".idp.com"> <Manager pathname="" saveOnRestart="false"/> <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" /> </Context>
Save the files and restart both the Identity Server nodes. Check the log files and ensure that there are no errors.
Create a user certificate. See Section 15.0, Creating Certificates.
Import the certificate to the browser.
Create a contract for the method. See Configuring Authentication Contracts.
To verify that the dual connector setup configuration is successful, execute the X.509 dual connector contract as an end user and ensure that the CONNECTOR_HOST URL is visible in the browser URL and in the Identity Server logs.
At the User Portal, select the X.509 dual connector contract.
Select the user certificate when prompted.
A successful login to the User Portal verifies that the dual connector setup configuration is complete.