Identity Governance allows you to change your network setting or the runtime instance settings after you have completed the installation. You change the network setting for the different Identity Governance components in different utilities, and there are multiple places that you must ensure that you change the network setting to have it take effect.
You must change your network setting on the servers running the different Identity Governance components. You must then perform the following additional steps to change the network settings for the Identity Governance components.
You must perform the following steps for each component, even if the components reside on the same server. The different components contain different settings that store networking information. Use the following information to change the Identity Governance network settings for the different Identity Governance components.
You change the network settings for Identity Governance through the Identity Governance Configuration utility. You must change the settings in multiple locations to ensure that Identity Governance uses the new network settings.
To change the network settings:
Update the IP address and DNS name of the server and Apache Tomcat using the server and Apache Tomcat documentation.
Stop Apache Tomcat. For more information, see Section 3.5.3, Starting and Stopping Apache Tomcat.
(Conditional) If you clustered Identity Governance stop Apache Tomcat on each node in the cluster.
Update the DNS names in the setenv script that sets the environment variables for Apache Tomcat.
Open the setenv file in a text editor. The default location of the file is:
Linux: /opt/netiq/idm/apps/tomcat/bin/setenv.sh
Windows: C:\netiq\idm\apps\tomcat\bin\setenv.bat
Change the IP address or DNS name associated with com.netiq.idm.osp.client.host to the new fully-qualified DNS name.
Save and close the file.
(Conditional) If you clustered Identity Governance repeat Step 4 on each node of the cluster.
Update the DNS names in the ism-configuration.properties file.
Open the ism-configuration.properties file in a text editor.
Linux: /opt/netiq/idm/apps/tomcat/conf/ism-configuration.properties
Windows: C:\netiq\idm\apps\tomcat\conf\ism-configuration.properties
Change the IP address or DNS name associated with the following attributes to the new fully-qualified DNS name:
com.netiq.idm.osp.url.host
com.netiq.iac.url.local.host
com.netiq.rpt.authserver.url
com.netiq.rpt.access.review.url
com.netiq.rpt.landing.url
com.netiq.rpt.rpt-web.redirect.url
Save and close the file.
(Conditional) If you clustered Identity Governance repeat Step 6 on each node in the cluster.
Update the DNS names in the Identity Governance Configuration utility.
Ensure that the Identity Governance database is running.
Start the Identity Governance Configuration utility with the database password. The default location is:
Linux: /opt/netiq/idm/apps/idgov/bin/configutil.sh
Windows: C:\netiq\idm\apps\idgov\bin\configutil.bat
For example, use the following command in Linux environments:
./configutil.sh -password %PASSWORD%
Change the IP address or DNS name associated with the following attributes on the specified tabs to the new fully-qualified DNS name:
Tab |
Setting |
---|---|
Authentication Server Details |
|
Network Topology |
Nodes Host Name |
Workflow Settings |
JMS broker URI |
Exit the utility.
(Conditional) If you have clustered Identity Governance repeat Step 8 on each node in the cluster.
IMPORTANT:Do not restart Apache Tomcat until the networking settings have been changed for each node in the cluster.
Start Apache Tomcat.
(Conditional) If you clustered Identity Governance start Apache Tomcat on each node in the cluster.
The steps to change the network settings for the authentication service depend on which authentication service you are using. Use the following information to change the network settings for your authentication service:
To change the network setting for OSP requires that you change the network settings for the server or servers running OSP and change the network setting in Apache Tomcat.
To change the network settings for OSP:
Update the IP address and DNS name of the server and Apache Tomcat using the server and Apache Tomcat documentation.
Stop Apache Tomcat on the OSP server. For more information, see Section 3.5.3, Starting and Stopping Apache Tomcat.
(Conditional) If you have clustered OSP stop Apache Tomcat on each node in the cluster.
Update the DNS names in the setenv script that sets the environment variables for Apache Tomcat.
Open the setenv file in a text editor. The default location of the file is:
Linux: /opt/netiq/idm/apps/tomcat/bin/setenv.sh
Windows: C:\netiq\idm\apps\tomcat\bin\setenv.bat
Change the IP address or DNS name associated with com.netiq.idm.osp.client.host to the new fully-qualified DNS name.
Save and close the file.
(Conditional) If you clustered OSP repeat Step 4 on each node in the cluster.
Update the DNS names in the ism-configuration.properties file.
Open the ism-configuration.properties file in a text editor.
Linux: /opt/netiq/idm/apps/tomcat/conf/ism-configuration.properties
Windows: C:\netiq\idm\apps\tomcat\conf\ism-configuration.properties
Change the IP address or DNS name associated with the following attributes to the new fully-qualified DNS name:
com.netiq.idm.osp.url.host
com.netiq.iac.url.local.host
com.netiq.rpt.authserver.url
com.netiq.rpt.access.review.url
com.netiq.rpt.landing.url
com.netiq.rpt.rpt-web.redirect.url
Save and close the file.
(Conditional) If you clustered OSP repeat Step 6 on each node in the cluster.
Update the DNS name in the Identity Governance Configuration Update utility.
Launch the Identity Governance Configuration Update utility on the Identity Governance server. For more information, see Section 15.1.5, Using the Identity Governance Configuration Update Utility.
Click the Authentication tab.
Click Show Advanced Options at the end of the page.
Update the OAuth server host and OAuth ports with the new fully qualified DNS name and port.
Update the truststore file path and password for the new certificate.
Click OK to save the changes and the Identity Governance Configuration Update utility automatically closes.
(Conditional) If you clustered OSP repeat Step 8 on each node in the cluster.
IMPORTANT:Do not restart Apache Tomcat until the networking settings have been changed for each node in the cluster.
Start Apache Tomcat.
(Conditional) If you clustered OSP start Apache Tomcat on each node in the cluster.
To change the network setting for Access Manager requires that you change the networking setting in Access Manager first and then make the changes in Identity Governance.
To change the network settings for Access Manager:
Update the IP address and DNS name of the server and Apache Tomcat using the server and Apache Tomcat documentation.
Change the IP address and DNS name in Access Manager. For more information, see Configuring Access Manager
in the NetIQ Access Manager 5.0 Administration Guide.
Stop Apache Tomcat on the Identity Governance server. For more information, see Section 3.5.3, Starting and Stopping Apache Tomcat.
(Conditional) If you have clustered Identity Governance stop Apache Tomcat on each node in the cluster.
Update the DNS name in the Identity Governance Configuration Update utility.
Launch the Identity Governance Configuration Update utility on the Identity Governance server. For more information, see Section 15.1.5, Using the Identity Governance Configuration Update Utility.
Click the Authentication tab.
Click Show Advanced Options at the end of the page.
Update the OAuth server host and OAuth ports with the new Access Manager fully qualified DNS name and port.
Update the truststore file path and password for the new certificate.
Click OK to save the changes and the Identity Governance Configuration Update utility automatically closes.
(Conditional) If you have clustered Identity Governance repeat Step 5 on each node in the cluster.
IMPORTANT:Do not restart Apache Tomcat until the networking settings have been changed for each node in the cluster.
Start Apache Tomcat.
(Conditional) If you clustered Identity Governance start Apache Tomcat on each node in the cluster.
You can change the networking settings for Identity Reporting. You must perform the following steps if you have Identity Reporting installed on the same server as Identity Governance or if it is installed on a separate server.
To change the network settings for Identity Reporting:
Update the IP address and DNS name of the server and Apache Tomcat using the server and Apache Tomcat documentation.
(Conditional) If you clustered Identity Reporting ensure that you change the IP address and DNS name of each node in the cluster and each instance of Apache Tomcat using the server and Apache Tomcat documentation.
Stop Apache Tomcat. For more information, see Section 3.5.3, Starting and Stopping Apache Tomcat.
(Conditional) If you clustered Identity Reporting, stop Apache Tomcat on each node in the cluster.
Update the DNS names in the ism-configuration.properties file.
Open the ism-configuration.properties file in a text editor.
Linux: /opt/netiq/idm/apps/tomcat/conf/ism-configuration.properties
Windows: C:\netiq\idm\apps\tomcat\conf\ism-configuration.properties
Change the IP address or DNS name associated with the following attributes to the new fully-qualified DNS name:
com.netiq.idm.osp.url.host
com.netiq.rpt.access.review.url
com.netiq.rpt.landing.url
com.netiq.rpt.rpt-web.redirect.url
Save and close the file.
(Conditional) If you clustered Identity Reporting repeat Step 5 on each node in the cluster.
Update the DNS Name in the Identity Governance Configuration Update utility.
Launch the Identity Governance Configuration Update utility. For more information, see Section 15.1.5, Using the Identity Governance Configuration Update Utility.
Click the Reporting tab.
Scroll down, in Landing Page > URL link to landing page specify the new fully qualified hostname of the Apache Tomcat instances that runs Identity Reporting including the port.
Ensure that Reporting Administrators > URL link to Identity Governance contains the proper URL to access Identity Governance.
(Conditional) If you use a reverse proxy server for Identity Reporting in the Outbound Proxy > Use proxy field, ensure that the connection information to the reverse proxy server is correct.
Click OK to save the changes and the Identity Governance Configuration Update utility automatically closes.
(Conditional) If you have clustered Identity Reporting repeat Step 7.
IMPORTANT:Do not restart Apache Tomcat until the networking settings have been changed for each Identity Reporting node in the cluster.
Start Apache Tomcat.
(Conditional) If you have clustered Identity Reporting start Apache Tomcat on each node in the cluster.
If the Workflow Engine is installed on the same server as Identity Governance or if it is installed on a separate server, you can change the networking settings. You must perform the following steps for each server where you installed the Workflow Engine.
To change the network settings for Workflow Engine:
Update the IP address, DNS name of the server, and Apache Tomcat using the server and Apache Tomcat documentation.
(Conditional) If you clustered the Workflow Engine ensure that you change the IP address and DNS name of each node in the cluster and each instance of Apache Tomcat using the server and Apache Tomcat documentation.
Stop Apache Tomcat.
(Conditional) If you clustered Workflow Engine, stop Apache Tomcat on each node in the cluster. For more information, see Section 3.5.3, Starting and Stopping Apache Tomcat.
Update the DNS names in the ism-configuration.properties file.
Open the ism-configuration.properties file in a text editor.
Linux: /opt/netiq/idm/apps/tomcat/conf/ism-configuration.properties
Windows: C:\netiq\idm\apps\tomcat\conf\ism-configuration.properties
Change the IP address or DNS name associated with the following attributes to the new fully-qualified DNS name:
com.netiq.idm.osp.url.host
com.microfocus.idm.application.url
com.microfocus.wfe.consumer.url
com.netiq.idm.forms.url.host
com.netiq.idm.wfconsole.url.host
com.netiq.wfconsole.redirect.url
com.netiq.client.authserver.url.logout
Save and close the file.
(Conditional) If you have clustered the Workflow Engine, repeat Step 5 on each node in the cluster.
Start Apache Tomcat.
(Conditional) If you have clustered the Workflow Engine, start Apache Tomcat on each node in the cluster.