Steps to configure auto start workflows through HTTPS with IDM 3.5

  • 7000061
  • 14-Apr-2008
  • 26-Apr-2012

Environment


Novell Identity Manager 3.5

Situation

- Auto start workflows from any IDM drivers using a secure port (HTTPS)

Resolution

Enable HTTPS connections in the Identity Manager User Application

- Follow the steps detailed on KB 10100226 to enable HTTPS connections to the Identity Manager User Application.

 

Confirm that the previous step did actually added a certificate in the keystore file

- You can perform this by issuing the following command:

 

test@lab:~/IDM35/idm//jre/bin> /keytool -list -v -keystore userapp.keystore

Enter keystore password: [password entered during keystore generation]

Keystore type: jks

Keystore provider: SUN

Your keystore contains 1 entry

Alias name: userapp35

Creation date: Nov 27, 2007

Entry type: keyEntry

Certificate chain length: 1

Certificate[1]:

Owner: CN=lab.company.com, OU=Org, O=Comp, L=Locat, ST=State, C=Country

Issuer: CN=lab.company.com, OU=Org, O=Comp, L=Locat, ST=State, C=Country Serial number: 4931cng7

Valid from: Tue Nov 27 13:00:09 EST 2007 until: Mon Nov 27 13:00:00 EST 2017

Certificate fingerprints:

         MD5:  BC:75:9F:71:2E:7E:F8:6D:4E:05:08:98:B8:01:78:1A

         SHA1: EB:A7:2A:AD:41:35:2A:D8:16:69:C0:F4:34:79:D0:CA:E7:5F:9B:F8

 

*******************************************

*******************************************

 

Import the certificate used by the Identity Manager User Application

1) Using Internet Explorer browser from a Windows machine, access the User Application on https.

2)When prompted about the certificate in the Security Alert pop-up window, click on the “View Certificate” button.

3) When presented with the Certificate details window, click on the “Install Certificate…” button.

4)Go through the following menus: Tools > Internet Options > Content > Certificates > Trusted Root Certificate Authorities

5)Select the certificate installed on step #2 and click on the “Export” button.

6) Select "DER encoded binary  X.509 (.CER)" format and save it as userapp.cer

 

Installation of the certificate so that it can be used by eDirectory

1)Copy the userapp.cer file from the Windows machine into the server running the IDM UserApp driver. The file should be copied to the following path: /opt/novell/eDirectory/lib/nds-modules/jre/lib/security

2)Stop the eDirectory and iManager service were the IDM UserApp driver is running.

3) Stop the JBoss instance were Identity Manager User Application is running.

4) Logged into the server console of the server running the IDM UserApp driver, change to the following path: /opt/novell/eDirectory/lib/nds-modules/jre/bin

5) In order to confirm if we are running JRE 1.5, issue the command ./java –version.

6) To copy the certificate into the trused certificates file used by eDirectory, execute the following command:

./keytool -import -trustcacerts -alias userapp35 -file ../../jre/lib/security/userapp.cer -keystore ../../jre/lib/security/cacerts

Enter keystore password:  [enter keystore password]**

Owner: CN=lab.company.com, OU=Org, O=Comp, L=Locat, ST=State, C=Country

Issuer: CN=lab.company.com, OU=Org, O=Comp, L=Locat, ST=State, C=Country Serial number: 4931cng7

Valid from: Tue Nov 27 13:00:09 EST 2007 until: Mon Nov 27 13:00:00 EST 2017

Certificate fingerprints:

         MD5:  BC:75:9F:71:2E:7E:F8:6D:4E:05:08:98:B8:01:78:1A

         SHA1: EB:A7:2A:AD:41:35:2A:D8:16:69:C0:F4:34:79:D0:CA:E7:5F:9B:F8

Trust this certificate? [no]:  yes

Certificate was added to keystore

** If you haven’t changed the default password of the keystore, the password is changeit

7) Confirm that the certificate was installed on the keystore by executing the following command:

./keytool -list -v -alias userapp35 -keystore ../lib/security/cacerts

Enter keystore password:  [enter keystore password]**

Alias name: userapp35

Creation date: Nov 20, 2007

Entry type: trustedCertEntry

Owner: CN=lab.company.com, OU=Org, O=Comp, L=Locat, ST=State, C=Country

Issuer: CN=lab.company.com, OU=Org, O=Comp, L=Locat, ST=State, C=Country Serial number: 4931cng7

Valid from: Tue Nov 27 13:00:09 EST 2007 until: Mon Nov 27 13:00:00 EST 2017

Certificate fingerprints:

         MD5:  BC:75:9F:71:2E:7E:F8:6D:4E:05:08:98:B8:01:78:1A

         SHA1: EB:A7:2A:AD:41:35:2A:D8:16:69:C0:F4:34:79:D0:CA:E7:5F:9B:F8

** If you haven’t changed the default password of the keystore, the password is changeit

8) Start eDirectory and iManager services

9) Log into iManager and stop the UserApp driver (if you have it configured to auto start).

10) Change the IDM UserApp driver authentication parameters so that it can communicate through HTTPS to the Identity Manager UserApplication

Composer Context: com.novell.prov.srvprv
Host: https://ipaddressOfJBoss
Port: SecurePor (8443)t
ApplicationContext: ApplicationContext (IDM)

11) Change the policies were you want to auto-start workflows through a secure connection (https) to reflect the new connection.

12) Start the JBoss instance were Identity Manager User Application is running.

13) Restart the IDM UserApp driver.

14) Test the workflow.