Cannot change the Identity or Embedded Service Provider (ESP) URL with NAM appliance

  • 7011620
  • 15-Jan-2013
  • 15-Jan-2013

Environment


NetIQ Access Manager 3.2
NetIQ Access Manager Appliance 3.2

Situation

Access Manager Appliance installed and working fine ie. users can access protected resources behind the Proxy server after authenticating at the Identity Server successfully. In order to save costs, administrator then wants to re-use an already purchased Web server certificate on the Proxy server for SSL communications with the browser. After creating the new proxy service on the Access Gateway with the published DNS name matching the certificate subject name, the administrator then tried to change the embedded Service Provider (ESP) setting on the AG to be that of the new proxy service. However, iManager does not appear to allow the administrator change the ESP settings.

Resolution

Working as designed. Both the IDP and ESP URLs are hard coded to the domain name info provided during the appliance install, and used in the matadata that forms the trust relationship between the IDP and ESP services.

In the case where this URL needs to change post install, the only option is to re-install the appliance and select the new domain during this re-install.