1. Misc
  2. Frequently Asked Questions

Misc

Frequently Asked Questions

How to include the self signed certificate of my LDAP server in the additional certificates?

Additional ca certificates must be bundled in a single *.pem file. They may be neccesary i.e. in case your ldap server is using a self-signed certificate.

In this case you can use

terminal 
openssl s_client -showcerts -connect ldap.host:636

on a ldap host with self-signed certificate in chain and copy the last certificate in the output to a file (i.e. ca-bundle.pem). Start the IdentityHub with NODE_EXTRA_CA_CERTS=<path/to/ca-bundle.pem>. This file can contain as many certificates as you wish. Due to the fact, that the NODE_EXTRA_CA_CERTS environment variable can only deal with one single file, gather all your necessary certificates in one file.

How can I use the OSP as OAuth provider for the IdentityHub?

Add new SSO Client to NetIQ OSP Configuration

terminal 
# create OSP config file
vim /opt/netiq/idm/apps/tomcat/conf/uaconfig-k5-defs.xml

Adjust uaconfig-k5-defs.xml

xml 
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<clients>
  <client key="com.netiq.k5idhub.client" display-name="IdentityHub SSO Client" description="SSO client configuration settings for IdentityHub">
    <group key="com.netiq.k5idhub" display-name="K5 Karma" description="K5 Karma configuration settings">
      <attributes>
        <attribute key="com.netiq.k5idhub.clientID" description="OAuth client ID (Example:k5)" description-key="com-netiq-ualanding-clientID"
        />
        <attribute key="com.netiq.k5idhub.clientPass" description="OAuth client secret" description-key="com-netiq-ualanding-clientPass"
          encoding="encrypt" />
        <attribute key="com.netiq.k5idhub.landing.url" description="URL link to landing page" default-value="/landing" />
        <attribute key="com.netiq.k5idhub.redirect.url" description="OSP Oauth redirect url (Example: URL/oauth/callback)"
          description-key="com-netiq-ualanding-redirect-url" />
      </attributes>
    </group>
  </client>
</clients>

Update the configuration

terminal 
# IDM 4.7 and prior
cd /opt/netiq/idm/apps/UserApplication

# IDM 4.8
cd /opt/netiq/idm/apps/configupdate
./configupdate.sh

Apply changes

terminal 
# IDM 4.7 and prior
/etc/init.d/idmapps_tomcat_init restart

# IDM 4.8
systemctl restart netiq-tomcat.service
Previous <- Troubleshooting