1. Misc
  2. Frequently Asked Questions


Frequently Asked Questions

How to include the self signed certificate of my LDAP server in the additional certificates?

Additional ca certificates must be bundled in a single *.pem file. They may be neccesary i.e. in case your ldap server is using a self-signed certificate.

In this case you can use

openssl s_client -showcerts -connect ldap.host:636

on a ldap host with self-signed certificate in chain and copy the last certificate in the output to a file (i.e. ca-bundle.pem). Start the IdentityHub with NODE_EXTRA_CA_CERTS=<path/to/ca-bundle.pem>. This file can contain as many certificates as you wish. Due to the fact, that the NODE_EXTRA_CA_CERTS environment variable can only deal with one single file, gather all your necessary certificates in one file.

How can I use the OSP as OAuth provider for the IdentityHub?

Add new SSO Client to NetIQ OSP Configuration

# create OSP config file
vim /opt/netiq/idm/apps/tomcat/conf/uaconfig-k5-defs.xml

Adjust uaconfig-k5-defs.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <client key="com.netiq.k5idhub.client" display-name="IdentityHub SSO Client" description="SSO client configuration settings for IdentityHub">
    <group key="com.netiq.k5idhub" display-name="K5 Karma" description="K5 Karma configuration settings">
        <attribute key="com.netiq.k5idhub.clientID" description="OAuth client ID (Example:k5)" description-key="com-netiq-ualanding-clientID"
        <attribute key="com.netiq.k5idhub.clientPass" description="OAuth client secret" description-key="com-netiq-ualanding-clientPass"
          encoding="encrypt" />
        <attribute key="com.netiq.k5idhub.landing.url" description="URL link to landing page" default-value="/landing" />
        <attribute key="com.netiq.k5idhub.redirect.url" description="OSP Oauth redirect url (Example: URL/oauth/callback)"
          description-key="com-netiq-ualanding-redirect-url" />

Update the configuration

# IDM 4.7 and prior
cd /opt/netiq/idm/apps/UserApplication

# IDM 4.8
cd /opt/netiq/idm/apps/configupdate

Apply changes

# IDM 4.7 and prior
/etc/init.d/idmapps_tomcat_init restart

# IDM 4.8
systemctl restart netiq-tomcat.service