Home

Results 1 to 6 of 6

Thread: IDM 4.6.1 - Reporting on its own server

Threaded View

  1. #6
    Join Date
    Jul 2012
    Posts
    191

    Re: IDM 4.6.1 - Reporting on its own server

    I have finally gotten back to this issue. I still can't get it to work and I am sure it is something simple.

    So right now the UA tomcat server is using a signed certificate, but it is made out to the UA server only. Therefore I am using a self-signed on the reporting server. I made the self-signed certificate like this:

    Code:
    /opt/netiq/idm/apps/jre/bin/keytool -keysize 2048 -genkey -alias ua -keyalg RSA -keystore dirxml.keystore
    and made it out to the specific reporting server, idm-reporting01.

    In server.xml made sure this certificate is used by the tomcat:

    Code:
    keystoreFile="/opt/netiq/idm/apps/tomcat/conf/dirxml
    .keystore" keystorePass="password"
    So the tomcat on the reporting server is running with this.

    I exported the certificate from dirxml.keystore :
    Code:
    /opt/netiq/idm/apps/jre/bin/keytool -export -alias idmreporting -file idmreporting.crt -keystore /opt/netiq/idm/apps/tomcat/conf/dirxml.keystore
    Transfered it to the UA server and imported it into:

    Code:
    /opt/netiq/idm/apps/jre/bin/keytool -import -trustcacerts -alias idmreporting -file /opt/netiq/idm/apps/tomcat/conf/Certificates/idmreporting.crt -keystore /opt/netiq/idm/apps/jre/lib/security/cacerts
    I then copied the signed certificate which the UA server tomcat uses, to the reporting server and imported it into the cacerts of that server.

    On the UA server i ran configupdate.

    Under SSO Clients -> Reporting I got:

    Code:
    Oauth client ID: rpt
    Oauth client secret: ...
    URL link to landing page: /landing
    URL link to Identity Governance: Nothing
    OSP Oauth redirect url: https://idm-reporting01:8443/IDMRPT/oauth.html
    That is all i changed in the configupdate on the UA server.

    On the configupdate on the reporting server, which is this one: /opt/netiq/idm/apps/IdentityReporting/bin/configupdate.sh

    I have only these 3 panes in the top, which is think is correct: Reporting, Authentication and SSO Clients.

    Under Reporting I have filled out everything with the exact same values as on the UA configupdate.

    Under Authentication I have the UA server under Oauth server host identifier, like so: idm-ua01
    And checked OAuth server is using TLS/SSL and pointed to the osp.jsk which i have copied to the server from UA server. Path is correct and pw is correct.

    The same osp.jsk is used in Oauth keystore file and also there password is correct.

    I then stopped both tomcats and cleared the folders you mentioned.

    I still get the same error. And nothing on catalina.out on either server. How do I troubleshoot on this properly?

    "An invalid OAuth2 request was received"

    Hmm!
    Last edited by jacmarpet; 23-Sep-2017 at 10:05 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •