Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual page 16

Name: Specify a name by which you want to refer to the configuration. This field is populated
with the name you provided in the New Cluster dialog box. You can change this name here, if
necessary.
IMPORTANT: Carefully determine your settings for the base URL, protocol, and domain.
After you have configured trust relationships between providers, changing these settings
invalidates the trust model and requires a reimport of the provider's metadata.
Modifying the base URL also invalidates the trust between the Embedded Service Provider of
Access Manager devices. To re-establish the trust after modifying the base URL, you must
restart the Embedded Service Provider on each device.
Base URL: Specify the application path for the Identity Server. The Identity Server protocols
rely on this base URL to generate URL endpoints for each protocol.
Protocol: Select the communication protocol. Specify HTTPS in order to run securely (in
SSL mode) and for provisioning. Use HTTP only if you do not require security.
Domain: Specify the DNS name assigned to the Identity Server. When you are using an
L4 switch, this DNS name should resolve to the virtual IP address set up on the L4 switch
for the Identity Servers. Using an IP address is not recommended.
Port: Specify the port value for the protocol. Default ports are 8080 for HTTP or 8443 for
HTTPS. If you want to use port 80 or 433, specify the port here.
Application: Specify the Identity Server application. Leave the default value nidp.
SSL Certificate: Displays the currently assigned SSL certificate.
The Identity Server comes with a test-connector certificate that you must replace to use SSL in
your production environment. You can replace the test certificate now or after you configure
the Identity Server. If you create the certificate and replace the test-connector now, you can
save some time by restarting Tomcat only once. Tomcat must be restarted whenever you assign
an Identity Server to a configuration and whenever you update a certificate key store. See
Section 1.7.3, "Managing the Keys, Certificates, and Trust Stores," on page
For information on how to replace the test-connector certificate, see
Communication" in the
6 To configure session limits, fill in the following fields:
LDAP Access: Specify the maximum number of LDAP connections the Identity Server can
create to access the configuration store. You can adjust this amount for system performance.
Session Timeout: Specify the session inactivity time allowed before timing out. This is a
global setting that applies to any resource that authenticates to this Identity Server or Identity
Server cluster. The default setting is 60 minutes.
16 Novell Access Manager 3.1 SP1 Identity Server Guide
If you are configuring a Linux Identity Server, you must also configure the operating
system to translate the port. See
Configuration Port," on page
If you are configuring a Windows Identity Server, you must also modify the Tomcat
file located in the
server.xml
Change the ports from 8080 and 8443 to 80 and 443, then restart the Tomcat service.
Novell Access Manager 3.1 SP1 Setup
Section 12.4, "Translating the Identity Server
286.
\Program Files\Novell\Tomcat\conf
Guide.
directory.
68.
"Enabling SSL