Modifying The Base Url - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

1.1.8 Modifying the Base URL

When you configure an Identity Server, you must carefully determine your settings for the base
URL, protocol, and domain. Changing the base URL invalidates the trust model and requires a
reimport of the provider's metadata, and a restart of the affected Embedded Service Providers. It
also changes the ID of the provider and the URLs that others use for access.
When you change the base URL of the Identity Server, you invalidate the following trusted
relationships:
The trusted relationships that the Identity Server has established with each Access Manager

device that has been configured to use the Identity Server for authentication
The trusted relationship that each Access Manager device has established with the Identity

Server when the Identity Server configuration was selected.
The trusted relationships that the Identity Server has established with other service providers.

The sessions of any logged-in users are destroyed and no user can log in and access protected
resources until the trust relationships are reestablished.
To modify the base URL and reestablish trust relationships:
1 In the Administration Console, click Devices > Identity Servers > Edit.
2 Change the protocol, domain, port, and application settings, as necessary.
3 Click OK.
4 On the Identity Servers page, click Update.
This re-creates the trusted Identity Server configuration to use the new Base URL and
metadata.
5 Restart Tomcat on each Identity Server in the configuration:
 Linux Identity Server: Enter the following command:
/etc/init.d/novell-tomcat5 restart
Windows Identity Server: Enter the following commands:

net stop Tomcat5
net start Tomcat5
6 For each Access Manager device configured to trust the configuration of this modified base
URL, you must update the device so that the Embedded Service Provider trusts the new
Identity Server configuration:
Click Access Gateways, then click Update for any servers with a Status of Update.

Click SSL VPNs, then click Update for any servers with a Status of Update.

 Click J2EE Agents, then click Update for any agents with a Status of Update.
7 For each service provider you have configured to trust the configuration of this modified base
URL, you must send them the new metadata and have them re-import it.
For information about setting up SSL and changing an Identity Server from HTTP to HTTPS, see
"Enabling SSL
26 Novell Access Manager 3.1 SP2 Identity Server Guide
Communication" in the Novell Access Manager 3.1 SP2 Setup Guide.