Changing The Port On A Linux Identity Server - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual
Identity server guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010:
- Manual (264 pages) ,
- User manual (58 pages) ,
- Manual (110 pages)
Table of Contents
Advertisement
net stop Tomcat5
net start Tomcat5
1.5.2 Changing the Port on a Linux Identity Server
On a Linux Identity Server, the Identity Server service (hosted on Tomcat) runs as a non-privileged
user on Linux and cannot therefore bind to ports below 1024. In order to allow requests to port 80/
443 while Tomcat is listening on 8080/8443, the preferred approach is to use iptables to perform a
port translation. Port translation allows the base URL of the Identity Server to be configured for port
443 and to listen on this port, and the iptables translates it to port 8443 when communicating with
Tomcat.
If you have disabled the SUSE Linux Enterprise Server (SLES) firewall and do not have any
other Access Manager components installed on the Identity Server, you can use a simple
iptables script to translate the ports. See
If you have configured the SLES firewall or have installed other Access Manager components
on the Identity Server, you use a custom rule script that allows for multiple port translations.
See
"Configuring iptables for Multiple Components" on page
These sections describe two solutions out of many possibilities. For more information about
iptables, see the following:
"Iptable Tutorial 1.2.2" (http://iptables-tutorial.frozentux.net/iptables-tutorial.html)
"NAM Filters for iptables Commands" (http://www.novell.com/communities/node/4029/nam-
filters-iptables-commands)
A Simple Redirect Script
This simple solution works only if you are not using iptables to translate ports of other applications
or Access Manager components. For a solution that works with multiple components, see
"Configuring iptables for Multiple Components" on page
1 In the Administration Console, click Devices > Identity Server > Edit, and configure the base
URL with HTTPS as the protocol, and the TCP Port as 443.
2 Click OK, then update the Identity Server.
3 At a terminal window, log in as the
4 Create a file to hold the iptables rule and place it in the
For example,
/etc/init.d/AM_IDP_Redirect
CHMOD as appropriate.
An example of a redirect startup file for this purpose might be:
#!/bin/sh
# Copyright (c) 2010 Novell, Inc.
# All rights reserved.
#
#! /bin/sh
#! /etc/init.d/idp_8443_redirect
# ### BEGIN INIT INFO
# Provides: idp_8443_redirect
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 5
"A Simple Redirect Script" on page
39.
user.
root
/etc/init.d
. Ensure it has execute rights. You can use
37.
39.
directory.
Configuring an Identity Server
37
Advertisement
Table of Contents
Troubleshooting
Subscribe to Our Youtube Channel
Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010
Related Products for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 and is the answer not in the manual?
Questions and answers