Securing connections for Talend Identity and Access Management

Procedure

Open the <installation_path>\iam\apache-tomcat\conf\server.xml file.

Comment the non-SSL part:

<!-- <Connector port="9080" protocol="HTTP/1.1"
       connectionTimeout="20000"
       redirectPort="9443" /> -->

Uncomment the following lines:

<!-- <Connector port="9443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true"
Scheme="https" secure="true"
clientAuth="false"
sslProtocol="TLS"/> -->

keystoreFile="<installation_path>/certs-single/server.keystore.jks"
keystorePass="tomcat"/>

Add the following lines:

keystoreFile="<certificate_path>/server.keystore.jks" 
keystorePass="<certificate_password>"

Open the <installation_path>\iam\apache-tomcat\conf\iam.properties file and change the below URLs from http to https:
```
iam.url=https://${iam.host}:<port>
tac.url=https://<host_name>:<port>/org.talend.administrator
```
In the <installation_path>\iam\apache-tomcat\conf\iam.properties file, set the values for the below parameters to the username and the password of the user with the role Security Administrator in Talend Administration Center:
```
tac.user-name=<security_administrator_username>
tac.password=<security_administrator_password>
```
Information noteNote: Whenever you change your Talend Administration Center password, make sure to replace your old password with the new one in the iam.properties file here.
Delete the oidc and idp folders so that Talend Identity and Access Management can recreate them on the next startup.
Open the <installation_path>\iam\apache-tomcat\conf\fediz_config.xml file and change the below URL from http to https:
```
<issuer>https://<iam_url:port>/idp/federation</issuer>
```

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here