Skip to main content Skip to complementary content

Securing connections for Talend Identity and Access Management

Use SSL with self-signed certificate to connect to Talend Identity and Access Management.

Procedure

  1. Put your JKS file to the <installation_path>/config folder.
  2. Open the <installation_path>/start.sh file to edit it.
  3. Add the following lines. 
    export SERVER_SSL_KEYSTORE=classpath:<your_jks_file> (for example: server.jks)
export SERVER_SSL_KEYSTOREPASSWORD=<secret>
export SERVER_SSL_KEYPASSWORD=<secret>
  4. Comment the non-SSL part: 
    <!-- <Connector port="9080" protocol="HTTP/1.1"
       connectionTimeout="20000"
       redirectPort="9443" /> -->
  5. Uncomment the following lines: 
    <!-- <Connector port="9443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true"
Scheme="https" secure="true"
clientAuth="false"
sslProtocol="TLS"/> -->

keystoreFile="<installation_path>/certs-single/server.keystore.jks"
keystorePass="tomcat"/>
  6. Add the following lines: 
    keystoreFile="<certificate_path>/server.keystore.jks" 
keystorePass="<certificate_password>"
  7. Open the <installation_path>/iam/apache-tomcat/conf/iam.properties file and change the below URLs from http to https: 
    iam.url=https://${iam.host}:<port>
tac.url=https://<host_name>:<port>/org.talend.administrator
  8. In the <installation_path>/iam/apache-tomcat/conf/iam.properties file, set the value for the below parameters to the username and the password of the user with the role Security Administrator in Talend Administration Center: 
    tac.user-name=<username_security_administrator>
tac.password=<password_security_administrator>
    Information noteImportant: Whenever you change your Talend Administration Center password, make sure to replace your old password with the new one in the iam.properties file here.
  9. Delete the oidc and idp folders so that Talend Identity and Access Management can recreate them on the next startup.
  10. Open the <installation_path>/iam/apache-tomcat/conf/fediz_config.xml file and change the below URL from http to https: 
    <issuer>https://<iam_url:port>/idp/federation</issuer>

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here