Talend Identity and Access Management用の接続の保護 - 7.1

Talend Data Fabric インストレーションガイド Linux

EnrichVersion
7.1
EnrichProdName
Talend Data Fabric
task
インストールとアップグレード
EnrichPlatform
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend DQ Portal
Talend ESB
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend Log Server
Talend MDM Server
Talend MDM Web UI
Talend Repository Manager
Talend Runtime
Talend SAP RFC Server
Talend Studio

手順

  1. <installation_path/iam/apache-tomcat/conf/server.xmlファイルを開きます。
  2. 非SSL部分にコメントを記入します。
    <!-- <Connector port="9080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="9443" /> -->
  3. 次の行のコメントを解除します。
    <!-- <Connector port="9443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    SSLEnabled="true"
    Scheme="https" secure="true"
    clientAuth="false"
    sslProtocol="TLS"/> -->
    
    keystoreFile="<installation_path>/certs-single/server.keystore.jks"
    keystorePass="tomcat"/>
  4. 次の行を追加します。
    keystoreFile="<certificate_path>/server.keystore.jks" 
    keystorePass="<certificate_password>"
    
  5. Open the <installation_path>/iam/apache-tomcat/conf/iam.properties file and change the below URLs from http to https:
    iam.url=https://${iam.host}:<port>
    tac.url=https://<host_name>:<port>/org.talend.administrator
  6. In the <installation_path>/iam/apache-tomcat/conf/iam.properties file, set the value for the below parameters to the username and the password of the user with the role Security Administrator in Talend Administration Center:
    tac.user-name=<username_security_administrator>
    tac.password=<password_security_administrator>
  7. 次回起動時にTalend Identity and Access Managementが作成できるように、oidcidpのフォルダーを削除します。
  8. Open the <installation_path>/iam/apache-tomcat/conf/fediz_config.xml file and change the below URL from http to https:
    <issuer>https://<iam_url:port>/idp/federation</issuer>