Securing connections for Talend Identity and Access Management - 6.4

Talend ESB Installation Guide for Linux

EnrichVersion
6.4
EnrichProdName
Talend ESB
task
Installation and Upgrade
EnrichPlatform
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend ESB
Talend Identity Management
Talend Installer
Talend JobServer
Talend Log Server
Talend Project Audit
Talend Runtime
Talend Studio

To enable SSL support on Talend Identity and Access Management, do the following:

  1. Open the <installation_path>/iam/apache-tomcat/conf/server.xml file.

  2. Comment the non-SSL part:

    <!-- <Connector port="9080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="9443" /> -->
  3. Uncomment the following lines:

    <!-- <Connector port="9443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    SSLEnabled="true"
    Scheme="https" secure="true"
    clientAuth="false"
    sslProtocol="TLS"/> -->
    
  4. Add the following lines:

    keystoreFile="<certificate_path>/server.keystore.jks" 
    keystorePass="<certificate_password>"
    
  5. Open the <installation_path>/iam/apache-tomcat/conf/iam.properties file and change the below URLs from http to https:

    iam.url=https://${iam.host}:<port>
    tac.url=https://<host_name>:<port>/org.talend.administrator

    Note

    Whenever you change your Talend Administration Center password, make sure to replace your old password with the new one in the iam.properties file here.

  6. Delete the oidc and idp folders so that Talend Identity and Access Management can recreate them on the next startup.

  7. Open the <installation_path>/iam/apache-tomcat/conf/fediz_config.xml file and change the below URL from http to https:

    <issuer>https://<iam_url:port>/idp/federation</issuer>