Securing connections for Talend Identity and Access Management

Talend ESB Installation Guide for Linux

EnrichVersion
6.5
EnrichProdName
Talend ESB
task
Installation and Upgrade
EnrichPlatform
Talend Artifact Repository
Talend Installer
Talend Data Preparation
Talend ESB
Talend Data Stewardship
Talend Activity Monitoring Console
Talend Runtime
Talend CommandLine
Talend Log Server
Talend Identity and Access Management
Talend Administration Center
Talend Studio

Procedure

  1. Open the <installation_path>/iam/apache-tomcat/conf/server.xml file.
  2. Comment the non-SSL part:
    <!-- <Connector port="9080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="9443" /> -->
  3. Add the following:
    <Connector port="9443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    SSLEnabled="true"
    Scheme="https" secure="true"
    clientAuth="false"
    sslProtocol="TLS"
    keystoreFile="/home/tdsqa01/Talend-6.4.1/certs-single/server.keystore.jks"
    keystorePass="tomcat"/>
  4. Open the <installation_path>/iam/apache-tomcat/conf/iam.properties file and change the below URLs from http to https:
    iam.url=https://${iam.host}:<port>
    tac.url=https://<host_name>:<port>/org.talend.administrator
  5. In the <installation_path>/iam/apache-tomcat/conf/iam.properties file, set the value for the below parameters to the username and the password of the user with the role Security Administrator in Talend Administration Center:
    tac.user-name=<username_security_administrator>
    tac.password=<password_security_administrator>
  6. Delete the oidc and idp folders so that Talend Identity and Access Management can recreate them on the next startup.
  7. Open the <installation_path>/iam/apache-tomcat/conf/fediz_config.xml file and change the below URL from http to https:
    <issuer>https://<iam_url:port>/idp/federation</issuer>