Securing connections for Talend Identity and Access Management

Talend ESB Installation Guide for Linux

EnrichVersion
6.5
EnrichProdName
Talend ESB
task
Installation and Upgrade
EnrichPlatform
Talend Activity Monitoring Console
Talend Log Server
Talend Data Preparation
Talend Identity and Access Management
Talend Administration Center
Talend Artifact Repository
Talend Studio
Talend Data Stewardship
Talend CommandLine
Talend Installer
Talend Runtime
Talend ESB
  1. Open the <installation_path>/iam/apache-tomcat/conf/server.xml file.
  2. Comment the non-SSL part:
    <!-- <Connector port="9080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="9443" /> -->
  3. Add the following:
    <Connector port="9443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    SSLEnabled="true"
    Scheme="https" secure="true"
    clientAuth="false"
    sslProtocol="TLS"
    keystoreFile="/home/tdsqa01/Talend-6.4.1/certs-single/server.keystore.jks"
    keystorePass="tomcat"/>
  4. Open the <installation_path>/iam/apache-tomcat/conf/iam.properties file and change the below URLs from http to https:
    iam.url=https://${iam.host}:<port>
    tac.url=https://<host_name>:<port>/org.talend.administrator
  5. In the <installation_path>/iam/apache-tomcat/conf/iam.properties file, set the value for the below parameters to the username and the password of the user with the role Security Administrator in Talend Administration Center:
    tac.user-name=<username_security_administrator>
    tac.password=<password_security_administrator>
  6. Delete the oidc and idp folders so that Talend Identity and Access Management can recreate them on the next startup.
  7. Open the <installation_path>/iam/apache-tomcat/conf/fediz_config.xml file and change the below URL from http to https:
    <issuer>https://<iam_url:port>/idp/federation</issuer>