Talend Identity and Access Management用の接続の保護 - 7.1

Talend ESB インストレーションガイド Linux

EnrichVersion
7.1
EnrichProdName
Talend ESB
task
インストールとアップグレード
EnrichPlatform
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend ESB
Talend Identity and Access Management
Talend Installer
Talend Log Server
Talend Runtime
Talend Studio

手順

  1. <installation_path/iam/apache-tomcat/conf/server.xmlファイルを開きます。
  2. 非SSL部分にコメントを記入します。
    <!-- <Connector port="9080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="9443" /> -->
  3. 次の行のコメントを解除します。
    <!-- <Connector port="9443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    SSLEnabled="true"
    Scheme="https" secure="true"
    clientAuth="false"
    sslProtocol="TLS"/> -->
    
    keystoreFile="<installation_path>/certs-single/server.keystore.jks"
    keystorePass="tomcat"/>
  4. 次の行を追加します。
    keystoreFile="<certificate_path>/server.keystore.jks" 
    keystorePass="<certificate_password>"
    
  5. Open the <installation_path>/iam/apache-tomcat/conf/iam.properties file and change the below URLs from http to https:
    iam.url=https://${iam.host}:<port>
    tac.url=https://<host_name>:<port>/org.talend.administrator
  6. In the <installation_path>/iam/apache-tomcat/conf/iam.properties file, set the value for the below parameters to the username and the password of the user with the role Security Administrator in Talend Administration Center:
    tac.user-name=<username_security_administrator>
    tac.password=<password_security_administrator>
  7. 次回起動時にTalend Identity and Access Managementが作成できるように、oidcidpのフォルダーを削除します。
  8. Open the <installation_path>/iam/apache-tomcat/conf/fediz_config.xml file and change the below URL from http to https:
    <issuer>https://<iam_url:port>/idp/federation</issuer>