Securing connections for Talend Identity and Access Management

Talend Real-Time Big Data Platform Installation Guide for Windows

EnrichVersion
6.5
EnrichProdName
Talend Real-Time Big Data Platform
task
Installation and Upgrade
EnrichPlatform
Talend Runtime
Talend Administration Center
Talend Installer
Talend CommandLine
Talend Artifact Repository
Talend Activity Monitoring Console
Talend Data Stewardship
Talend JobServer
Talend Studio
Talend Identity and Access Management
Talend DQ Portal
Talend ESB
Talend Log Server
Talend Data Preparation
Talend SAP RFC Server
Talend Repository Manager

Procedure

  1. Open the <installation_path>\iam\apache-tomcat\conf\server.xml file.
  2. Comment the non-SSL part:
    <!-- <Connector port="9080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="9443" /> -->
  3. Add the following:
    <Connector port="9443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    SSLEnabled="true"
    Scheme="https" secure="true"
    clientAuth="false"
    sslProtocol="TLS"/> -->
    
    keystoreFile="<installation_path>/certs-single/server.keystore.jks"
    keystorePass="tomcat"/>
  4. Open the <installation_path>\iam\apache-tomcat\conf\iam.properties file and change the below URLs from http to https:
    iam.url=https://${iam.host}:<port>
    tac.url=https://<host_name>:<port>/org.talend.administrator
  5. In the <installation_path>\iam\apache-tomcat\conf\iam.properties file, set the values for the below parameters to the username and the password of the user with the role Security Administrator in Talend Administration Center:
    tac.user-name=<security_administrator_username>
    tac.password=<security_administrator_password>
  6. Delete the oidc and idp folders so that Talend Identity and Access Management can recreate them on the next startup.
  7. Open the <installation_path>\iam\apache-tomcat\conf\fediz_config.xml file and change the below URL from http to https:
    <issuer>https://<iam_url:port>/idp/federation</issuer>