Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
- Install and configure the standalone IdM service
- Task 1: Deploy IdM on a web application server
- Task 2: Configure SSL in the IdM web application server
- Task 3: Create an IdM client trust store
- Task 4: Configure SAML SSO
- Task 5: Configure a tenant and specify the ADFS metadata URL
- Task 6: Configure the IdM service for LW-SSO compatibility
- Task 7: Specify an IdM token signing key
- Task 8: Specify an IdM user account for Service Manager
- Task 9: Replace JRE policy files for the IdM server
- Task 10: Configure the SAML keystore in IdM
- Task 11: Import the IdP public key into the IdM SAML keystore
- Task 12: Encrypt IdM passwords and keys
- Task 13: Create an empty database for IdM
- Task 14: Configure database connection in the IdM service
- Task 15: Download the IdM metadata
- Task 16: Create a trust relationship with ADFS
- Task 17: Adjust the max authentication age setting in the IdM service
- Configure SAML authentication by using the IdM admin console
Task 3: Create an IdM client trust store
Note This is an optional task.
Note In Task 2, you have already created a certificate file (tomcat.cer) and keystore file (tomcat.keystore) for the web application server. In this task, you need to create a trust store using these two files.
Each IdM client can connect to the IdM server over https or http. If you want to use https, you need to specify whether and how the IdM client should verify the IdM server certificate. The SAML SSO solution provides two options:
-
Trust all https servers
If this option is used, the IdM client will skip https server verification and trust all https servers, including the IdM server. This option simplifies the SAML SSO setup procedure but does not provide the best security. It is therefore not recommended for production environments. You can use this option for testing and demonstration purposes.
To use this option, on the SM web tier, SRC, or Mobility Client side, set the idm.ssl.trustAll paramter to true (default: false).
-
Trust only servers whose public key is contained in the client trust store
Important This option provides the best security and is therefore strongly recommended for production environments.
When the IdM client connects to the IdM server over https, this option requires you to configure the IdM client so that it trusts the IdM server only when the server's public key is contained in the client's trust keystore. If the IdM server is deployed as https, you need to create a trust keystore locally for the IdM client and import the IdM server's public key into the trust keystore.
Perform this task only if you want to use the second option.
-
Create an IdM client trust store.
-
Generate a trustStore.keystore file, by running the following command:
keytool -genkey -alias tomcat1 -keyalg RSA -keysize 1024 -keypass tomcat1 -validity 365 -keystore trustStore.keystore -storepass tomcat1 -
Import the IdM public key to the trustStore.keystore file, by running the command below:
keytool -import -alias tomcat -file tomcat.cer -keystore trustStore.keystore -storepass tomcat1
Note Now, the trust store file is generated. The file name is
trustStore.keystore, and its password istomcat1. -
- Copy the trust store file to the IdM client (the Web Tier, SRC, and Mobility Client).
Later, on the Service Manager side (including the Web Tier, SRC, and Mobility Client), set the idm.ssl.trustAll parameter to false (default) and specify the trust store file and password for the IdM client. For details, see Configure SAML SSO in Service Manager (using standalone IdM).
