Knowledge Partner
Knowledge Partner
491 views

OSP question

Hello,

The docs for 3.5 say that we must install a separate instance of OSP for
use with IG even if already have OSP installed for IDM:

https://www.netiq.com/documentation/identity-governance-35/install-guide/data/b1djgc1j.html


(Conditional) Even if you installed OSP with Identity Manager 4.5 or
later, if you want to use OSP as your authentication service, you must
install a separate instance of OSP for use with Identity Governance.

This is confusing since in the part that documents "Integrating Single
Sign-on Access with Identity Manager"

https://www.netiq.com/documentation/identity-governance-35/install-guide/data/t46l480bru7u.html

it says:

"Identity Governance must use the same authentication server that the
identity applications use. "

and there is an entire chapter called "Using the Same Authentication
Server as Identity Manager#"

My question is, if I want SSO between IG and IDM, do I need to install a
separate instance of OSP for IG or not?

Thanks!


--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
0 Likes
3 Replies
Micro Focus Expert
Micro Focus Expert

Re: OSP question

On 12/27/18 9:26 AM, alekz wrote:
> Hello,
>
> The docs for 3.5 say that we must install a separate instance of OSP for
> use with IG even if already have OSP installed for IDM:
>
> https://www.netiq.com/documentation/identity-governance-35/install-guide/data/b1djgc1j.html
>
>
>
> (Conditional) Even if you installed OSP with Identity Manager 4.5 or
> later, if you want to use OSP as your authentication service, you must
> install a separate instance of OSP for use with Identity Governance.
>
> This is confusing since in the part that documents "Integrating Single
> Sign-on Access with Identity Manager"
>
> https://www.netiq.com/documentation/identity-governance-35/install-guide/data/t46l480bru7u.html
>
>
> it says:
>
> "Identity Governance must use the same authentication server that the
> identity applications use. "
>
> and there is an entire chapter called "Using the Same Authentication
> Server as Identity Manager#"
>
> My question is, if I want SSO between IG and IDM, do I need to install a
> separate instance of OSP for IG or not?
>
> Thanks!
>
>

Greetings,

1) ID Gov requires min version of OSP to be 6.3.0

2) I will notify the documentation team to correct the Conditional
statement, because IDM 4.5 would not have the correct min version of
OSP. When IDM 4.7.2 releases, it will include version 6.3.0 of OSP.


To be able to SSO between ID Gov and the Identity Apps, the "same" OSP
has to be used. The reason why I have quotes is because you could have
a cluster of OSPs so it would not be the 1 same OSP, but N number of
OSPs that are properly configured in a Cluster.



The following note is a different part of the docs:

"
NOTE: To integrate Identity Governance 3.5 with NetIQ Identity Manager,
you must have NetIQ Identity Manager 4.7.2, at a minimum. For Single
Sign On (SSO) between Identity Governance 3.5 and NetIQ Identity Manager
4.7, you must have OSP 6.3.0 available in 4.7.x patch and later versions
of NetIQ Identity Manager, at a minimum.
"

--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
Knowledge Partner
Knowledge Partner

Re: OSP question

On 2018-12-27 18:04, Steven Williams wrote:
> On 12/27/18 9:26 AM, alekz wrote:
>> Hello,
>>
>> The docs for 3.5 say that we must install a separate instance of OSP
>> for use with IG even if already have OSP installed for IDM:
>>
>> https://www.netiq.com/documentation/identity-governance-35/install-guide/data/b1djgc1j.html
>>
>>
>>
>> (Conditional) Even if you installed OSP with Identity Manager 4.5 or
>> later, if you want to use OSP as your authentication service, you must
>> install a separate instance of OSP for use with Identity Governance.
>>
>> This is confusing since in the part that documents "Integrating Single
>> Sign-on Access with Identity Manager"
>>
>> https://www.netiq.com/documentation/identity-governance-35/install-guide/data/t46l480bru7u.html
>>
>>
>> it says:
>>
>> "Identity Governance must use the same authentication server that the
>> identity applications use. "
>>
>> and there is an entire chapter called "Using the Same Authentication
>> Server as Identity Manager#"
>>
>> My question is, if I want SSO between IG and IDM, do I need to install
>> a separate instance of OSP for IG or not?
>>
>> Thanks!
>>
>>

> Greetings,
>
> 1) ID Gov requires min version of OSP to be 6.3.0
>
> 2) I will notify the documentation team to correct the Conditional
> statement, because IDM 4.5 would not have the correct min version of
> OSP.  When IDM 4.7.2 releases, it will include version 6.3.0 of OSP.
>
>
> To be able to SSO between ID Gov and the Identity Apps, the "same" OSP
> has to be used.  The reason why I have quotes is because you could have
> a cluster of OSPs so it would not be the 1 same OSP, but N number of
> OSPs that are properly configured in a Cluster.
>
>
>
> The following note is a different part of the docs:
>
> "
> NOTE: To integrate Identity Governance 3.5 with NetIQ Identity Manager,
> you must have NetIQ Identity Manager 4.7.2, at a minimum. For Single
> Sign On (SSO) between Identity Governance 3.5 and NetIQ Identity Manager
> 4.7, you must have OSP 6.3.0 available in 4.7.x patch and later versions
> of NetIQ Identity Manager, at a minimum.
> "
>

Hi,

So it has to be the "same" OSP and it has to be 6.3.0.

One more question, once IDM 4.7.2 with OSP 6.3.0 comes out, I should
copy uaconfig-ig-defs.xml from the IG server to the OSP server for
integration purposes.

But I can't find it on the IG server. It has both OSP 6.3.0 och IG 3.5
installed. Is it because I run them both on the same server so there is
no need for the file? I.e. do I have to reinstall IG and select
"external authentication server"?

Thanks again Steven!


--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: OSP question

On 12/28/18 5:13 AM, alekz wrote:
> On 2018-12-27 18:04, Steven Williams wrote:
>> On 12/27/18 9:26 AM, alekz wrote:
>>> Hello,
>>>
>>> The docs for 3.5 say that we must install a separate instance of OSP
>>> for use with IG even if already have OSP installed for IDM:
>>>
>>> https://www.netiq.com/documentation/identity-governance-35/install-guide/data/b1djgc1j.html
>>>
>>>
>>>
>>> (Conditional) Even if you installed OSP with Identity Manager 4.5 or
>>> later, if you want to use OSP as your authentication service, you
>>> must install a separate instance of OSP for use with Identity
>>> Governance.
>>>
>>> This is confusing since in the part that documents "Integrating
>>> Single Sign-on Access with Identity Manager"
>>>
>>> https://www.netiq.com/documentation/identity-governance-35/install-guide/data/t46l480bru7u.html
>>>
>>>
>>> it says:
>>>
>>> "Identity Governance must use the same authentication server that the
>>> identity applications use. "
>>>
>>> and there is an entire chapter called "Using the Same Authentication
>>> Server as Identity Manager#"
>>>
>>> My question is, if I want SSO between IG and IDM, do I need to
>>> install a separate instance of OSP for IG or not?
>>>
>>> Thanks!
>>>
>>>

>> Greetings,
>>
>> 1) ID Gov requires min version of OSP to be 6.3.0
>>
>> 2) I will notify the documentation team to correct the Conditional
>> statement, because IDM 4.5 would not have the correct min version of
>> OSP.  When IDM 4.7.2 releases, it will include version 6.3.0 of OSP.
>>
>>
>> To be able to SSO between ID Gov and the Identity Apps, the "same" OSP
>> has to be used.  The reason why I have quotes is because you could
>> have a cluster of OSPs so it would not be the 1 same OSP, but N number
>> of OSPs that are properly configured in a Cluster.
>>
>>
>>
>> The following note is a different part of the docs:
>>
>> "
>> NOTE: To integrate Identity Governance 3.5 with NetIQ Identity
>> Manager, you must have NetIQ Identity Manager 4.7.2, at a minimum. For
>> Single Sign On (SSO) between Identity Governance 3.5 and NetIQ
>> Identity Manager 4.7, you must have OSP 6.3.0 available in 4.7.x patch
>> and later versions of NetIQ Identity Manager, at a minimum.
>> "
>>

> Hi,
>
> So it has to be the "same" OSP and it has to be 6.3.0.
>
> One more question, once IDM 4.7.2 with OSP 6.3.0 comes out, I should
> copy uaconfig-ig-defs.xml from the IG server to the OSP server for
> integration purposes.
>
> But I can't find it on the IG server. It has both OSP 6.3.0 och IG 3.5
> installed. Is it because I run them both on the same server so there is
> no need for the file? I.e. do I have to reinstall IG and select
> "external authentication server"?
>
> Thanks again Steven!
>
>

Greetings,

1) The documentation is being corrected on this. As you noticed the
uaconfig-ig-defs.xml file is no longer provided with ID Gov 3.5. It
will be provided with the upcoming IDM patch.


2) For a "clean" environment I would suggest re-installing and select
"external authentication server" once the upcoming IDM patch is available.


--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.