4.7 -- add role activity in policy failing over https

fp_idmworks · ‎2018-10-25

when specifying the connection string to be https and port 8543 for the add role action on a null driver, it gives an error about the certificate. I'm able to enable port 8080 in the server.xml and add the role over this port just fine. Is there a way for the add role activity to use https when adding a role through policy, such as through the Null driver and if so, what are the parameters to do so? I'm assuming there should be a parameter of where to look for the certificate, or what not.

geoffc · ‎2018-10-25

On 10/25/2018 5:56 AM, fp IDMWORKS wrote:
>
> when specifying the connection string to be https and port 8543 for the
> add role action on a null driver, it gives an error about the
> certificate. I'm able to enable port 8080 in the server.xml and add the
> role over this port just fine. Is there a way for the add role activity
> to use https when adding a role through policy, such as through the Null
> driver and if so, what are the parameters to do so? I'm assuming there
> should be a parameter of where to look for the certificate, or what not.

Import the UA/OSP's front end SSL's certificates signer into the engines
JVM's cacerts?

fp_idmworks · ‎2018-10-25

That makes sense. But I'm assuming the RR and UA drivers are doing the same as they are running fine on the same server over https, or do they use a different method?

geoffc · ‎2018-10-25

On 10/25/2018 12:16 PM, fp IDMWORKS wrote:
>
> That makes sense. But I'm assuming the RR and UA drivers are doing the
> same as they are running fine on the same server over https, or do they
> use a different method?

Fair point. Check the cacerts for the serial number of UA server cert?

Often the UA connection for RR and UA are done with basic auth, skipping
OSP, so perhaps hitting a different front end? Different cert?

Identity Applications