Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
328 views

IDM 4.5.3 - UA with multiple DNS names


Hello,

I have heard somewhere that you should use only one DNS name for the UA
server.

But lets consider the following:

The UA has an actual hostname of ua01.customer.com

The customer would like for clients to visit the UA over the internet on
useradministration.customer.com

Would it be possible to create an alias, meaning a CNAME record, and
have the users access that DNS name, without any problems? I presume a
certificate for the external DNS name (useradministration.customer.com)
would have to be created and used on the UA Tomcat server.

Or, is it only possible to have one DNS name for the UA server, meaning
it's actual name must always be useradministration.customer.com, for
this to work?

Thanks in advance,

Jacob.


--
jacmarpet
------------------------------------------------------------------------
jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=55624

Labels (1)
0 Likes
2 Replies
Absent Member.
Absent Member.

On 3/30/16 5:04 AM, jacmarpet wrote:
>
> Hello,
>
> I have heard somewhere that you should use only one DNS name for the UA
> server.
>
> But lets consider the following:
>
> The UA has an actual hostname of ua01.customer.com
>
> The customer would like for clients to visit the UA over the internet on
> useradministration.customer.com
>
> Would it be possible to create an alias, meaning a CNAME record, and
> have the users access that DNS name, without any problems? I presume a
> certificate for the external DNS name (useradministration.customer.com)
> would have to be created and used on the UA Tomcat server.
>
> Or, is it only possible to have one DNS name for the UA server, meaning
> it's actual name must always be useradministration.customer.com, for
> this to work?
>
> Thanks in advance,
>
> Jacob.
>
>

Greetings,
This is not a "User Application" issue, but a requirement with OSP.
You can only utilized one (1) protocol and one (1) URL to access the
applications.



--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
Absent Member.
Absent Member.


Jacob,

as Steve pointed out, the one dns name for user app or any identity
application in IDM 4.5 is a requirement of OSP which utilizes Oauth 2.0
protocol. If you do some googling on Oauth it will give you an idea
why.

You can use any dns name you want as long as:

1. that dns name resolves to your UA server
2. is registered with OSP in OSP Oauth redirect URL

The registration is done during the install but you can also modify it
through configupdate utility - > SSO Client tab

Number 2 is really the reason why you can only have one dns name to
access your user application. DNS name in your browser has to match what
is registered with OSP, including the protocol (http, https) and ports.
Otherwise you will get all kinds of errors including a blank page.

So in your case, you can use useradministration.customer.com but you
have to make sure that this DNS is registered with OSP and also resolves
to your User app server from outside and inside.

Hope that helps.

MJ


--
mjendrisek
------------------------------------------------------------------------
mjendrisek's Profile: https://forums.netiq.com/member.php?userid=8294
View this thread: https://forums.netiq.com/showthread.php?t=55624

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.