Topic
  • 4 replies
  • Latest Post - ‏2018-06-21T06:38:17Z by franzw
Ab11
Ab11
3 Posts

Pinned topic Basics of ISIM 7 Virtual Appliance

‏2018-06-13T21:12:35Z | apps file google upload

Hello,

 Newbie question. I am new to the Security Identity Manager virtual appliance and stuck on some basic issues with the virtual appliance. I am trying to get the Google Apps connector working with the ISIM server and I cannot seem to figure out how I can upload files to the ISIM server. All the documentation I have found seems to assume I have access to the server and the directory structure to I can upload various files/libraries.

I started with the google apps connector for the SDI and could not figure out how to install it on the virtual appliance. So I gave up the idea of using the SDI already installed on the virtual appliance and instead setup a separate server with SDI and installed the dispatcher and connectors on it.

But then I got to configuring the Google apps service in the identity manager web console and it requires the  "Client Key Path" which as I understand it is a path to the .p12 file I downloaded from google apps but I cannot seem to figure out how/where to upload that onto the ISIM VA server. I tried the "custom file management" and "external library" etc and it would not accept the file.

 
I tried looking around a lot and could not find any information anywhere. It is probably something very simple and self evident but I cannot seem to figure that one out. Please help.

 

  • franzw
    franzw
    472 Posts

    Re: Basics of ISIM 7 Virtual Appliance

    ‏2018-06-15T06:17:48Z  

    Adapters that requires files to be added to the adapter needs to run on an external adapter instance. So you will need to install TDI on a separate server or utilize your data layer server for this purpose.

    HTH

    Regards

    Franz Wolfhagen

  • Ab11
    Ab11
    3 Posts

    Re: Basics of ISIM 7 Virtual Appliance

    ‏2018-06-15T13:11:06Z  
    • franzw
    • ‏2018-06-15T06:17:48Z

    Adapters that requires files to be added to the adapter needs to run on an external adapter instance. So you will need to install TDI on a separate server or utilize your data layer server for this purpose.

    HTH

    Regards

    Franz Wolfhagen

    Hi Franz,

     Thanks for your reply. I did end up installing the adapter on a separate SDI server but I am stuck in the process where I am configuring the Google Apps service in SIM console where it asks for "Client Key Path". My assumption is this is a path to the google .p12 file which needs to be on the SIM Virtual appliance? Is that not the case?

     

    Thanks,

    Ab.

  • Ab11
    Ab11
    3 Posts

    Re: Basics of ISIM 7 Virtual Appliance

    ‏2018-06-19T14:47:36Z  

    Anyone have insight on how to configure the Google Apps Profile in Identity Manager and provide the path to the "Client Key Path" field? Do we need to upload the key to the Identity Manager Virtual appliance somehow?

  • franzw
    franzw
    472 Posts

    Re: Basics of ISIM 7 Virtual Appliance

    ‏2018-06-21T06:38:17Z  
    • Ab11
    • ‏2018-06-19T14:47:36Z

    Anyone have insight on how to configure the Google Apps Profile in Identity Manager and provide the path to the "Client Key Path" field? Do we need to upload the key to the Identity Manager Virtual appliance somehow?

    I have not worked with that exact adapter - but it should be documented in the formal documentation of the adapter - if not you are entitled to raise a PMR - remember that this forum is not an official support forum - it is professionals helping each other :-)

    But let me try to walk you through the reasoning you need to apply....

    There are 2 sets of communication involved here - from ISIM (VA) to the Adapter and from the Adapter to the managed endpoint (Google Apps). Now - if Google Apps requires a certificate in the communication it does not make sense that this is something "internal" to the ISIM system - it is something that happens between the adapter and Google. So the logical conclusion is that the certificate must be part of the Adapter (TDI) - so you need to have a keystore defined there (or using the default provided which is a bad idea unless you secure them (change password, remove CA certificates etc. - this is the usual SSL tasks to secure/limit the communication).

    You should of course also secure the communication between the adapter TDI and ISIM. This is also documented in the adapter documentation - but here the Google certificate is not part of the equation...

    HTH

    Regards

    Franz Wolfhagen