Configuring the Tivoli Directory Integrator Server

For IBM QRadar to integrate with user information sources, you must install and configure a Tivoli® Directory Integrator on a non-QRadar host.

About this task

No configuration is required on your QRadar system; however, you must access your Console to obtain the QRadarIAM_TDI.zip file. Then, install and configure a Tivoli Directory Integrator server on a separate host. Create and import a self-signed certificate.

When you extract the QRadarIAM_TDI.zip file on the Tivoli Directory Integrator server, the TDI directory is automatically created. The TDI directory includes the following files:

  • QradarIAM.sh, which is the TDI start up script for Linux®
  • QradarIAM.bat, which is the TDI start up script for Microsoft Windows
  • QradarIAM.xml, which is the TDI xml script and must be stored in the same location as the QradarIAM.properties file
  • QradarIAM.properties, which is the properties file for TDI xml script

When you install Tivoli Directory Integrator, you must configure a name for the Solutions directory. This task requires you to access the Solutions directory. Therefore, in the task steps, <solution_directory> refers to the name that you gave to the directory.

The following parameters are used to create and import certificates:

Table 1. Certification configuration parameters
Parameter Description
<server_ip_address> Defines the IP address of the Tivoli Directory Integrator server.
<days_valid> Defines the number of days that the certificate is valid.
<keystore_file> Defines the name of the keystore file.
-storepass <password> Defines the password for keystore.
- keypass <password> Defines the password for the private/public key pair.
<alias> Defines the alias for an exported certificate.
<certificate_file> Defines the file name of the certificate.

Procedure

  1. Install Tivoli Directory Integrator on a non-QRadar host. For more information on how to install and configure Tivoli Directory Integrator, see your Tivoli Directory Integrator (TDI) documentation.
  2. Using SSH, log in to your IBM QRadar Console as the root user.
    1. User name: root
    2. Password: <password>
  3. Copy the QRadarIAM_TDI.zip file to the Tivoli Directory Integrator server.
  4. On the Tivoli Directory Integrator server, extract the QRadarIAM_TDI.zip file in the Solutions directory.
  5. Configure your Tivoli Directory Integrator server to integrate with QRadar.
    1. Open the Tivoli Directory Integrator <solution_directory>/solution.properties file.
    2. Uncomment the com.ibm.di.server.autoload property. If this property is already uncommented, note the value of the property.
    3. Choose one of the following options:
      • Change directories to the autoload.tdi directory, which contains the com.ibm.di.server.autoload property by default.
      • Create an autoload.tdi directory in the <solution_directory> to store the com.ibm.di.server.autoload property.
    4. Move the TDI/QRadarIAM.xml and TDI/QRadarIAM.property files from the Tivoli Directory Integrator directory to<solution_directory>/autoload.tdi directory or the directory you created in the previous step.
    5. Move the QradarIAM.bat and QradarIAM.sh scripts from the Tivoli Directory Integrator directory to the location from which you want to start the Tivoli Directory Integrator.
  6. Create and import the self-signed certificate into the Tivoli Directory Integrator truststore.
    1. To generate a keystore and a private/public key pair, type the following command:
      • keytool -genkey -dname cn=<server_ip_address> -validity <days_valid> -keystore <keystore_file> -storepass <password> - keypass <password>
      • For example, keytool -genkey -dname cn=192.168.1.1 -validity 365 -keystore server.jks -storepass secret -keypass secret
    2. To export the certificate from the keystore, type the following command:
      • keytool -export -alias <alias> -file <certificate_file> - keystore <keystore_file> - storepass <password>
      • For example, keytool -export -alias mykey -file server.cert -keystore server.jks -storepass secret
    3. To import the primary certificate back into the keystore as the self-signed CA certificate, type the following command:
      • keytool -import -trustcacerts -file <certificate_file> -keystore <keystore_file> -storepass <password> -alias <alias>
      • For example, keytool -import -trustcacerts -file server.cert -keystore server.jks -storepass secret -alias mytrustedkey
    4. Copy the certificate file to the /opt/qradar/conf/trusted_certificates on the QRadar Console.
  7. Import the CA certificate into the Tivoli Directory Integrator truststore.
    1. To import the CA certificate into the keystore as the self-signed CA certificate, type the following command:
      • keytool -import -trustcacerts -file <certificate_file> -keystore <keystore_file> -storepass <password> -alias <alias>
      • For example, keytool -import -trustcacerts -file server.cert -keystore server.jks -storepass secret -alias mytrustedkey
    2. Copy the CA certificate file to the /opt/qradar/conf/trusted_certificates on the QRadar Console.
  8. Edit the <solution_directory>/solution.properties file to uncomment and configure the following properties:
    • javax.net.ssl.trustStore=<keystore_file>
    • {protect}-javax.net.ssl.trustStorePassword=<password>
    • javax.net.ssl.keyStore=<keystore_file>
    • {protect}-javax.net.ssl.keyStorePassword=<password>
    Note: The default unmodified password might be displayed in the following format: {encr}EyHbak. Enter the password as plain text. The password encrypts the first time that you start Tivoli Directory Integrator.
  9. Start Tivoli Directory Integrator.