Using external authentication – HP Identity Driven Manager Software Series User Manual

3-63

Using Identity Driven Manager

Using the User Import Wizard

Using External Authentication

The

SASL External authentication

window is used to define the external LDAP

data source. External authentication uses an X509 certificate for user authen-
tication. The LDAP X509 User Certificate must be installed in a keystore on
the IDM server, and the LDAP server’s certificate must be stored in the trust
store under your JRE installation on the IDM server. See page 3-64 for details
on importing LDAP X509 User certificates for use with IDM.

To set up External authentication:

1.

In the

Server field, type the DNS name of the LDAP server.

2.

In the

Domain field, type the domain name. It is used to create a realm in

IDM.

3.

Optionally, in the

Base DN field, type the Base Distinguished Name. IDM

will search only for users and groups from this node of a directory tree.

4.

In the

Keystore field, type the keystore file name.

For JKS, the

Keystore

is the location on the IDM server where you installed

the keystore. (for example: c:\idmuser\mykeystore)

For PKCS12, enter the PKCS certificate in the

Keystore

field,.

5.

In the

Password field, type the password.

For JKS, enter the password of the keystore on the IDM Server.

For PKCS12, enter the PKCS12 key in the

Password

field

6.

Select the

Type: either jks, or pkcs12.