HP Identity Driven Manager Software Licenses User Manual
Page 129
3-67
Using Identity Driven Manager
Using the User Import Wizard
Using External Authentication
The
SASL External authentication
window is used to define the external LDAP
data source. External authentication uses an X509 certificate for user authen-
tication. The LDAP X509 User Certificate must be installed in a keystore on
the IDM server, and the LDAP server’s certificate must be stored in the trust
store under your JRE installation on the IDM server. See page 3-68 for details
on importing LDAP X509 User certificates for use with IDM.
To set up External authentication:
1.
In the
Server field, type the DNS name of the LDAP server.
2.
In the
Domain field, type the domain name. It is used to create a realm in
IDM.
3.
Optionally, in the
Base DN field, type the Base Distinguished Name. IDM
will search only for users and groups from this node of a directory tree.
4.
In the
Keystore field, type the keystore file name.
For JKS, the
Keystore
is the location on the IDM server where you installed
the keystore. (for example: c:\idmuser\mykeystore)
For PKCS12, enter the PKCS certificate in the
Keystore
field,.
5.
In the
Password field, type the password.
For JKS, enter the password of the keystore on the IDM Server.
For PKCS12, enter the PKCS12 key in the
Password
field
6.
Select the
Type: either jks, or pkcs12.