12.4 Changing Host File IP Addresses to DNS Names

Beginning with Identity Governance 3.5.0, the product installation requires you to identify host servers using only fully-qualified DNS names. In previous releases, you could specify either the IP address or the DNS name to identify host servers.

If you used IP addresses when you installed a previous version of the product, ensure you use fully-qualified DNS names when you install the latest version. If you are able to successfully install the product using IP addresses, users might get an OAuth2 error when logging in to the product. If this happens, you must modify settings in three places after you upgrade to use the latest version of Identity Governance.

To change the Identity Governance configuration to use the DNS name requires changing the information in three different locations.

To update to the DNS name:

  1. Update the DNS names in the setenv script that sets the environment variables for Apache Tomcat.

    1. Stop Apache Tomcat. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.

    2. Open the setenv file in a text editor. The default location of the file is:

      • Linux: /opt/netiq/idm/apps/tomcat/bin/setenv.sh

      • Windows: C:\netiq\idm\apps\tomcat\bin\setenv.bat

    3. Change the IP address associated with -Dcom.netiq.idm.osp.client.host to the fully-qualified DNS name.

    4. Save and close the file.

  2. Update the DNS names in the ism-configuration.properties file.

    1. Open the ism-configuration.properties file in a text editor.

      • Linux: /opt/netiq/idm/apps/tomcat/conf/ism-configuration.properties

      • Windows: C:\netiq\idm\apps\tomcat\ism-configuration.properties

    2. Change the IP address associated with the following attributes to the fully-qualified DNS name:

      • com.netiq.idm.osp.url.host

      • com.netiq.iac.url.local.host

      • com.netiq.rpt.authserver.url

      • com.netiq.rpt.access.review.url

      • com.netiq.rpt.landing.url

      • com.netiq.rpt.rpt-web.redirect.url

    3. Save and close the file.

  3. Update the DNS names in the Identity Governance Configuration utility.

    1. Ensure that the Identity Governance database is running.

    2. Start the Identity Governance Configuration utility with the database password. For more information, see Section 14.1.3, Using the Identity Governance Configuration Utility.

    3. Change the IP address associated with the following attributes on the specified tabs to the fully-qualified DNS name:

      Tab

      Setting

      Authentication Server Details

      • IG Redirect URL

      • IG Request Redirect URL

      Network Topology

      Nodes Host Name

      Workflow Settings

      JMS broker URI

    4. Exit the utility.

  4. Start Apache Tomcat. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.