Manage federated directories

Keep federated directories up-to-date so that Security Verify Access can access the most recent user information stored in external user registries. We can add a new directory, remove an existing one, or modify its settings.

Federated directories store the data associated with different users in different user registries. With federated directories, the appliance can access user information stored in a user registry external to ISAM.

The distinguished name (DN) of the user who controls the user registry used when searching for user information. The Security Verify Access data associated with each user record is still stored in the ISAM user registry. The Security Verify Access user registry is defined when configuring the runtime environment.

The Federated Directories menu item is enabled only if the runtime component is already configured. If the federated directories configuration is changed on the appliance running the policy server, the policy server is automatically restarted.

Steps

  1. Select Web > Manage > Runtime Component.

  2. Select Manage > Federated Directories. All configured directories are displayed. By default, only the number of configured suffixes is shown. To view the suffixes in a particular directory, expand the relevant row.

  3. Follow the prompts to complete the desired action. After making any of the following changes, restart the ISAM runtime environment for the changes to take effect.

    • Add a directory

      • Click New and provide values for the displayed fields.
      • Multiple suffixes can be added on separate lines in the Suffix field.

      • If the Enable SSL option is selected, an extra field Client Certificate is displayed. Use the Client Certificate field to define the client personal certificate to present to the federated user directory server. This field is not required when one of the certificates in the keyfile was identified as the default certificate. The decision of Whether to identify a certificate as the default depends on the configuration of the target user directory server.

      • We can click Save only if all of the fields are valid.

    • Modify the settings for a configured directory

      • Select the directory to update and click Edit.

    • Remove a directory or suffix

      • If we select a directory row and click Delete, the selected directory is removed. If we select a suffix row and click Delete, the selected suffix is removed. Before deleting a federated directory, delete all federated users in this directory from Security Verify Access first.
      • The confirmation message indicates whether a directory or a suffix is being removed.

      • We cannot delete a suffix if it is the only suffix left in a directory, as such operation would leave the configuration in an invalid state. A directory must have at least one suffix to be valid.

    • Update the LDAP SSL settings

      • Click SSL Settings.
      • This function updates the values in the ldap.conf configuration file. These values are only used if SSL settings do not exist in the configuration file of the hosting server. For example, if the settings exist in the WebSEAL configuration file, they take precedence over the settings contained in the ldap.conf configuration file.

Parent topic: Users and user registries