Skip to main content Skip to complementary content

Securing connections for Talend Identity and Access Management

Use SSL with self-signed certificate to connect to Talend Identity and Access Management.

Procedure

  1. Place your JKS file to the <installation_path>/config folder.
  2. Open the <installation_path>/start.bat file to edit it.
  3. Add the following settings. 
    set SERVER_SSL_KEYSTORE=<absolute_path_to_your_jks_file> (for example: C:/keysotre/server.jks)
set SERVER_SSL_KEYSTOREPASSWORD=<secret>
set SERVER_SSL_KEYPASSWORD=<secret>
  4. Optional: If you installed Talend Identity and Access Management as a system service, see this procedure to make additional configuration changes to ensure the keystore settings take effect.
  5. Open the <installation_path>/config/iam.properties file and change the URL below from http to https: 
    oidc.url=https://${oidc.host}:${oidc.port}${oidc.context}
  6. Optional: If you have enabled SSL for Talend Administration Center, change the following URL from http to https: 
    tac.url=https://<host_name>:<port>/org.talend.administrator
  7. Optional: If SSL has been enabled for modules such as Talend Data Stewardship or Talend Data Preparation, do the following:
    1. Navigate to the <installation_path>/config/clients folder.
    2. Open the corresponding client configuration files, for example, tdp-client.json for Talend Data Preparation, or tds-client.json for Talend Data Stewardship.
    3. In the redirect_uris property, change all URLs from http to https.
  8. Restart Talend Identity and Access Management.

Additional keystore configuration for Talend Identity and Access Management as service

These configuration changes are only necessary when you have installed Talend Identity and Access Management as a system service.

Make these changes for the OIDC and the SCIM services of Talend Identity and Access Management.

Procedure

  1. Open a command line and navigate to the <Talend_installation>/utils folder.
  2. Run this command: nssm edit talend-iam-oidc-8.0.1
    The number 8.0.1 represents the installed version used in this example. This opens a dialog for service parameters.
  3. Go to the Environment tab.

    Example

    The Environment tab for service parameters
  4. Add the required keystore variables.

    Example

    The Environment tab with keystore variables
    The variables to be added are:
    SERVER_SSL_KEYSTORE=<absolute_path_to_your_jks_file> (for example: C:/keysotre/server.jks)
SERVER_SSL_KEYSTOREPASSWORD=<secret>
SERVER_SSL_KEYPASSWORD=<secret>
  5. Save the changes by clicking Edit service.
    If successful, the following message should appear:
    Service 'talend-iam-oidc-8.0.1' edited successfully!
  6. Click OK to validate the changes.
  7. Restart the service to load the changes.
  8. Repeat the same steps for the service talend-iam-scim-8.0.1.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here