Skip to main content Skip to complementary content

Securing connections for Talend Identity and Access Management

Use SSL with self-signed certificate to connect to Talend Identity and Access Management.

Procedure

  1. Place your JKS file to the <installation_path>/config folder.
  2. Open the <installation_path>/start.bat file to edit it.
  3. Add the following settings. 
    set SERVER_SSL_KEYSTORE=<absolute_path_to_your_jks_file> (for example: C:/keysotre/server.jks)
set SERVER_SSL_KEYSTOREPASSWORD=<secret>
set SERVER_SSL_KEYPASSWORD=<secret>
  4. Optional: If you installed Talend Identity and Access Management as a system service, see this procedure to make additional configuration changes to ensure the keystore settings take effect.
  5. Open the <installation_path>/config/iam.properties file and change the URL below from http to https: 
    oidc.url=https://${oidc.host}:${oidc.port}${oidc.context}
  6. Optional: If you have enabled SSL connection for Talend Administration Center, in <installation_path>/config/iam.properties, change the following URL from http to https: 
    tac.url=https://<host_name>:<port>/org.talend.administrator
  7. Optional: If your Talend Administration Center is using self-signed certificates for SSL, as described in Configure TLS/SSL in Talend Administration Center, proceed as follows:
    1. Retrieve the Talend Administration Center certificate, or its Certificate Authority, and add it to the Talend Identity and Access Management truststore using the following command: 
      keytool -import -trustcacerts -alias <cert-alias> -file <TAC_certificate.crt> -keystore <IAM_truststore.jks>
    2. Add the following line to start.bat: 
      set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=/path/to/IAM_truststore.jks -Djavax.net.ssl.trustStorePassword=trustStore_password
  8. Optional: To enable SSL connection for modules such as Talend Data Stewardship or Talend Data Preparation, do the following:
  9. Restart Talend Identity and Access Management.

Additional keystore configuration for Talend Identity and Access Management as service

These configuration changes are only necessary when you have installed Talend Identity and Access Management as a system service.

Make these changes for the OIDC and the SCIM services of Talend Identity and Access Management.

Procedure

  1. Open a command line and navigate to the <Talend_installation>/utils folder.
  2. Run this command: nssm edit talend-iam-oidc-8.0.1
    The number 8.0.1 represents the installed version used in this example. This opens a dialog for service parameters.
  3. Go to the Environment tab.

    Example

    The Environment tab for service parameters
  4. Add the required keystore variables.

    Example

    The Environment tab with keystore variables
    The variables to be added are:
    SERVER_SSL_KEYSTORE=<absolute_path_to_your_jks_file> (for example: C:/keysotre/server.jks)
SERVER_SSL_KEYSTOREPASSWORD=<secret>
SERVER_SSL_KEYPASSWORD=<secret>
  5. Optional: If your Talend Administration Center is using self-signed certificates for SSL, as described in Configure TLS/SSL in Talend Administration Center, add the truststore configuration of your Talend Identity and Access Management to the Arguments: field.
    1. Go to the Application tab.

      Example

      The application tab of the NSSM service editor
    2. In the Arguments: field, add the following values: 
      -Djavax.net.ssl.trustStore=/path/to/trustStore -Djavax.net.ssl.trustStorePassword=trustStore_password

      Ensure to add these values in the middle of the string, before -jar <jar name>. The system interprets strings after -jar <jar name> as command-line parameters to the Java main function.

      Information noteWarning:

      Ensure that you have added the Talend Administration Center's certificate to the Talend Identity and Access Management truststore.

      This has been explained in the previous section.

  6. Save the changes by clicking Edit service.
    If successful, the following message should appear:
    Service 'talend-iam-oidc-8.0.1' edited successfully!
  7. Click OK to validate the changes.
  8. Restart the service to load the changes.
  9. Repeat the same steps for the service talend-iam-scim-8.0.1.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here