Configure PassPort connection

PassPort AM is configured during installation but you can customize it any time later in the following Administration sections:

  • Applications
  • Components

In this context, Application and Component can be described as:

  • Application – Set of logical configuration kept in Repository that represents a business model.
  • An application corresponds to a product instance registered in PassPort AM.
  • Component – Physical configuration of a product registered in Repository. Usually, a component is linked to an application. For example, Designer is linked to the application designer and AccountingIntegrator is linked to the application default. You can see this link when opening the details of the component in Administration.

Application configuration

The following parameters can be configured for each application in the PASSPORT section of the application screen:

  • Server host – The hostname of the PassPort AM server
  • Server port – The HTTP or HTTPS port of PassPort AM server
  • SSO Server host – The hostname of the PassPort SSO Agent. This must be set only when CAS SSO is used. When PassPort was installed with the option Host SSO Agent in PassPort Server, this is the same as Server host.
  • SSO Secured port – The port of the PassPort SSO Agent. This must be set only when CAS SSO is used.
  • SSO Client Authentication port – The SSO client authentication port of the PassPort SSO Agent. This must be set only when CAS SSO is used.
  • Product group – Product group as registered in PassPort AM
  • Instance – Product instance name as registered in PassPort AM
  • Product name – Product name as registered in PassPort AM
  • Product version – Product version as registered in PassPort AM
  • Secure connection – When checked, the initial communication with PassPort AM is done on an SSL secured connection. On this parameter depends whether Server port is the HTTP or HTTPS port of PassPort AM server.
  • Truststore – The keystore containing the trusted CA certificate that signed the SSL server certificate of PassPort AM
  • CSD – The CSD file that is uploaded in PassPort AM
  • Registration shared secret – Shared secret for self-registration that was set during PassPort AM installation. For further information about this, please refer to the “Shared secret for self-registration” section in the “Administration menu” chapter of the PassPort AM Administrator Guide.

Component configuration

The following parameters can be configured on a component level in the PASSPORT section of the component screen:

  • Passport
    • When checked, the component uses PassPort AM.
    • When unchecked the component uses the internal security implementation which can be implemented by the customer.
    • Caution Use this with caution, because the default internal security implementation does not perform any authentication or authorization.
  • CAS SSO – When checked, it will use the SSO mode that does not use a proxy
  • SSO Port – This port is used to compute the SSO URL when the latter one is missing
  • SSO URL – This has different meanings, depending on the CAS SSO parameter:
    • CAS SSO checked – It is the URL that PassPort SSO Agent redirects to when the user clicks on a product in the SSO landing page. Usually, this is the same as Component URL, but it can be different in a complex network configuration
    • CAS SSO unchecked – It is the HTTPS URL that PassPort SSO Agent connects to with client authentication when it acts as a reverse proxy

Other configuration actions

When the certificate of PassPort AM server is changed, the following actions must be taken:

Note   Replace <someTemporaryFolder> with a folder of your choice
  • Open Repository Console and perform the following commands:
    • exportPassport admin <someTemporaryFolder>
    • unregisterPassport admin
  • Import the certificate of the CA that signed the certificate into <someTemporaryFolder>/registry/passport/truststore.jks:
    • keytool -importcert -trustcacerts -file <fileContainingCA> -keystore truststore.jks -alias <nameOfCA>
  • Open the Repository console and perform the following command:
    • importRegistry <someTemporaryFolder>
  • Restart Tomcat or the application server.
  • In Administration go to the PASSPORT section of the application edit screen and, for each application that is configured to work with this PassPort AM server, upload the truststore file that you previously updated.
  • Restart Tomcat or the application server.

Related Links