Thursday, 9 October 2014

How to configure Identity Manager SMTP notification over TLS

In order to configure ISIM to send email notifications to the SMTP server over a TLS connection, the following steps must be followed:
1. In addition to the normal parameters that are configured in $ITIM_HOME/data/enRoleMail.properties, the following params need to be added:

    mail.smtp.localhost= <fully qualified hostname of the ISIM server>
    mail.smtp.starttls.enable=true

2. Add the Signer Certificate (Certificate Authority) of the SMTP server's certification to ISIM's truststore.
NOTE: If the SMTP server is using a self-signed cert, that cert should be added to the truststore.
a. Use the ikeyman in $WAS_HOME/AppServer/bin/
b. Open the truststore file for the ISIM AppServer(s).
Example: $WAS_HOME/AppServer/profiles/AppSrv01/config/cells/ISIMCell01/trust.p12
c. Select Signer Certificates
d. Click the Add button
e. Select the SMTP certificate and give the cert an alias (any unique name).
f. Restart WebSphere
NOTE: If the SMTP server requires authentication, there is currently no way to configure ISIM to provide the password for SMTP authentication (Java Mail does not provide a property for this, it must be provided via javax.mail.Authenticator, when establishing the SMTP Session).
However, ISIM can be configured to send notifications to the SMTP Server, through an SMTP relay.
Here is an example of how to configure an SMTP relay on a Windows 2008 Server:
NOTE: Unless TLS is required to connect to the SMTP relay, the steps above should not be followed.
1. If not already installed, install the SMTP Server (Start > Administrative Tools > Server Manager > Features > SMTP Server (this will also install IIS if not already installed)

2. Configure the SMTP server to relay to the main SMTP server, with Authentication over TLS:
    a. Open IIS: Start > Administrative Tools > Internet Information Services (IIS)
    b. In the IIS tree, expand the local SMTP server and right click on [SMTP Virtual Server #1].
    c. Select Properties
    d. Click on the Access tab
    e. Click on the Relay button
    f. Add the ISIM server IP address to the List of servers allowed to relay. Click OK
    g. Click on the Delivery Tab
    h. Click the Outbound Security button
    i. Select “Basic Authentication” and enter the username and password required to establish a connection to the main SMTP server.
    j. Select the “TLS encryption” checkbox. Click OK
    k. Click the Advanced button
    l. Enter the fully qualified hostname for the main SMTP server in both the “Fully-qualified domain name” and “Smart host” fields.
    m. Select the “Attempt direct delivery before sending to smart host” checkbox. Click OK.
    n. Click OK on the Properties window.

3. Configure the ' mail.host' parameter (in $ITIM_HOME/data/enRoleMail.properties) with the hostname or IP address of the SMTP Relay (not the main SMTP server).


Use this link from IBM for more reference......

 http://www-01.ibm.com/support/docview.wss?uid=swg21624174
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)