Why and when to perform this task
Tivoli Access Manager trust association interceptors require the creation of a trusted user account in the shared LDAP user registry. This account includes the ID and password that WebSEAL uses to identify itself to WebSphere Application Server. To prevent potential vulnerabilities, do not use the sec_master ID as the trusted user account and ensure that the password you use is unique and generated randomly. Use the trusted user account should for the TAI or TAI++ only.Use either the Tivoli Access Manager pdadmin command-line utility or Web Portal Manager to create the trusted user. For example, from the pdadmin command line:
Example
pdadmin> user create webseal_userid webseal_userid_DN firstname surname password pdadmin> user modify webseal_userid account-valid yes