WebSphere Application Server - Express, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Configuring the JACC provider for Tivoli Access Manager using the wsadmin utility

Why and when to perform this task

In a network deployment architecture, verify that all the managed servers, including node agents, are started. The following configuration is performed once on the deployment manager server. The configuration parameters are forwarded to managed servers, including node agents, when a synchronization is performed. The managed servers then require their own restart for the configuration changes to take effect.

You can use the wsadmin utility to configure Tivoli Access Manager security for WebSphere Application Server:

Steps for this task

  1. Start WebSphere Application Server.
  2. Start the command-line utility by running the wsadmin command from the install_dir/bin directory.
  3. At the wsadmin prompt, enter the following command:

    $AdminTask configureTAM -interactive

    You are prompted to enter the following information:
    OptionDescription
    WebSphere Application Server node nameSpecify a single node or enter an asterisk (*) to choose all nodes.
    Tivoli Access Manager Policy ServerEnter the name of the Tivoli Access Manager policy server and the connection port. Use the format, policy_server : port. The policy server communication port is set at the time of Tivoli Access Manager configuration – the default port is 7135.
    Tivoli Access Manager Authorization ServerEnter the name of the Tivoli Access Manager authorization server. Use the format auth_server : port : priority. The authorization server communication port is set at the time of Tivoli Access Manager configuration – the default port is 7136. More than one authorization server can be specified by separating the entries with commas. Having more than one authorization server configured is useful for failover and performance. The priority value is the order of authorization server use. For example: auth_server1:7136:1,auth_server2:7137:2. A priority (of 1) is still required when configuring against a single authorization server.
    WebSphere Application Server administrator's distinguished nameEnter the full distinguished name of the WebSphere Application Server security administrator ID as created in Creating the security administrative user. For example: cn=wasadmin,o=organization,c=country
    Tivoli Access Manager user registry distinguished name suffix For example: o=organization,c=country
    Tivoli Access Manager administrator's user name Enter the Tivoli Access Manager administration user ID, as created at the time of Tivoli Access Manager configuration. This ID is usually, sec_master.
    Tivoli Access Manager administrator's user password Enter the password for the Tivoli Access Manager administrator.
    Tivoli Access Manager security domainEnter the name of the Tivoli Access Manager security domain that is used to store users and groups. If a security domain is not already established at the time of Tivoli Access Manager configuration, click Return to accept the default.
    Embedded Tivoli Access Manager listening port set WebSphere Application Server needs to listen on a TCP/IP port for authorization database updates from the policy server. More than one process can run on a particular node and machine so a list of ports is required for the processes. Enter the ports that are used as listening ports by Tivoli Access Manager clients, separated by a comma. If you specify a range of ports, separate the lower and higher values by a colon. For example, 7999, 9990:9999.
    DeferSet to yes, this option defers the configuration of the management server until the next restart. Set to no, configuration of the management server occurs immediately. Managed servers are configured on their next restart.
  4. When all information is entered, select F to save the configuration properties or C to cancel from the configuration process and discard entered information.

What to do next

Now enable the JACC provider for Tivoli Access Manager- Enabling the JACC provider for Tivoli Access Manager.



Related tasks
Configuring the JACC provider for Tivoli Access Manager using the administrative console
Creating the security administrative user

Related reference
Tivoli Access Manager JACC provider configuration

Task topic    

Terms of Use | Feedback

Last updated: Jun 8, 2005 12:45:23 PM EDT
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_config_JACC_interface_wsadmin.html

© Copyright IBM Corporation 2004, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)