WebSphere Application Server - Express, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Configuring Tivoli Access Manager groups

Why and when to perform this task

The WebSphere Application Server administrative console can be used to specify security policies for applications that run in the WebSphere Application Server environment. The WebSphere Application Server administrative console can also specify security policies for other Web resources, based on the entities that are stored in the registry.

Tivoli Access Manager adds the accessGroup object class to the registry. Tivoli Access Manager administrators can use the pdadmin utility (available only on the policy server host in the PD.RTE fileset) to create new groups. These new groups are added to the registry as the accessGroup object class.

The WebSphere Application Server administrative console is not configured by default to recognize objects of the accessGroup class as user registry groups. You can configure the WebSphere Application Server administrative console to add this object class to the list of object classes that represent user registry groups. To do this configuration, complete the following instructions:

Steps for this task

  1. From the WebSphere Application Server administrative console, access the advanced settings for configuring security by clicking Security > Global security.
  2. Under User registries, click LDAP.
  3. Under Additional properties, click Advanced Lightweight Directory Access Protocol (LDAP) user registry settings
  4. Modify the Group Filter field. Add the following entry: (objectclass=accessGroup)
    The Group Filter field then looks like the following example:

    (&(cn=%w)(|(objectclass=groupOfNames)
    (objectclass=groupOfUniqueNames)
    (objectclass=accessGroup)))

  5. Modify the Group Member ID Map field. Add the following entry: accessGroup:member The Group Member ID Map field then looks like the following example:

    groupOfNames:member;groupOfUniqueNames:uniqueMember;
    accessGroup:member

  6. Stop and restart WebSphere Application Server.



Related concepts
Role-based security with embedded Tivoli Access Manager

Task topic    

Terms of Use | Feedback

Last updated: Jun 8, 2005 12:45:23 PM EDT
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_use_TAM_groups.html

© Copyright IBM Corporation 2004, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)