Tivoli® Access
Manager trust association interceptors require the creation of a trusted
user
account in the shared LDAP user registry.
About this task
This account includes
the ID and password that WebSEAL uses to identify
itself to WebSphere® Application
Server. To prevent potential vulnerabilities, do not use the sec_master
ID
as the trusted user account and ensure that the password you use is
unique
and generated randomly. Use the trusted user account for the TAI or
TAI++
only.
Procedure
- Use either the Tivoli Access
Manager pdadmin command-line utility
or Web Portal Manager to create the trusted user. For example, from
the pdadmin command
line.
- Reference the code listed below as an
example for creating a trusted
user account.
- Reference the following additional
resources for more information:
- Configuring WebSEAL for use with WebSphere Application Server
- Configuring Tivoli Access Manager plug-in for web servers for use with WebSphere Application Server
Example
pdadmin> user create webseal_userid webseal_userid_DN firstname
surname password
pdadmin> user modify webseal_userid account-valid yes