Migrating with Tivoli Access Manager for authentication enabled

When Tivoli® Access Manager security is configured for your existing environment and security is enabled, you can migrate to WebSphere® Application Server, Version 8.0.

Before you begin

Your profiles must be migrated using the migration tools to migrate product configurations.
Important: Do not restart the WebSphere Application Server Version 8.0 server until after performing the following procedure. The migration tools omit some files that enable the server to start correctly.

About this task

After migrating your profiles, additional steps are required when Tivoli Access Manager security is configured.
For transitioning users For transitioning users: WebSphere Application Server Version 8.0 hosts Tivoli Access Manager specific files under the %WAS_HOME%/tivoli/tam directory. In previous versions, these files were hosted under the %WAS_HOME%/java/jre/ hierarchy.trns
Note: In the following steps, %WASX% refers to the installation root of the source WebSphere Application Server product, and %WAS8% refers to the installation root of the target WebSphere Application Server product (the Version 8.0 installation root).

Procedure

  1. Copy the following files from the source location to target location.
    Table 1. Files to copy from the source location to the target location. Files to copy from the source location to the target location
    Source Location Target Location
    %WASX%\java\jre\PDPerm.properties %WAS8%\tivoli\tam\PDPerm.properties
    %WASX%\java\jre\lib\security\PdPerm.ks (if found) %WAS8%\tivoli\tam\lib\security\PdPerm.ks
    %WASX%\java\jre\lib\PdPerm.ks (if found) %WAS8%\tivoli\tam\PdPerm.ks
    %WASX%\java\jre\PolicyDirector\PDCA.ks %WAS8%\tivoli\tam\PolicyDirector\PDCA.ks
    %WASX%\java\jre\PolicyDirector\PD.properties %WAS8%\tivoli\tam\PolicyDirector\PD.properties
    %WASX%\java\jre\PolicyDirector\etc\pdjrte_paths %WAS8%\tivoli\tam\PolicyDirector\etc\pdjrte_paths
    %WASX%\java\jre\PolicyDirector\etc\pdjrte_mapping %WAS8%\tivoli\tam\PolicyDirector\etc\pdjrte_mapping
  2. Edit the PD.properties file, and change the following configuration settings:
    appsvr-plcysvrs=null\:0:\:1
    config_type=standalone
    Make the appropriate changes to point to your Tivoli Access Manager Policy Server, for example:
    appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1
    config_type=full
  3. Edit the following four files on the target system and make sure that all of the path references are corrected:
    • %WAS8%/tivoli/tam/PdPerm.properties
    • %WAS8%/tivoli/tam/PolicyDirector/PD.properties
    • %WAS8%/tivoli/tam/PolicyDirector/etc/pdjrte_paths
    • %WAS8%/tivoli/tam/PolicyDirector/etc/pdjrte_mapping
    When you correct the paths, complete the following steps in order:
    1. Ensure that all references from %WASX%/java/jre/PolicyDirector are changed to %WAS8%/tivoli/tam/PolicyDirector.
    2. Ensure that all references (in the PdPerm.properties file) from the%WASX%/java/jre/[security]/PdPerm.ks file are changed to %WAS8%/tivoli/tam/pdPerm.ks.
    3. Ensure that all remaining references from %WASX%/java/jre are changed to %WAS8%/java/jre.
    4. Edit the %WAS8%/tivoli/tam/PolicyDirector/etc/pdjrte_mapping file. It contains the JRE->JRE mapping: %WAS8%/java/jre=%WAS8%/java/jre.
      Change this mapping to JRE->tivoli/tam: %WAS8%/java/jre=%WAS8%/tivoli/tam.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms of Use | Feedback

Last updatedLast updated: Sep 19, 2011 6:15:55 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-express-dist&topic=tsec_migratesinglenode
File name: tsec_migratesinglenode.html