Creating a trusted user account in Tivoli Access Manager

Tivoli® Access Manager trust association interceptors require the creation of a trusted user account in the shared LDAP user registry.

About this task

This account includes the ID and password that WebSEAL uses to identify itself to WebSphere® Application Server. To prevent potential vulnerabilities, do not use the sec_master ID as the trusted user account and ensure that the password you use is unique and generated randomly. Use the trusted user account for the TAI or TAI++ only.

Procedure

  1. Use either the Tivoli Access Manager pdadmin command-line utility or Web Portal Manager to create the trusted user. For example, from the pdadmin command line.
  2. Reference the code listed below as an example for creating a trusted user account.
  3. Reference the following additional resources for more information:
    1. Configuring WebSEAL for use with WebSphere Application Server
    2. Configuring Tivoli Access Manager plug-in for web servers for use with WebSphere Application Server

Example

pdadmin> user create webseal_userid webseal_userid_DN firstname 
         surname password

pdadmin> user modify webseal_userid account-valid yes
Task topic    

Terms and conditions for information centers | Feedback

Last updated: April 18, 2014 05:01 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-iseries&topic=tsec_step2_sso_tam_user_create
File name: tsec_sso_tam_user_create2.html