Creating a trusted user account in Tivoli Access Manager

Tivoli® Access Manager trust association interceptors require the creation of a trusted user account in the shared LDAP user registry.

About this task

This account includes the ID and password that WebSEAL uses to identify itself to WebSphere® Application Server. To prevent potential vulnerabilities, do not use the sec_master ID as the trusted user account and ensure that the password you use is unique and generated randomly. Use the trusted user account for the TAI or TAI++ only.

Procedure

  1. Use either the Tivoli Access Manager pdadmin command-line utility or Web Portal Manager to create the trusted user. For example, from the pdadmin command line.
  2. Reference the following code as an example for creating a trusted user account.
  3. Reference the following additional resources for more information:
    1. Configuring WebSEAL for use with WebSphere Application Server
    2. Configuring Tivoli Access Manager plug-in for web servers for use with WebSphere Application Server

Example

pdadmin> user create webseal_userid webseal_userid_DN firstname 
         surname password

pdadmin> user modify webseal_userid account-valid yes

Ícone que indica o tipo de tópico Tópico de Tarefa



Ícone de registro de data e hora Última atualização: July 9, 2016 7:56
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tsec_sso_tam_user_create2
Nome do arquivo: tsec_sso_tam_user_create2.html