Creating a trusted user account in Tivoli Access Manager

Tivoli® Access Manager trust association interceptors require the creation of a trusted user account in the shared LDAP user registry.

About this task

This account includes the ID and password that WebSEAL uses to identify itself to WebSphere® Application Server. To prevent potential vulnerabilities, do not use the sec_master ID as the trusted user account and ensure that the password you use is unique and generated randomly. Use the trusted user account for the TAI or TAI++ only.

Procedure

  1. Use either the Tivoli Access Manager pdadmin command-line utility or Web Portal Manager to create the trusted user. For example, from the pdadmin command line.
  2. Reference the following code as an example for creating a trusted user account.
  3. Reference the following additional resources for more information:
    1. Configuring WebSEAL for use with WebSphere Application Server
    2. Configuring Tivoli Access Manager plug-in for web servers for use with WebSphere Application Server

Example

pdadmin> user create webseal_userid webseal_userid_DN firstname 
         surname password

pdadmin> user modify webseal_userid account-valid yes

Icon that indicates the type of topic Task topic



Timestamp icon Last updated: March 5, 2017 17:29
File name: tsec_sso_tam_user_create2.html