Why and when to perform this task
In a Network Deployment architecture, verify that all the managed servers, including node agents, are started. The following configuration is performed on the management server. When either Apply or OK is clicked, configuration information is checked for consistency, saved, and applied if successful. In Network Deployment environments, this configuration information is propagated to nodes when a synchronization is performed. Restart the nodes for the configuration changes to take effect.
To configure the Java Authorization Contract for Containers (JACC) provider for Tivoli Access Manager using the administrative console:
Steps for this task
Option | Description |
Enable embedded Tivoli Access Manager | enable |
Ignore errors during embedded Tivoli Access Manager disablement | This option is applicable only when reconfiguring an embedded Tivoli Access Manager client or when disabling an embedded Tivoli Access Manager client. When selected, errors are ignored during disablement of an embedded Tivoli Access Manager client. |
Client listening port set | WebSphere Application
Server needs to listen on a TCP/IP port for authorization database updates
from the policy server. More than one process can run on a particular node
and machine so a list of ports is required for the processes. Enter the ports
that are used as listening ports by Tivoli Access Manager clients, with each
entry on a new line. If you specify a range of ports, separate the lower and
higher values by a colon (:), as shown in the following example: 7999 |
Policy Server | Enter the name, the fully-qualified domain name, or the IP address of the Tivoli Access Manager policy server. Include the connection port. Use the form policy_server : port. The policy server communication port is set at the time of Tivoli Access Manager configuration – the default is 7135. |
Authorization Servers | Enter the name, the
fully-qualified domain name, or the IP address of the Tivoli Access Manager
authorization server. Use the form auth_server : port : priority.
The authorization server communication port is set at the time of Tivoli Access
Manager configuration – the default is 7136. More than one authorization server
can be specified by entering each server on a new line. Having more than one
authorization server configured is useful for failover and performance. The
priority value is the order of authorization server use. For example: auth_server1:7136:1 |
Administrator user name | Enter the Tivoli Access Manager administration user ID as created at the time of Tivoli Access Manager configuration. This ID is usually, sec_master. |
Administrator user password | Enter the Tivoli Access Manager administration password for the user ID identified previously. |
User registry distinguished name suffix | Enter the distinguished name suffix for the user registry for Tivoli Access Manager and WebSphere Application Server to share. For example: o=organization,c=country |
Security domain | More than one security domain can be created in Tivoli Access Manager with its own administrative user. Users, groups, and other objects are created within a specific domain and are not permitted to access resources in another domain. Enter the name of the Tivoli Access Manager security domain that is used to store WebSphere Application Server users and groups. If a security domain is not yet established at the time of Tivoli Access Manager configuration, leave the value as Default. |
Administrator user distinguished name | Enter the full distinguished name of the WebSphere Application Server user ID, as created for Tivoli Access Manager in Creating the security administrative user. For example, cn=wasadmin,o=organization,c=country. The name specified in this field must match the server user ID that is specified on the Lightweight Directory Access Protocol setting panel in the WebSphere Application Server administrative console. To access this panel, click Security > Global security. Under User registries, click LDAP. |
Result
After you click OK, WebSphere Application Server completes the following actions:What to do next
If the configuration is successful, the parameters are copied to all subordinate servers, including the node agents. To complete the embedded Tivoli Access Manager client configuration, you must restart all of the servers, including the host server, and enable WebSphere Application Server security.Related tasks
Creating the security administrative user
Related reference
Tivoli Access Manager JACC provider configuration