WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Tivoli Access Manager JACC provider configuration

The Tivoli Access Manager Java Authorization Contract for Containers (JACC) provider can be configured to deliver authentication and authorization protection for your applications or authentication only. Most deployments using the Tivoli Access Manager JACC provider will configure Tivoli Access Manager to provide both authentication and authorization functionality.

If you want Tivoli Access Manager to provide authentication but leave authorization as part of WebSphere Application Server's native security, add the following property to the amwas.amjacc.template.properties file located on the directory profiles/profile_name/cells/cell_name.

com.tivoli.pd.as.amwas.DisableAddAuthorizationTableEntry=true

Once this property is set, perform the tasks for setting Tivoli Access Manager Security as documented.

You can configure the Tivoli Access Manager JACC provider using either the WebSphere Application Server administrative console or the wsadmin command line utility.

Note:

Tivoli Access Manager JACC configuration files that are common across multiple WebSphere Application Server profiles are created by default under the java/jre directory. The user installing WebSphere Application Server will be given permissions to read and write to the files in this directory. On UNIX platforms, profiles created by users who are different to the user that installed the application will have read-only permissions for this directory. In addition, all users on the iSeries platform will have read-only access to this directory. This is not ideal as configuration of the Tivoli Access Manager JACC provider will fail in these situations.

To avoid this problem read and write permissions can be manually applied to the java/jre directory. For iSeries installations, however, the permissions for this directory cannot be changed. To avoid this situation the following property can be added to the profiles/profile_name/cells/cell_name/amwas.amjacc.template.properties file.

com.tivoli.pd.as.jacc.CommonFileLocation=new location

Where new location is a fully qualified directory name. This property sets the location of the Tivoli Access Manager JACC provider properties files that are common across profiles.

Note: The wsadmin command is available to reconfigure the Tivoli Access Manager Java Authorization Contract for Containers (JACC) interface:

$AdminTask reconfigureTAM -interactive

This command effectively prompts you through the process of unconfiguring the interface and then reconfiguring it.



Related tasks
Enabling embedded Tivoli Access Manager
Configuring the JACC provider for Tivoli Access Manager using the administrative console
Configuring the JACC provider for Tivoli Access Manager using the wsadmin utility

Reference topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/rsec_config_JACC_interface.html

© Copyright IBM Corporation 2004, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)