WebSphere Portal, Express Beta Version 6.1
Operating systems: i5/OS, Linux,Windows

Configuring Tivoli Access Manager for authentication, authorization, and the Credential Vault

This file explains how to configure authentication, authorization, and the vault adapter together.

  1. Use a text editor to open the wkplc_comp.properties file, located in the following directory:
    Option Description
    Windows wp_profile\ConfigEngine
    Linux wp_profile/ConfigEngine
    i5/OS profiles/wp_profile/ConfigEngine
  2. Enter only the following parameters in the wkplc_comp.properties file under the AMJRTE connection parameters heading:
    1. For wp.ac.impl.PDAdminId, enter the user ID for the administrative Tivoli Access Manager user.
    2. For wp.ac.impl.PDAminPwd, enter the password for the administrative Tivoli Access Manager user.
    3. For wp.ac.impl.PDPermPath, enter the location of the Tivoli Access Manager AMJRTE properties file.
  3. Save your changes to the wkplc_comp.properties file.
  4. Run the following validation task:
    Option Description
    Windows ConfigEngine.bat validate-pdadmin-connection -Dwp.ac.impl.PDAminPwd=password from the wp_profile\ConfigEngine directory
    Linux ./ConfigEngine.sh validate-pdadmin-connection -Dwp.ac.impl.PDAminPwd=password from the wp_profile/ConfigEngine directory
    i5/OS ConfigEngine.sh -profileName profile_root validate-pdadmin-connection -Dwp.ac.impl.PDAminPwd=password from the profiles/wp_profile/ConfigEngine directory, where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal Express is installed.
  5. Use a text editor to open the wkplc_comp.properties file, located in the following directory:
    Option Description
    Windows wp_profile\ConfigEngine
    Linux wp_profile/ConfigEngine
    i5/OS profiles/wp_profile/ConfigEngine
  6. Enter only the following parameters in the wkplc_comp.properties file under the Namespace management parameters heading:
    1. For wp.ac.impl.EACserverName, type the Namespace context information to further distinguish externalized portal role names from other roll names in the Tivoli Access Manager namespace.
      Note: If set, wp.ac.impl.EACcellName and wp.ac.impl.EACappname must also be set.
    2. For wp.ac.impl.EACcellName, type the Namespace context information to further distinguish externalized portal role names from other roll names in the Tivoli Access Manager namespace.
      Note: If set, wp.ac.impl.EACserverName and wp.ac.impl.EACappname must also be set.
    3. For wp.ac.impl.EACappname, type the Namespace context information to further distinguish externalized portal role names from other roll names in the Tivoli Access Manager namespace.
      Note: If set, wp.ac.impl.EACcellName and wp.ac.impl.EACservername must also be set.
    4. For wp.ac.impl.reorderRoles, type false to keep the role order or true to reorder the roles by resource type first.
  7. For wp.ac.impl.TamHost under the SvrSslCfg command parameter heading in the wkplc_comp.properties file, type the Tivoli Access Manager Policy Server used when running PDJrteCfg.
  8. Enter only the following parameters in the wkplc_comp.properties file under the WebSEAL junction parameters heading:
    1. For wp.ac.impl.JunctionType, type tcp or ssl to define the type of junction to be created in Tivoli Access Manager.
    2. For wp.ac.impl.JunctionPoint, type the WebSEAL junction point to the WebSphere Portal Express installation.
      Note: This parameter must begin with the / character.
    3. For wp.ac.impl.WebSealInstance, type the WebSEAL installation used to create the junction.
    4. For wp.ac.impl.TAICreds, type the headers inserted by WebSEAL that the TAI uses to identify the request as originating from WebSEAL.
  9. Enter only the following parameters in the wkplc_comp.properties file under the WAS WebSEAL TAI parameters heading:
    1. Optional: For wp.ac.impl.hostnames, type the hostname that sets the WebSEAL TAI's hostname parameter.
    2. Optional: For wp.ac.impl.ports, type the port used to set the WebSEAL TAI's ports parameter.
    3. For wp.ac.impl.loginId, type the reverse proxy identity used when you create a TCP junction.
    4. For wp.ac.impl.BaUserName, type the reverse proxy identity used when you create an SSL junction.
    5. For wp.ac.impl.BaPassword, type the password for the wp.ac.impl.BaUserName.
  10. Enter only the following parameters in the wkplc_comp.properties file under the Portal authorization parameters heading:
    1. For wp.ac.impl.PDRoot, type the root objectspace entry in the Tivoli Access Manager namespace. All Portal roles will be installed under this objectspace entry. If you will be using Tivoli Access Manager for multiple profiles, choose a unique name for each root objectspace entry to easily distinguish one entry from another profile entry.
    2. For wp.ac.impl.PDAction, type the Custom Action created by the Tivoli Access Manager external authorization plugin. The combination of the action group and the action determines the Tivoli Access Manager permission string required to assign membership to externalized portal roles.
    3. For wp.ac.impl.PDActionGroup, type the Custom Action group created by the Tivoli Access Manager external authorization plugin. The combination of the action group and the action determines the Tivoli Access Manager permission string required to assign membership to externalized portal roles.
    4. For wp.ac.impl.PDCreateAcl, type true to automatically create and attach a Tivoli Access Manager ACL when WebSphere Portal Express externalizes a role or false to not create and attach a Tivoli Access Manager ACL when WebSphere Portal Express externalizes a role.
  11. Enter only the following parameters in the wkplc_comp.properties file under the Portal vault parameters heading:
    1. For wp.ac.impl.vaultType, type the new vault type identifier representing the Tivoli GSO lockbox vault.
    2. For wp.ac.impl.vaultProperties, type the file to used to configure the vault with Tivoli Access Manager specific user and SSL connection information.
    3. For wp.ac.impl.manageResources, type true if the credential vault or any custom portlets are allowed to create new resource objects in Tivoli Access Manager or type false to allow only the Tivoli Access Manager administrator to define the accessible resources to associate users with from the command line or graphical user interface.
    4. For wp.ac.impl.readOnly, type true to allow credential vault or any custom portlets to modify the secrets stored in Tivoli Access Manager or false to allow only the Tivoli Access Manager administrator to modify the secrets from the command line or graphical user interface.
  12. Run the following validation task:
    Option Description
    Windows ConfigEngine.bat enable-tam-all from the wp_profile\ConfigEngine directory
    Linux ./ConfigEngine.sh enable-tam-all from the wp_profile/ConfigEngine directory
    i5/OS ConfigEngine.sh -profileName profile_root enable-tam-all from the profiles/wp_profile/ConfigEngine directory, where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal Express is installed.
    Note: If the configuration task fails, validate the values in the wkplc_comp.properties file.
  13. Save your changes to the wkplc_comp.properties file.
Parent topic: Configuring Tivoli Access Manager
Library | Support | Terms of use |

Last updated: Wednesday, February 20, 2008 10:51am EST

Copyright IBM Corporation 2000, 2008. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)