# Licensed Materials - Property of IBM, 5724-E76, (C) Copyright IBM Corp. 2004 - All Rights reserved. # ------------------------------------------------- # # Properties of the External Access Control Service # # ------------------------------------------------- # ## This flag indicates whether the configuration in this file ## has been configured to connect to the External Security Manager externalaccesscontrol.ready=false ## Rolenames representations are qualified with a context built ## by the following parameters. For example, the Administrator@External_Access_Control/xxx/xxx ## is represented in the following ways: ## ## TAM: Protected object space entry ## /WPSv5/Administrator@External_Access_Control/xxx/xxx/WPS/WebSphere_Portal/cell ## ## SiteMinder: ## resource/subrealms under Domain: WebSphere Portal v5 ## /cell/WebSphere_Portal/WPS/Administrator@External_Access_Control/xxx/xxx #externalaccesscontrol.server=WebSphere_Portal #externalaccesscontrol.application=WPS #externalaccesscontrol.cell=cell ## --------------------------------------- ## Access Manager configuration ## ---------------------------------------- ## After completing the PDJRTE and SrvSslCfg configuration, ## the following directives are needed to ## allow WP to use Access Manager as an External Security Manager ## Provide the root of your Protected Object Space for Portal Server entries #externalaccesscontrol.pdroot=/WPSv5 ## Provide and administrative user and password with adequate rights in ## Tivoli to create, delete, modify the objects in the Protected Object Space. ## You can use the WAS PropFilePasswordEncoder utility to mask the password. ## Using PropFilePasswordEncoder will remove any comments and uncommented properties, ## so create a backup copy of this file for future reference. ## Example: <WAS_ROOT>/bin/PropFilePasswordEncoder ## <WPS_ROOT>/shared/app/config/services/ExternalAccessControlService.properties ## externalaccesscontrol.pdpw ## *NOTE* this command is on 3 lines in this file, but should be typed on 1 line ## in a command window. #externalaccesscontrol.pduser=sec_master #externalaccesscontrol.pdpw=passw0rd ## Specify the location of the Access Manager propeties file for PDJRTE ## This URL must be in the format file:///<path to properties file. http:// ## urls are not supported. externalaccesscontrol.pdurl=file:///c:/WebSphere/AppServer/java/jre/PdPerm.properties ## (optional) Specify whether to create ACLs in Access Manager for roles stored externally ## If this value is set to false, the Access Manager administrator will be responsible ## for all ACL linkages between TAM and WP ## values: ## true - if an TAM ACL will be created for EVERY resource ## false - if no ACLs will be created for WP objects #externalaccesscontrol.createAcl=true ## (optional) Specify the action group and the customized actions to map to Portal ## role membership. If these items do not exist, they will be created at startup ## default values: ## externalaccesscontrol.pdactiongroup=[WPS] ## externalaccesscontrol.pdAction=m #externalaccesscontrol.pdactiongroup=[WPS] #externalaccesscontrol.pdaction=m ## ------------------------------------------------- ## Siteminder Policy Server info ## ------------------------------------------------- ## The following directives will be used to configure ## the connection between WPS and the Policy Server. ## Domain name to be created in the SiteMinder administrative GUI. All Realms and sub-realms ## will be created under this domain. This domain will be created when starting WP. #externalaccesscontrol.domainname=WebSphere Portal v5 ## Scheme to associate with the realms. This scheme must be defined in SiteMinder before ## starting WP. The default value is Basic. #externalaccesscontrol.scheme=Basic ## Agent name and secret to establish a runtime connection with SiteMinder ## The agent should be a webagent with a static shred secret, so Web Agents ## later than version 4.6 should enable "supports 4.x agents". ## You can use the WAS PropFilePasswordEncoder utility to mask the password. ## Using PropFilePasswordEncoder will remove any comments and uncommented properties, ## so create a backup copy of this file for future reference. ## Example: <WAS_ROOT>/bin/PropFilePasswordEncoder ## <WPS_ROOT>/shared/app/config/services/ExternalAccessControlService.properties ## externalaccesscontrol.agentsecret ## *NOTE* this command is on 3 lines in this file, but should be typed on 1 line ## in a command window. #externalaccesscontrol.agentname=wpsagent #externalaccesscontrol.agentsecret=passw0rd ## Administrative user to create, delete, modify SiteMinder objects to ## represent WP roles. This user must have sufficient access to Domain ## level objects in SiteMinder. ## You can use the WAS PropFilePasswordEncoder utility to mask the password. ## Using PropFilePasswordEncoder will remove any comments and uncommented properties, ## so create a backup copy of this file for future reference. ## Example: <WAS_ROOT>/bin/PropFilePasswordEncoder ## <WPS_ROOT>/shared/app/config/services/ExternalAccessControlService.properties ## externalaccesscontrol.password ## *NOTE* this command is on 3 lines in this file, but should be typed on 1 line ## in a command window. #externalaccesscontrol.admin=siteminder #externalaccesscontrol.password=passw0rd ## User Directory associated with the domain. Failover may be configured ## for user directories in the Siteminder administrative GUI. Usre directory must ## exist before starting WP. #externalaccesscontrol.userdir=User Directory 1 ## Whether the ESM subsystem should switch to another Policy Server if it cannot contact ## the current one. Values are true and false. ## This property may be specifed as either "exteralaccesscontrol.failOver" or ## "exteralaccesscontrol.failover". ## NOTE: It is important that this value and the number of Policy Server IP addresses ## specified on the "servers" property be carefully coordinated. If multiple Policy Server ## addresses are specified on the "servers" property, and this property is ## set to false, then the Netegrity Agent API will follow round-robin load balancing, ## "spraying" requests between the configured Policy Servers. ## This may be appropriate for a TAI which is only doing "read" operations from ## the Policy Server(s), but not for write operations . ## If you have multiple servers defined in the externalaccesscontrol.servers property, ## set failOver to true. #externalaccesscontrol.failOver=false # Specifies the IP Addresses of all the Policy Servers. Multiple addresses are # to be comma delimited. # # Example: servers=10.0.0.1,10.0.0.2 #externalaccesscontrol.servers= # For each server, the following properties may be defined. In order to # differentiate each server's settings, the keys are in the following format: # # <Server IP Address>.<key> # # If any are omitted, then the defaults are assumed. # # The keys are: # accountingPort: Accounting Port for the Policy Server. Default is 44441. # authenticationPort: Authentication Port for the Policy Server. Default # is 44442. # authorizationPort: Authorization Port for the Policy Server. # Default is 44443. # connectionMax: Maximum number of connections the Authorization service may make to this # Policy Server. Default is 10. # connectionMin: Initial number of connections the Authorization service will establish with # the Policy Server. Default is 1. # connectionStep: Number of connections to allocate when the Authorization service is out of # connections to the Policy Server. Default is 1. # timeout: Connection timeout in seconds. Default is 20. # # Example for server 10.0.0.1: # 10.0.0.1.accountingPort=44441 # 10.0.0.1.authenticationPort=44442 # 10.0.0.1.authorizationPort=44443 # 10.0.0.1.connectionMax=30 # 10.0.0.1.connectionMin=10 # 10.0.0.1.connectionStep=5 # 10.0.0.1.timeout=60
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.
Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.