Removing Tivoli Access Manager from the WebSphere Portal environment


Follow these steps to remove Tivoli Access Manager from the WebSphere Portal environment. After performing this procedure, the following changes occur:

  • WebSphere Application Server handles authentication for WebSphere Portal

  • WebSphere Portal handles authorization for its resources

  1. If you used the credential vault adapter for Tivoli Access Manager, remove the vault adapter and its associated segments. perform these steps in the specified order:

    1. Use the Credential Vault portlet to remove any segments added since installation. ( Do not remove DefaultAdminSegment.) See the Credential Vault portlet help for information.

    2. Find the wp_root/shared/app/config/services/VaultService.properties file and make a backup copy.

    3. Remove the AccessManager vault type types property in the wp_root/shared/app/config/services/VaultService.properties file.

  2. If you used Tivoli Access Manager for authorization, use the following steps:

    1. Find the wp_root/shared/app/config/services.properties file and create a backup copy.

    2. Change the com.ibm.wps.services.ac.ExternalAccessControlService property to com.ibm.wps.ac.impl.ExternalAccessControlDefaultImpl in the wp_root/shared/app/config/services.properties file.

    3. Find the wp_root/shared/app/config/services/AuthenticationService.properties file and make a backup copy.

    4. Change the authentication.execute.portal.jaas.login property to false in the wp_root/shared/app/config/services/AuthenticationService.properties file.

    5. Use either the Resource Permissions portlet or the XML configuration interface to internalize any resources managed by Tivoli Access Manager.

  3. If you previously disabled the ability to create users through WebSphere Portal, now restore it.

    1. Re-enable WebSphere Portal auto-registration. Restore the backup copy of the was_root/installedApps/hostname/wps.ear/wps.war/themes/html/theme_name/ToolBarInclude.jsp file that is located in the subdirectory of each theme.

    2. Re-enable the Manage Users and Groups portlet manipulation of users by restoring the backup copy of the wp_root/installedApps/Principals manager (PA_1_0_3K).ear/PA_1_0_3K.war/WEB-INF/jsp/groupmembers.jsp file.

  4. If you used Tivoli Access Manager for authentication, use the WebSphere Application Server Administrative Console to disable the WebSEAL TAI:

    1. In the WebSphere Application Server Administrative Console, click Security Authentication mechanisms LTPA. Click Trust Association under Additional Properties.

    2. Deselect the Trust Association Enabled check box.

    3. Click OK; then click Save.

    4. Restart WebSphere Application Server.

  5. If you used Tivoli Access Manager for authentication, reverse any changes that you made to the login and logout pages:

    • Restore the backup copies of the was_root/installedApps/node_name/wps.ear/wps.war/themes/html/theme_name/ToolBarInclude.jsp files in the appropriate themes subdirectories.

    • Restore the backup copy of the was_root/installedApps/node_name/wps.ear/wps.war/WEB-INF/web.xml file.

    • Restore the backup copy of the <wp_root>/shared/app/config/services/ConfigService.properties file.

  6. Restart WebSphere Application Server.

  7. If necessary, uninstall any Tivoli Access Manager components.

 

See also

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.

 

Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.