Tivoli Access Manager JACC provider settings
Use this page to configure the Java Authorization Contract for Container (JACC) provider for Tivoli Access Manager.
To view the JACC provider settings for TAM, click...
Security | Global security | Authorization Providers | External JACC provider | TAM Properties
Configuration tab
- Enable embedded TAM
Enables or disables the embedded TAM client configuration.
Default: Disabled Range: Enabled or Disabled - Ignore errors during embedded TAM disablement
When selected, errors are ignored during disablement of the embedded TAM client.
This option is applicable only when reconfiguring an embedded Tivoli Access Manager client or disabling an embedded TAM.
Default: Disabled Range: Enabled or Disabled - Client listening port set
Enter the ports that are used as listening ports by TAM clients.
WebSphere Application Server needs to listen on a TCP/IP port for authorization database updates from the policy server. More than one process can run on a particular node and machine so a list of ports is required for use by the processes. If a range of ports is to be specified, separate the lower and higher values by a colon (:). Single ports and port ranges are specified on separate lines. An example list might look like the following example:
7999
9990:9999Note: Each of the servants might need to open up a listener port.
- Policy server
Enter the name, fully-qualified domain name, or IP address of the TAM policy server and the connection port.
Use the form policy_server:port. The policy server communication port was set at the time of TAM configuration. The default is 7135.
- Authorization servers
Enter the name, fully-qualified domain name, or IP address of the TAM authorization server. Use the form auth_server:port:priority.
The authorization server communication port was set at the time of Tivoli Access Manager configuration - default is 7136. More than one authorization server can be specified by entering each server on a new line. Having more than one authorization server configured is useful for failover and performance. The priority value is the order of authorization server use. For example:
auth_server1.mycompany.com:7136:1
auth_server2.mycompany.com:7137:2A priority (of 1) is still required when configuring against a single authorization server.
- Administrator user name
Enter the TAM administration user ID, as created at the time of TAM configuration. This ID is usually, sec_master.
- Administrator user password
Enter the TAM administration password for the user ID entered in the Administrator user name field.
- User registry distinguished name suffix
Enter the distinguished name suffix for the user registry to share between TAM and WebSphere Application Server. For example:
o=organization,c=country- Security domain
Name the TAM security domain that is used to store WAS users and groups.
Specification of the TAM domain is required as more than one security domain can be created in TAM with its own administrative user. Users, groups, and other objects are created within a specific domain and are not permitted to access resources in another domain. If a security domain is not established at the time of TAM configuration, leave the value as Default.
Default: Default - Administrator user distinguished name
Enter the full, distinguished name of the WAS security administrator ID. For example,...
cn=wasadmin,o=organization,c=country