Remove Tivoli Access Manager from the WebSphere Portal environment

 

+

Search Tips   |   Advanced Search

 

To remove IBM Tivoli Access Manager for e-business from the IBM WebSphere Portal environment. After performing this procedure, the following changes occur:

• IBM WAS handles authentication for WebSphere Portal

• WebSphere Portal handles authorization for its resources

1. If you used the credential vault adapter for Tivoli Access Manager, remove the vault adapter and its associated segments. You must perform these steps in the specified order:
   1. Use the Credential Vault portlet to remove any segments added since installation.

      Do not remove DefaultAdminSegment.

   2. In the Credential Vault Service configuration, remove the Vault.AccessManager Credential Vault Adapter implementation properties, including class, config, manager, and readonly, as described in Setting configuration properties.

      The systemcred.dn property cannot be removed.

   3. Remove the file named accessmanagervault.properties from the portal_server_root/shared/app/config directory.

2. If you used Tivoli Access Manager for authorization, use the following steps:
   1. Change the authentication.execute.portal.jaas.login property to false in Authentication Service, as described in Setting configuration properties.

   2. Change the enableExternalization property to false in Access Control Config Service, as described in Setting configuration properties. This will prevent the Externalize/Internalize icon from appearing in the Portal Admin Access portlet once Tivoli Access Manager is removed.

   3. Use either the Resource Permissions portlet or the XML configuration interface to internalize any resources managed by Tivoli Access Manager.

   4. Edit the services.properties file found in directory portal_server_root /shared/app/config, find the value com.ibm.wps.services.ac.ExternalAccessControlService, and modify it to be com.ibm.wps.ac.impl.ExternalAccessControlDefaultImpl.

3. If you previously disabled the ability to create users through WebSphere Portal, now restore it by re-enabling WebSphere Portal auto-registration. Restore the backup copy of the was_profile_root/installedApps/hostname/wps.ear/wps.war/themes/html/theme_name/ToolBarInclude.jsp file that is located in the subdirectory of each theme.

4. If you used Tivoli Access Manager for authentication, use the WebSphere Application Server Administrative Console to disable the WebSEAL TAI:
   1. In the WebSphere Application Server Administrative Console, click...

      Security | Global security | Authentication | Authentication mechanisms | LTPA | Trust Association

   2. Deselect the Trust Association Enabled check box.

   3. Click OK ; then click Save.

5. If you enabled user provisioning to Tivoli Access Manager, go to Disable user provisioning.

6. Restart WebSphere Application Server.

7. Optional: Prepare to manage Tivoli Access Manager resources more efficiently. Remove all junction points, access control lists (ACLs), protected objectspace entries (POS entries), custom actions and custom action groups.

8. Optional: To remove the connection to Tivoli Access Manager, run the run-svrssl-unconfig configuration task to deregister the WebSphere Application Server and WebSphere Portal Server Java Virtual Machine (JVM) fromTivoli Access Manager.

9. If necessary, uninstall any Tivoli Access Manager components.

Related information:

• WebSphere Application Server product documentation

• Tivoli Access Manager product documentation

• Disable user provisioning
  

 

Parent Topic

Using Tivoli Access Manager with WebSphere Portal

 

---