+

Search Tips   |   Advanced Search

Tivoli Access Manager JACC provider settings

Use this page to configure the Java Authorization Contract for Container (JACC) provider for Tivoli Access Manager.

When a third-party authorization such as Tivoli Access Manager or SAF for z/OS is used, the information in the console panel might not represent the data in the provider. Also, any changes to the panel might not be reflected in the provider automatically. Follow the provider's instructions to propagate any changes made to the provider. To view the JACC provider settings for Tivoli Access Manager, complete the following steps:

  1. Click Security > Secure administration, applications, and infrastructure.

  2. Under Authentication, click External authorization providers.

  3. Under Related items, click External JACC provider.

  4. Under Additional properties, click Tivoli Access Manager Properties.

 

Configuration tab

Enable embedded Tivoli Access Manager

Enables or disables the embedded Tivoli Access Manager client configuration.

Default: Disabled
Range: Enabled or Disabled

To disable Tivoli Access Manager as the JACC provider, clear this option and also select Default authorization.

Ignore errors during embedded Tivoli Access Manager disablement

When selected, errors are ignored during disablement of the embedded Tivoli Access Manager client.

This option is applicable only when re-configuring an embedded Tivoli Access Manager client or disabling an embedded Tivoli Access Manager.

Default: Disabled
Range: Enabled or Disabled

Client listening port set

Enter the ports that are used as listening ports by Tivoli Access Manager clients. The appserver needs to listen on a TCP/IP port for authorization database updates from the policy server. More than one process can run on a particular node and machine, so a list of ports is required for use by the processes. If you specify a range of ports, separate the lower and higher values by a colon (:). Single ports and port ranges are specified on separate lines. An example list might look like the following example:

7999
8900:8999

Each of the servants might need to open up a listener port.

Policy server

Enter the name, fully-qualified domain name, or IP address of the Tivoli Access Manager policy server and the connection port.

Use the form policy_server:port. The policy server communication port was set at the time of the Tivoli Access Manager configuration. The default is 7135.

Authorization servers

Enter the name, fully-qualified domain name, or IP address of the Tivoli Access Manager authorization server. Use the form, auth_server:port:priority. The authorization server communication port is set at the time of Tivoli Access Manager configuration. The default is 7136. You can specify more than one authorization server by entering each server on a new line. Configuring more than one authorization server provides for failover. The priority value is the order of authorization server use. For example: 

auth_server1.mycompany.com:7136:1 auth_server2.mycompany.com:7137:2
A priority of 1 is still required when configuring a single authorization server.

Administrator user name

Enter the Tivoli Access Manager administration user ID, as created at the time of Tivoli Access Manager configuration. This ID is usually, sec_master.

Administrator user password

Enter the Tivoli Access Manager administration password for the user ID that is entered in the Administrator user name field.

User registry distinguished name suffix

Enter the distinguished name suffix for the user registry to share between Tivoli Access Manager and the appserver. For example: o=organization,c=country

Security domain

Enter the name of the Tivoli Access Manager security domain that is used to store appserver users and groups.

Specification of the Tivoli Access Manager domain is required because more than one security domain can be created in Tivoli Access Manager with its own administrative user. Users, groups, and other objects are created within a specific domain and are not permitted to access resources in another domain. If a security domain is not established at the time of Tivoli Access Manager configuration, leave the value as Default.

Default: Default

Administrator user distinguished name

Enter the fully distinguished name of the security administrator ID for the appserver. For example, cn=wasadmin,o=organization,c=country



 

Related tasks


Configure the JACC provider for Tivoli Access Manager using the administrative console

 

Reference topic