Create a trusted user account in Tivoli Access Manager



Search Tips   |   Advanced Search


Tivoli Access Manager trust association interceptors require the creation of a trusted user account in the shared LDAP user registry.

This account includes the ID and password that WebSEAL uses to identify itself to WAS. To prevent potential vulnerabilities, do not use the sec_master ID as the trusted user account and verify the password you use is unique and generated randomly. Use the trusted user account for the TAI or TAI++ only.

  1. Use either the TAM pdadmin command-line utility or Web Portal Manager to create the trusted user. For example, from the pdadmin command line.

  2. Reference the code listed below as an example for creating a trusted user account.

  3. Reference the following additional resources for more information:

    1. Set WebSEAL for use with WAS
    2. Set TAM plug-in for Web servers for use with WAS



pdadmin> user create webseal_userid webseal_userid_DN firstname surname password

pdadmin> user modify webseal_userid account-valid yes


Related tasks

Set single sign-on capability with TAM or WebSEAL