com.tivoli.pd.jcfg.SvrSslCfg utility for TAM single sign-on



The SvrSslCfg utility is used to configure WAS with a Tivoli Access Manager server.

Run the svrsslcfg script first on the dmgr and then on the other nodes in the cell.

java com.tivoli.pd.jcfg.SvrSslCfg
     -action {config | unconfig} 
     -admin_id admin_user_ID 
     -admin_pwd admin_password 
     -appsvr_id application_server_name 
     -appsvr_pwd application_server_password 
     -host host_name_of_application_server 
     -policysvr policy_server_name:port:rank [,...] 
     -authzsvr authorization_server_name:port:rank [,...] 
     -cfg_file fully_qualified_name_of_configuration_file 
     -domain Tivoli_Acccess_Manager_domain 
     -key_file fully_qualified_name_of_keystore_file 
     -cfg_action {create|replace}





After the successful configuration of a TAM Java appserver, SvrSslCfg creates a user account and server entries representing the Java appserver in the TAM user registry. In addition, SvrSslCfg creates a configuration file and a Java key store file, which securely stores a client certificate, locally on the appserver. This client certificate permits callers to make authenticated use of TAM services. Conversely, reconfiguration removes the user and server entries from the user registry and cleans up the local configuration and keystore files.

The contents of an existing configuration file can be modified by using the SvrSslCfg utility. The configuration file and the key store file must already exist when calling SvrSslCfg with all options other than -action config or -action unconfig.

The following options are parsed and processed into the configuration file, but are otherwise ignored in this version of TAM: The host name is used to build a unique name (identity) for the application. The pdadmin user list command displays the application identity name in the following format:


The pdadmin server list command displays the server name in a slightly different format:




CLASSPATH=${WAS_HOME}/java/jre/lib/ext/PD.jar:${WAS_CLASSPATH} java \
-cp ${CLASSPATH} \
-Dpd.cfg.home= ${WAS_HOME}/java/jre \
-Dfile.encoding=ISO8859-1 \
-Dws.output.encoding=CP1047 \
-Xnoargsconversion \
 com.tivoli.pd.jcfg.SvrSslCfg \
-action config \
-admin_id sec_master \
-admin_pwd $TAM_PASSWORD \
-appsvr_id $APPSVR_ID \
-policysvr ${TAM_HOST}:7135:1 \
-port 7135 \
-authzsvr ${TAM_HOST}:7136:1 \
-mode remote \
-cfg_file ${CFG_FILE} \
-key_file ${KEY_FILE} \
-cfg_action create


Related tasks

Set single sign-on capability with TAM or WebSEAL