com.tivoli.pd.jcfg.PDJrteCfg utility for Tivoli Access Manager single sign-on

com.tivoli.pd.jcfg.PDJrteCfg utility for Tivoli Access Manager single sign-on

The com.tivoli.pd.jcfg.PDJrteCfg utility configures the Java Runtime Environment component for Tivoli Access Manager. This utility enables Java applications to use the Tivoli Access Manager policy and authorization servers.

Purpose

Important: For the WAS Network Deployment product, run the pdjrtecfg utility first on the deployment manager. Then, run the script on the other nodes in the cell.

(iseries) Steps

To run the pdjrtecfg script, perform the following steps:

Log into the system with a user profile and the all object (*ALLOBJ) authority.

On the command line, enter the Start Qshell (STRQSH) command.

Change to the /bin subdirectory of WAS. For example:
cd app_server_rootND/bin

Run the script. For example:

pdjrtecfg -action config -profileName myprofile -host mypolicy.mycompany.com -config_type full

The previous example was split onto multiple lines for illustrative purposes only.

Syntax

java com.tivoli.pd.jcfg.PDJrteCfg -action {config | unconfig} -host policy_server_host -was -java_home jre_path

(zos) Syntax
java com.tivoli.pd.jcfg.PDJrteCfg -action {config | unconfig} -cfgfiles_path
configuration_file_path -host policy_server_host -was -java_home jre_path
(iseries) Syntax

The following syntax diagram shows the usage of the pdjrtecfg script:
pdjrtecfg
    -action config
          -profileName profile_name
          -host policy_server_name
          -config_type { full | standalone }
          -cfgfiles_path configuration_file_path
    -action unconfig
          -profileName profile_name
Parameters

-action {config|unconfig}

Action to be performed. Actions include:

alt_config

Notifies Tivoli Access Manager Runtime for Java to access and update the PD.jar file at the location specified by parameter -cfgfiles_path. To use -alt_config, set -cfgfiles_path.

config

Use to configure the Access Manager Java Runtime Environment component.

unconfig

Use to reconfigure the Access Manager Java Runtime Environment component.

-cfgfiles_path

Specifies where the generated configuration files will be placed.
(zos)(iseries) Note: Required.

(iseries) -config_type {full|standalone}

Configuration type of Java Runtime Environment for Tivoli Access Manager. Specify full or standalone with this argument. This option is required.

-host policy_server_host

Policy server host name.
Valid values for policy_server_host include any valid IP host name.
Examples include:
host = libra
host = libra.dallas.ibm.com

(dist)(zos) -was

Notifies Tivoli Access Manager Runtime for Java that the WAS version is being configured so it is not necessary to perform certain steps such as copying the Java security jar files and PD.jar file since they were already placed in the appropriate directory by the WAS installer.

(iseries) -profileName

Name of the WAS profile. If not specified, the default profile is used.

(dist)(zos) -java_home jre_path

Fully qualified path to the Java runtime (such as the directory ending in jre). If this parameter is not specified, the home directory for the jre in the PATH statement is used. If the home directory for the jre is not in the PATH statement, this utility can create an incorrect parameter in the output files.

Comments

This command copies Tivoli Access Manager Java libraries to a library extensions directory that exists for a Java runtime that has already been installed on the system.
We can install more than one Java Runtime Environment (JRE) on a given machine. The pdjrtecfg command can be used to configure the Tivoli Access Manager Java Runtime Environment component independently for each of the JRE configurations.
Before running the PDJrteCfg utility, run "setupCmdLine.sh and set ${TIV_HOME} and ${TAM_HOST} as system environment variables. (dist)
${JAVA_HOME}/java/jre/bin/java
-Djava.ext.dirs=${TIV_HOME}/java/jre/lib/ext
-Dfile.encoding=ISO8859-1 \
-Xnoargsconversion \
-Dwas.install.root=${WAS_HOME}
-Dpd.home=${TIV_HOME}/PolicyDirector
-cp ${TIV_HOME}/PD.jar
com.tivoli.pd.jcfg.PDJrteCfg \
-action config
-was
-java_home ${WAS_HOME}/java/jre
-host ${TAM_HOST}
-port 7135
-cfgfiles_path ${TIV_HOME}/
-alt_config
-config_type full
(zos)
${JAVA_HOME}/bin/java \  -Djava.ext.dirs=${TIV_HOME}/java/jre/lib/ext
-Dfile.encoding=ISO8859-1 \  -Xnoargsconversion \
-Dwas.install.root=${WAS_HOME}
-Dpd.home=${TIV_HOME}/PolicyDirector
-cp ${TIV_HOME}/PD.jar
com.tivoli.pd.jcfg.PDJrteCfg \
-action config
-was
-java_home ${WAS_HOME}/java/jre
-host ${TAM_HOST}
-port 7135
-cfgfiles_path ${TIV_HOME}/
-alt_config
-config_type full
where:

-Dpd.home

Indicates where Tivoli Access Manager Runtime for Java has been installed. For WebSphere Application Server, this is java.home/PolicyDirector

-Dwas.install.root

Indicates the root directory where the Java Runtime Environment component has been installed.

Related tasks

Configure single sign-on capability with Tivoli Access Manager or WebSEAL

Related information:

Application Programming Interface documentation for IBM Tivoli Access Manager V2R1
The pdjrtecfg utility for IBM Tivoli Access Manager V2R1