WAS v8.5 > Script the application serving environment (wsadmin) > Scripting for security > Configure security with scripting

Configure the JACC provider for Tivoli Access Manager using the wsadmin utility

We can use the wsadmin utility to configure Tivoli Access Manager security for WebSphere Application Server.

  1. Start WAS.
  2. Start wsadmin-line utility.

    Run wsadmin from the app_server_root/bin directory.

  3. At the wsadmin prompt, enter the following command:

    $AdminTask configureTAM -interactive

    Commands for configuring, reconfiguring, and unconfiguring Tivoli Access Manager. The following table lists the information that you are asked to provide for the configureTAM command. The table also lists the properties that apply to the unconfigureTAM and reconfigureTAM commands.

    Property Default Relevant command Description
    Websphere Application Server node name *

    • configureTAM
    • reconfigureTAM
    • unconfigureTAM

    Specify a single node on which to run the configuration task.

    Tivoli Access Manager Policy Server Default port: 7135

    • configureTAM
    • reconfigureTAM

    		Enter the name of the Tivoli Access Manager policy server and the connection port. Use the format, policy_server : port. The policy server communication port is set at the time of Tivoli Access Manager configuration.
    Tivoli Access Manager Authorization Server Default port: 7136

    • configureTAM
    • reconfigureTAM

    		Enter the name, port, and priority of each configured Tivoli Access Manager authorization server. Use the format auth_server : port : priority. The authorization server communication port is set at the time of Tivoli Access Manager configuration. We can specify more than one authorization server by separating the entries with commas. Having more than one authorization server configured is useful for failover and performance. The priority value is the order of authorization server use. For example: auth_server1:7136:1,auth_server2:7137:2. A priority of 1 is still required when we use a single authorization server.
    Websphere Application Server administrator's distinguished name  

    • configureTAM
    • reconfigureTAM

    		Enter the full distinguished name of the security primary administrator ID for WAS as created in Create the security administrative user for Tivoli Access Manager. For example: cn=wasadmin,o=organization,c=country
    Tivoli Access Manager user registry distinguished name suffix  

    • configureTAM
    • reconfigureTAM

    		Enter the suffix that we have set up in the user registry to contain the user and groups for Tivoli Access Manager. For example: o=organization,c=country
    Tivoli Access Manager administrator's user name sec_master

    • configureTAM
    • reconfigureTAM
    • unconfigureTAM

    		Enter the Tivoli Access Manager administration user ID created when we configured Tivoli Access Manager. This ID is usually sec_master.
    Tivoli Access Manager administrator's user password  

    • configureTAM
    • reconfigureTAM
    • unconfigureTAM

    		Enter the password associated with the Tivoli Access Manager administration user ID.
    Tivoli Access Manager security domain Default

    • configureTAM
    • reconfigureTAM

    		Enter the name of the Tivoli Access Manager security domain used to store users and groups. If a security domain is not already established at the time of Tivoli Access Manager configuration, click Return to accept the default.
    Embedded Tivoli Access Manager listening port set 8900:8999

    • configureTAM
    • reconfigureTAM

    		WAS needs to listen on a TCP/IP port for authorization database updates from the policy server. More than one process can run on a particular node and machine so a list of ports is required for the processes. Enter the ports used as listening ports by Tivoli Access Manager clients, separated by a comma. If we specify a range of ports, separate the lower and higher values by a colon. For example, 7999, 9990:9999.
    Defer No

    • configureTAM
    • reconfigureTAM
    • unconfigureTAM

    		Set this option to yes to defer the configuration of the management server until the next restart. Set the option to no if you want the configuration of the management server to occur immediately. Managed servers are configured on their next restart.
    Force No

    • reconfigureTAM
    • unconfigureTAM

    		Set this value to yes to ignore errors during the unconfiguration process and allow the entire process to complete. Set the value to no if you want errors to stop the unconfiguration process. This option is especially useful if the environment needs to be cleaned up and problems are occurring that do not allow the entire cleanup process to complete successfully.

  4. When all information is entered, select F to save the configuration properties or C to cancel from the configuration process and discard entered information.

Now enable the JACC provider for Tivoli Access Manager - see the Enabling the JACC provider for Tivoli Access Manager article for more information.


Related


Configure the JACC provider for Tivoli Access Manager
Create the security administrative user for Tivoli Access Manager
Enable the JACC provider for Tivoli Access Manager


Reference:

Tivoli Access Manager JACC provider configuration


+

Search Tips   |   Advanced Search