WAS v8.5 > Secure applications > Authenticate users > Implement single sign-on to minimize web user authentications > Configure single sign-on capability with Tivoli Access Manager or WebSEAL

Create a trusted user account in Tivoli Access Manager

Tivoli Access Manager trust association interceptors require the creation of a trusted user account in the shared LDAP user registry.

This account includes the ID and password that WebSEAL uses to identify itself to WebSphere Application Server. To prevent potential vulnerabilities, do not use the sec_master ID as the trusted user account and ensure the password we use is unique and generated randomly. Use the trusted user account for the TAI or TAI++ only.

  1. Use either the Tivoli Access Manager pdadmin command-line utility or Web Portal Manager to create the trusted user. For example, from the pdadmin command line.
  2. Reference the code listed below as an example for creating a trusted user account.
  3. Reference the following additional resources for more information:

    1. Configure WebSEAL for use with WAS
    2. Configure Tivoli Access Manager plug-in for web servers for use with WAS


Example


Related


Configure single sign-on capability with Tivoli Access Manager or WebSEAL


+

Search Tips   |   Advanced Search