WAS v8.5 > Secure applications > Authorizing access to resources > Authorizing access to Java EE resources using Tivoli Access Manager > Enable an external JACC provider

Configure Tivoli Access Manager groups

Use these steps to configure the WebSphere Application Server dmgr console to add objects of the accessGroup class to the list of object classes that represent user registry groups.

We can use the dmgr console to specify security policies for applications that run in the WAS environment. We can also use the WAS dmgr console to specify security policies for other web resources, based on the entities stored in the user registry.

Tivoli Access Manager adds the accessGroup object class to the registry. Tivoli Access Manager administrators can use the pdadmin utility, which is available only on the policy server host in the PD.RTE fileset, to create new groups. These new groups are added to the registry as the accessGroup object class.

The dmgr console is not configured by default to recognize objects of the accessGroup class as user registry groups. We can configure the dmgr console to add this object class to the list of object classes that represent user registry groups. To do this configuration, complete the following instructions:

  1. From the dmgr console, access the advanced settings for configuring security by clicking Security > Global security.

  2. Under User account repository, click the Available realm definitions drop-down list, select Standalone LDAP registry, and click Configure.

  3. Under Additional properties, click Advanced Lightweight Directory Access Protocol (LDAP) user registry settings.

  4. Modify the Group Filter field. Add the following entry: (objectclass=accessGroup)

    The Group Filter field looks like the following example:

    (&(cn=%w)(|(objectclass=groupOfNames)
    (objectclass=groupOfUniqueNames)(objectclass=accessGroup)))

  5. Modify the Group Member ID Map field. Add the following entry: accessGroup:member. The Group Member ID Map field looks like the following example:

    groupOfNames:member;groupOfUniqueNames:uniqueMember;
    accessGroup:member

  6. Stop and restart WAS.


Related concepts:

Role-based security with embedded Tivoli Access Manager


Related


Enable an external JACC provider


+

Search Tips   |   Advanced Search