ISAM JACC provider configuration
We can configure the JACC provider for Security Access Manager to deliver both authentication and authorization, or for authentication only. Most deployments provide both authentication and authorization functionality.
To have ISAM provide authentication, but leave authorization as part of WebSphere Application Server's native security, add the property...
com.tivoli.pd.as.amwas.DisableAddAuthorizationTableEntry=true
...to the file...
profile_root/config/cells/cell/amwas.amjacc.template.properties
After this property is set, perform the tasks for setting ISAM Security, as documented.
We can configure the JACC provider for ISAM:
- Configure the JACC provider for ISAM using the console
- Configure the JACC provider for ISAM using the wsadmin
Profiles created by users who are different to the user that installed the application have read-only permissions for this directory. This situation is not ideal because configuration of the JACC provider for ISAM fails in these situations. To avoid this situation, we can edit:
profile_root/config/cells/cell/amwas.amjacc.template.properties
...and add the following property...
com.tivoli.pd.as.jacc.CommonFileLocation=/path/to/new/location
This property applies read and write permissions to the java/jre directory.
The JACC configuration files are not common across multiple WebSphere Application profiles. To specify the location of the JACC configuration for each profile, edit....
profile_root/config/cells/cell/amwas.amjacc.template.properties
....and set...
com.tivoli.pd.as.jacc.CommonFileLocation=USER_INSTALL_ROOT/etc/pd
The wsadmin command is available to reconfigure the Java Authorization Contract for Containers (JACC) ISAM interface:
$AdminTask reconfigureTAM -interactive
This command prompts you through the process of unconfiguring the interface and then reconfiguring it.
See:
Configure the JACC provider for ISAM Enable embedded ISAM Configure the JACC provider for ISAM using the wsadmin utility