Create PdPerm.properties

Create PdPerm.properties

The PdPerm.properties file configures the Access Manager Java Run Time Environment (AMJRTE). Create PdPerm.properties before configuring IBM Security Verify Access for authentication, authorization, Credential Vault, or user provisioning. We run run-svrssl-config to create PdPerm.properties, and keystore file used to encrypt communication.

Edit...
WP_PROFILE/ConfigEngine/properties/wkplc_comp.properties

Enter the following parameters in wkplc_comp.properties
Complete this step on all nodes in the cluster. The parameters must match on all nodes in the clustered environment. The one exception is wp.ac.impl.PDServerName.

wp.ac.impl.PDAdminId User ID for the administrative IBM Security Verify Access user. Default is sec_master.
wp.ac.impl.PDPermPath Fully qualified path and file name where PdPerm.properties is created.
wp.ac.impl.PDServerName Unique application name used to create a server in the ISAM Policy server. The application name is an arbitrary name but must be unique for this server instance. We might want to use the node name for this HCL WebSphere Portal server instance. The unique application name and will be used to create a new Tivoli server in the Access Manager Policy Server. This server will appear in the pdadmin server list after running the SvrSslCfg command. If a server with the same name appears in the server list command, the SvrSslCfg command will fail. This parameter represents an individually configured AMJRTE connection to ISAM. Therefore, each node in the cluster must specify a unique value for the wp.ac.impl.PDServerName parameter before running run-svrssl-config. If the cluster has four nodes, set this parameter differently on each node; for example, ps81, ps82, ps83, and ps84.
wp.ac.impl.SvrSslCfgPort Configuration port for the application name. The property is ignored by the SvrSslCfgPort.
wp.ac.impl.SvrSslCfgMode Configuration mode of the SvrSslCfg command. The only valid value is remote.
wp.ac.impl.TamHost Host name of the ISAM Policy server used when we run PDJrteCfg.
wp.ac.impl.PDPolicyServerList Host name, port, and priority combinations for the ISAM Policy servers used when we run SvrSslCfg.
wp.ac.impl.PDAuthzServerList Host name, port, and priority combination for the ISAM authorization servers.
wp.ac.impl.PDKeyPath Fully qualified path and file name of the location for the keystore file. This file is created when running the run-svrssl-config task. The keystore file holds the keys used to encrypt communication between the Portal node and the ISAM server.

Save changes to the properties file.

cd WP_PROFILE/ConfigEngine

Create PdPerm.properties:
./ConfigEngine.sh run-svrssl-config -Dwp.ac.impl.PDAdminPwd=sec_master -DWasPassword=foo

If the configuration task fails, validate the values in wkplc_comp.properties. The following files are created:

PdPerm.properties
This file is in the directory path specified for the wp.ac.impl.PDPermPath parameter.

pdperm.ks
This file is in the directory path specified for the wp.ac.impl.PDKeyPath parameter.

Parent Configure IBM Security Verify Access

wp.ac.impl.PDAdminId	User ID for the administrative IBM Security Verify Access user. Default is sec_master.
wp.ac.impl.PDPermPath	Fully qualified path and file name where PdPerm.properties is created.
wp.ac.impl.PDServerName	Unique application name used to create a server in the ISAM Policy server. The application name is an arbitrary name but must be unique for this server instance. We might want to use the node name for this HCL WebSphere Portal server instance. The unique application name and will be used to create a new Tivoli server in the Access Manager Policy Server. This server will appear in the pdadmin server list after running the SvrSslCfg command. If a server with the same name appears in the server list command, the SvrSslCfg command will fail. This parameter represents an individually configured AMJRTE connection to ISAM. Therefore, each node in the cluster must specify a unique value for the wp.ac.impl.PDServerName parameter before running run-svrssl-config. If the cluster has four nodes, set this parameter differently on each node; for example, ps81, ps82, ps83, and ps84.
wp.ac.impl.SvrSslCfgPort	Configuration port for the application name. The property is ignored by the SvrSslCfgPort.
wp.ac.impl.SvrSslCfgMode	Configuration mode of the SvrSslCfg command. The only valid value is remote.
wp.ac.impl.TamHost	Host name of the ISAM Policy server used when we run PDJrteCfg.
wp.ac.impl.PDPolicyServerList	Host name, port, and priority combinations for the ISAM Policy servers used when we run SvrSslCfg.
wp.ac.impl.PDAuthzServerList	Host name, port, and priority combination for the ISAM authorization servers.
wp.ac.impl.PDKeyPath	Fully qualified path and file name of the location for the keystore file. This file is created when running the run-svrssl-config task. The keystore file holds the keys used to encrypt communication between the Portal node and the ISAM server.