+

Search Tips   |   Advanced Search

Remove Security Access Manager

After installing and use IBM Security Verify Access, we might find that you no longer require its use. We can then remove it from the HCL WebSphere Portal environment and restore authentication capabilities to IBM WebSphere Application Server and authorization capabilities to HCL WebSphere Portal.

Remove Security Access Manager from the HCL WebSphere Portal environment:

  1. Complete the following steps, from the WAS admin console:

    1. Delete...

        Security > Global security > Web and SIP security > Trust association > Interceptors > com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlus

    2. Click OK then Save.

  2. If we configured Security Access Manager for authorization:

    1. Change the enableExternalization property to false in WP AccessControlService in the Integrated Solutions Console.

      This action prevents the Externalize/Internalize icon from appearing in the Administrative Access portlet after Security Access Manager is removed.

    2. Use either the Resource Permissions portlet or xmlaccess.sh to internalize any resources that Security Access Manager manages.

    3. Edit...

        WP_PROFILE/PortalServer/config/config/services.properties file

      Find the value com.ibm.wps.services.ac.ExternalAccessControlService, and change it to com.ibm.wps.ac.impl.ExternalAccessControlDefaultImpl.

      Complete step 2.c. on all nodes.

    To remove the credential vault adapter and its associated segments if we configured it for Security Access Manager:

    1. Use the Credential Vault portlet to remove any segments added since installation.

      Do not remove DefaultAdminSegment.

    2. Remove the Vault.AccessManager Credential Vault adapter implementation properties; including class, config, manager, and read-only; from the portal Credential Vault Service configuration.

      The systemcred.dn property cannot be removed.

    3. Remove the accessmanagervault.properties file from the WP_PROFILE/PortalServer/config/config directory.

      Complete step 3.c. on all nodes.

  3. If we enabled user provisioning, go to Disable user provisioning.

  4. Restore the backup copy of the theme so the login and logout pages restore to the default before Security Access Manager was enabled.

  5. Remove all junction points, access control lists (ACLs), protected objectspace entries (POS entries), custom actions, and custom action groups.

  6. Remove the connection to Security Access Manager:

      ./ConfigEngine.sh run-svrssl-unconfig -DWasPassword=foo -Dwp.ac.impl.PDAdminPwd=foo from the WP_PROFILE/ConfigEngine

    Clustered environments:

    • Complete this step on all nodes.

    • WasPassword is the dmgr administrative password.

  7. If necessary, uninstall any Security Access Manager components.

  8. Stop and restart the appropriate servers to propagate the changes.


Parent Configure IBM Security Verify Access