Use these steps to configure the WebSphere Application Server administrative console to add objects of the accessGroup class to the list of object classes that represent user registry groups.
About this task
You can use the WebSphere Application Server administrative console to specify security policies for applications that run in the WebSphere Application Server environment. You can also use the WebSphere Application Server administrative console specify security policies for other Web resources, based on the entities that are stored in the user registry.
Tivoli Access Manager adds the accessGroup object class to the registry. Tivoli Access Manager administrators can use the pdadmin utility, which is available only on the policy server host in the PD.RTE fileset, to create new groups. These new groups are added to the registry as the accessGroup object class.
The WebSphere Application Server administrative console is not configured by default to recognize objects of the accessGroup class as user registry groups. You can configure the WebSphere Application Server administrative console to add this object class to the list of object classes that represent user registry groups. To do this configuration, complete the following instructions:
The Group Filter field looks like the following example:
(&(cn=%w)(|(objectclass=groupOfNames)
(objectclass=groupOfUniqueNames)
(objectclass=accessGroup)))
groupOfNames:member;groupOfUniqueNames:uniqueMember;
accessGroup:member