Commands to configure SSO between ISAM and ISIM

Frequently used commands to configure SSO between ISAM and ISIM

These commands are run on the ISAM servers.
Define IBM Security Access Manager user accounts:
pdadmin -a sec_master -p password -m user delete -registry "itim manager"
pdadmin -a sec_master -p password -m user create "itim manager" "cn=itim manager,o=ibm,c=us" "itim manager" "itim manager" tivoli
pdadmin -a sec_master -p password -m user modify "itim manager" account-valid yes
pdadmin -a sec_master -p password -m user show "itim manager"
pdadmin -a sec_master -p password -m user delete -registry "myname"
pdadmin -a sec_master -p password -m user create "myname" "cn=My Name,o=ibm,c=us" "My Name" "Name" tivoli
pdadmin -a sec_master -p password -m user modify "myname" account-valid yes
pdadmin -a sec_master -p password -m user show "myname"
pdadmin -a sec_master -p password -m user delete -registry "teamleader" pdadmin -a sec_master -p password -m user create "teamleader" "cn=Team Leader,o=ibm,c=us" "Team Leader" "Leader" tivoli
pdadmin -a sec_master -p tivoli -m user modify "teamleader" account-valid yes
pdadmin -a sec_master -p tivoli -m user show "teamleader"
pdadmin -a sec_master -p password -m server task default-webseald-tam60-server delete /itimserver

Define a WebSEAL TCP or SSL Junction
pdadmin -a sec_master -p password -m server task default-webseald-tam60-server create -t tcp -s -j -e utf8_uri -c iv_user -p 9080 -h ITIMServer /itimserver
pdadmin -a sec_master -p password -m server task default-webseald-tam60-server create -t ssl -s -j -e utf8_uri -c iv_user -p 9443 -h ITIMServer /itimserver
pdadmin -a sec_master -p password -m server task default-webseald-tam60-server show /itimserver
pdadmin -a sec_master -p password -m acl detach /WebSEAL/tam60-server-default/itimserver/itim/console

Define IBM Security Access Manager ACLs:
pdadmin -a sec_master -p password -m acl delete ITIM-ACL
pdadmin -a sec_master -p password -m acl create ITIM-ACL
pdadmin -a sec_master -p password -m acl detach /WebSEAL/tam60-server-default/itimserver/itim/self
pdadmin -a sec_master -p password -m acl delete ITIM-Self-Help-ACL
pdadmin -a sec_master -p password -m acl create ITIM-Self-Help-ACL
pdadmin -a sec_master -p password -m acl detach /WebSEAL/tam60-server-default/itimserver/itim/ui
pdadmin -a sec_master -p password -m acl delete ITIM-ISC-ACL
pdadmin -a sec_master -p password -m acl create ITIM-ISC-ACL

Define IBM Security Access Manager groups:
pdadmin -a sec_master -p password -m group delete ITIM-Group -registry
pdadmin -a sec_master -p password -m group create ITIM-Group cn=ITIM-Group,o=ibm,c=us ITIM-Group
pdadmin -a sec_master -p password -m group modify ITIM-Group add "itim manager"
pdadmin -a sec_master -p password -m group show ITIM-Group
pdadmin -a sec_master -p password -m group delete ITIM-Self-Service-Group -registry
pdadmin -a sec_master -p password -m group create ITIM-Self-Service-Group cn=ITIM-Self-Service-Group,o=ibm,c=us ITIM-Self-Service-Group
pdadmin -a sec_master -p password -m group modify ITIM-Self-Service-Group add "itim manager"
pdadmin -a sec_master -p password -m group modify ITIM-Self-Service-Group add "myname"
pdadmin -a sec_master -p password -m group modify ITIM-Self-Service-Group add "teamleader"
pdadmin -a sec_master -p password -m group show ITIM-Self-Service-Group
pdadmin -a sec_master -p password -m group delete ITIM-ISC-Group -registry
pdadmin -a sec_master -p password -m group create ITIM-ISC-Group cn=ITIM-ISC-Group,o=ibm,c=us ITIM-ISC-Group
pdadmin -a sec_master -p password -m group modify ITIM-ISC-Group add "itim manager"
pdadmin -a sec_master -p password -m group modify ITIM-ISC-Group add "myname"
pdadmin -a sec_master -p password -m group modify ITIM-ISC-Group add "teamleader"
pdadmin -a sec_master -p password -m group show ITIM-ISC-Group

Associate the WebSEAL junction to the ACLs:
pdadmin -a sec_master -p password -m acl modify ITIM-ACL set group ITIM-Group Trx
pdadmin -a sec_master -p password -m acl modify ITIM-ACL set any-other T
pdadmin -a sec_master -p password -m acl modify ITIM-ACL set unauthenticated T
pdadmin -a sec_master -p password -m acl show ITIM-ACL
pdadmin -a sec_master -p password -m acl modify ITIM-Self-Help-ACL set group ITIM-Self-Service-Group Trx
pdadmin -a sec_master -p password -m acl modify ITIM-Self-Help-ACL set any-other T
pdadmin -a sec_master -p password -m acl modify ITIM-Self-Help-ACL set unauthenticated T
pdadmin -a sec_master -p password -m acl show ITIM-Self-Help-ACL
pdadmin -a sec_master -p password -m acl modify ITIM-ISC-ACL set group ITIM-ISC-Group Trx
pdadmin -a sec_master -p password -m acl modify ITIM-ISC-ACL set any-other T
pdadmin -a sec_master -p password -m acl modify ITIM-ISC-ACL set unauthenticated T
pdadmin -a sec_master -p password -m acl show ITIM-ISC-ACL
pdadmin -a sec_master -p password -m acl attach /WebSEAL/tam60-server-default/itimserver/itim/console ITIM-ACL
pdadmin -a sec_master -p password -m acl attach /WebSEAL/tam60-server-default/itimserver/itim/self ITIM-Self-Help-ACL
pdadmin -a sec_master -p password -m acl attach /WebSEAL/tam60-server-default/itimserver/itim/ui ITIM-ISC-ACL

Parent topic: Configuration of single sign-on