isamcfg WebSEAL configuration worksheet
Use this worksheet to collect required isamcfg configuration properties.
Properties
If we are upgrading the Advanced Access Control (AAC) module, see the installation and configuration instructions.
- By default, the tool selects the following. We can configure all of them at the same time. If we do not want to configure them all, clear the capability that we do not want to configure by selecting its corresponding number.
Context-based Authorization Use behavioral and contextual data analytics to calculate the risk of a transaction. Authentication service Use step-up authentication. API Protection Use OAuth authentication.
- AAC LMI hostname
- Enter the LMI hostname or IP address.
- AAC LMI port
- Port number of the Local Management Interface. The tool displays a port number. Example value: 443. Press Enter to use the displayed port or enter your preferred port.
- AAC Appliance administrator user ID
- Press Enter to use the displayed user ID or enter your preferred user ID.
- AAC Appliance administrator password
- Enter the corresponding administrator password.
- Domain name
- Enter the ISAM domain name. Press Enter to use the default domain name or enter your preferred domain name.
- IBM Security Verify Access (ISAM) administrator user ID
- Enter a valid ISAM administrator user ID. Press Enter to use the user ID or enter your preferred user ID.
- ISAM administrator password
- Enter the corresponding ISAM administrator password.
- AAC runtime listening interface hostname
- Enter the hostname or IP address of the runtime listening interface for the appliance that has AAC activated.
Example value: 172.16.229.10
- AAC runtime listening interface port
- Port number of the runtime listening interface for the appliance that has AAC activated. Example value: 443
- AAC runtime listening interface SSL key file
- Path to the keystore containing the SSL keys required to connect to the AAC runtime listening interface. Press Enter to use the default key file.
- AAC runtime listening interface SSL stash file
- Path to the stash file containing the password to the Advanced Access Control runtime listening interface SSL keyfile. Press Enter to use the default stash file.
- Select the method for authentication between WebSEAL and the AAC runtime listening interface
- Certificate authentication
- Use a certificate to authenticate between WebSEAL and the AAC runtime listening interface. On Windows operating systems, we must use certificate authentication for WebSEAL from IBM ISAM for Web 7.0.0.2.
- User ID and password authentication
- Use credentials to authenticate between WebSEAL and the AAC runtime listening interface. The default username is easuser and the default password is passw0rd.
- AAC runtime listening interface SSL key file label
- Key label of the certificate to present to AAC at run time.
- SSL certificate data valid (y/n)
- Press y to validated the displayed SSL certificate values are valid otherwise, press n.
- Automatically add CA certificate to the key database (y/n)
- Press y if we want to automatically add the CA certificate to the key database, otherwise press n. web reverse proxy instance restarts if y is selected.
- The CA certificate already exists in the key database. Replace the CA certificate? (y/n)
- Press y if we want to automatically replace the CA certificate to the key database, otherwise press n.
- Runtime security service external authorization service library
- By default, the tool displays the available library. Press Enter to use the available library or enter your preferred library.
- The 400 Bad Request response page:
- Choose one for the 400 Bad Request response page. The default page is oauth_template_rsp_400_bad_request.html.
- The following files are available on the Secure Verify Access Appliance.
- Choose one file for the following pages:
- The 400 Bad Request response page. The default page is oauth_template_rsp_400_bad_request.html.
- The 401 Unauthorized response page. The default page is oauth_template_rsp_401_unauthorized.html.
- The 502 Bad Gateway response page. The default page is oauth_template_rsp_502_bad_gateway.html.
Parent topic: isamcfg reference