Configure a WebSEAL instance

Use the isamcfg tool to configure WebSEAL as a point of contact and policy enforcement point for an appliance that has Advanced Access Control (AAC) activated. Make sure that our WebSEAL server is listening for connections on the appropriate IP addresses and port numbers. We can control the IP address and port number using the WebSEAL configuration file. The IP address is controlled by the [server] network-interface configuration option, and the port numbers are controlled by the [server] https-port and [server] http-port options. To use the isamcfg tool, we must:

For IBM Security Verify Access WebSEAL, version 7.0 or later, we must also meet the following conditions:

For Tivoli Access Manager for e-business WebSEAL versions 6.1.1 or prior

The following procedure connects the WebSEAL software version 7.* to ISAM. This procedure is not intended for deployments that have an ISAM appliance with the WebSEAL function. Run the tool on the same system where WebSEAL is located.

  1. Download the isamcfg.jar from the ISAM appliance with Advanced Access Control.

  2. On the WebSEAL machine, set up a JAVA_HOME environment variable for the JRE: For example:

      export JAVA_HOME=/opt/ibm/java-x86_64-60/jre

    ...or...

      export JAVA_HOME=/opt/IBM/WebSphere/AppServer/java/jre

  3. Add $JAVA_HOME/bin to the path export PATH=$JAVA_HOME/bin:$PATH.

  4. From the command line, type:

      java -jar isamcfg.jar -action config -cfgfile /path/to/webseald.conf

  5. Use the isamcfg tool to complete the configuration.

After completing the configuration, a summary screen displays indicating the configuration is complete.

See also: iKeyman User's Guide for version 8

Parent topic: Use the isamcfg tool