Configure Tivoli Access Manager

 

+

Search Tips   |   Advanced Search

 

IBM WebSphere Portal supports the use of IBM Tivoli Access Manager for e-business. Existing Tivoli Access Manager users can leverage the commonly used Tivoli Access Manager services to assist them in their deployment.

You can leverage the following services:

• WebSEAL Single Signon (SSO) for authentication

• Protected Object Space and Access Control List Management for authorization

• Global Sign-on (GSO) lockbox credential vault integration

• Automatic user provisioning from WebSphere Portal self-registration to Tivoli Access Manager

Perform the following tasks to configure Tivoli Access Manager:

• Creating the AMJRTE properties file
  You must create the AMJRTE properties files before configuring Tivoli Access Manager for authentication, authorization, Credential vault, and/or user provisioning.

• Configure Tivoli Access Manager for authentication, authorization, and the Credential Vault
  This file explains how to configure authentication, authorization, and the vault adapter together.

• Configure Tivoli Access Manager to perform authentication only
  IBM WebSphere Portal runs on IBM WAS, which can use Trust Association
  Interceptors (TAIs) to provide third-party authentication. WebSphere Portal and WAS support a TAI that is provided by Tivoli. If you use Tivoli Access Manager to perform authorization for WebSphere Portal, also use Tivoli Access Manager to perform the authentication. Using Tivoli Access Manager to perform only authorization is not supported.

• Configure Tivoli Access Manager to perform authorization
  You can configure IBM Tivoli Access Manager for e-business to perform authorization as an independent task from configuring Tivoli Access Manager to perform authentication, but configure both tasks. Using Tivoli Access Manager to perform only authorization is not supported.

• Configure the Credential Vault adapter for Tivoli Access Manager
  Use IBM Tivoli Access Manager for e-business in the IBM WebSphere Portal Credential Vault service. WebSphere Portal includes a vault adapter to access the Tivoli Access Manager Global Sign-on (GSO) lockbox. Any existing Tivoli resource or resource credentials can be used in your portlets that access the credential vault service without any additional configuration. In addition, the credential vault service and credential vault management portlet can create new or update existing GSO lockbox entries.

• Enabling user provisioning
  When users are created in WebSphere Portal, they are not automatically imported into Tivoli Access Manager.

  Enabling automatic user provisioning to Tivoli Access Manager changes this behavior. Once this feature is enabled, users are automatically imported into Tivoli Access Manager whenever they are created in WebSphere Portal. When user provisioning to Tivoli Access Manager, anyone with access to the public URL can become an active user in Tivoli Access Manager as long as the self-registration feature remains enabled.

• Verifying Tivoli Access Manager is working
  After configuring Tivoli Access Manager, you should verify that it is working properly before continuing with any additional configuration tasks.

• Removing the Credential Vault adapter
  If you no longer require the use of the credential vault adapter that you created, you can remove it from your configuration.

• Removing Tivoli Access Manager
  After you have installed and used IBM Tivoli Access Manager for e-business, you may find that you no longer require its use. You can then remove it from the IBM WebSphere Portal environment and restore authentication capabilities to IBM WAS and authorization capabilities to WebSphere Portal.

• Disable user provisioning
  After enabling and using the user provisioning feature within IBM Tivoli Access Manager for e-business, you can disable the feature.

 

Parent topic

External security managers

---