+

Search Tips   |   Advanced Search

Portal, V6.1

 

Removing Tivoli Access Manager

After you have installed and used IBM Tivoli Access Manager for e-business, you may find that you no longer require its use. You can then remove it from the IBM WebSphere Portal environment and restore authentication capabilities to IBM WAS and authorization capabilities to WebSphere Portal.

To remove Tivoli Access Manager from the WebSphere Portal environment. After performing this procedure, the following changes occur:

  1. Optional

    To remove the credential vault adapter and its associated segments if you configured it for Tivoli Access Manager:

    1. Use the Credential Vault portlet to remove any segments added since installation.

      Do not remove DefaultAdminSegment.

    2. Remove the Vault.AccessManager Credential Vault Adapter implementation properties; including class, config, manager, and readonly; from the Credential Vault Service configuration.

      The systemcred.dn property cannot be removed.

    3. Remove the accessmanagervault.properties file from the WP_PROFILE/shared/app/config .

  2. Perform the following steps if you configured Tivoli Access Manager for authorization:

    1. Change the enableExternalization property to false in Access Control Config Service. This will prevent the Externalize/Internalize icon from appearing in the Administrative Access portlet once Tivoli Access Manager is removed.

    2. Use either the Resource Permissions portlet or the XML configuration interface to internalize any resources managed by Tivoli Access Manager.

    3. Edit the services.properties file found in the WP_PROFILE/shared/app/config directory; find the value com.ibm.wps.services.ac.ExternalAccessControlService, and change it to com.ibm.wps.ac.impl.ExternalAccessControlDefaultImpl.

  3. Optional

    Restore the ability to create users through WebSphere Portal, if you previously disabled it, by re-enabling auto-registration. Restore the backup copy of the /installedApps/hostname/wps.ear/wps.war/themes/html/theme_name/ToolBarInclude.jsp file that is located in the subdirectory of each theme.

  4. Perform the following steps if you configured Tivoli Access Manager for authentication:

    1. In the WAS Administrative Console, click Security > Global security > Authentication > Authentication mechanisms > LTPA. Click Trust Association under Additional Properties.

    2. Deselect the Trust Association Enabled check box.

    3. Click OK; then click Save.

    4. Stop and restart server1.

  5. Optional

    If you enabled user provisioning, go to Disable user provisioning.

  6. Optional

    Remove all junction points, access control lists (ACLs), protected objectspace entries (POS entries), custom actions, and custom action groups.

  7. Optional

    Run the following unconfigure task to remove the connection to Tivoli Access Manager:

    Option Description
    Windows ConfigEngine.bat run-svrssl-unconfig -Dwp.ac.impl.PDAminPwd=wpsadmin from the WP_PROFILE\ConfigEngine.
    UNIX ./ConfigEngine.sh run-svrssl-unconfig -Dwp.ac.impl.PDAminPwd=wpsadmin from the WP_PROFILE/ConfigEngine.
    i5/OS ConfigEngine.sh run-svrssl-unconfig -Dwp.ac.impl.PDAminPwd=wpsadmin from the WP_PROFILE/ConfigEngine.

  8. If necessary, uninstall any Tivoli Access Manager components.

 

Parent topic

Configure Tivoli Access Manager