ExternalAccessControlService.properties

# Licensed Materials - Property of IBM, 5724-E76, (C) Copyright IBM Corp. 2004 - All Rights reserved. # ---------------------------------------------- # # Properties of the ExternalAccessControlService # # ---------------------------------------------- # # This flag indicates whether the configuration in this file # has been configured to connect to the External Security Manager # Default: false #externalaccesscontrol.ready = false # Rolenames representations are qualified with an optional context built # by the following parameters.

For example, the Administrator@External_Access_Control role # may be represented in the following ways: # # TAM: Protected object space entry # /WPS/Administrator@External_Access_Control/WPS/WebSphere_Portal/cell # # SiteMinder: # resource/subrealms under Domain: WebSphere Portal v5 # /cell/WebSphere_Portal/WPS/Administrator@External_Access_Control # #externalaccesscontrol.server=WebSphere_Portal #externalaccesscontrol.application=WPS #externalaccesscontrol.cell=cell # ---------------------------- # Access Manager configuration # ---------------------------- # After completing the PDJRTE and SrvSslCfg configuration, # the following directives are needed to # allow WP to use Access Manager as an External Security Manager # Provide the objectspace root of your Protected Object Space for Portal Server entries # #externalaccesscontrol.pdroot=/WPS # Provide an administrative user and password with adequate rights in # Tivoli to create, delete, modify the objects in the Protected Object Space. # You can use the WAS PropFilePasswordEncoder utility to mask the password. # Using PropFilePasswordEncoder will remove any comments and uncommented properties, # so create a backup copy of this file for future reference. # For example: <WAS_ROOT>/bin/PropFilePasswordEncoder # <WPS_ROOT>/config/properties/ExternalAccessControlService.properties # externalaccesscontrol.pdpw # *NOTE* this command is on 3 lines in this file, but should be typed on 1 line # in a command window. # #externalaccesscontrol.pduser=sec_master #externalaccesscontrol.pdpw=passw0rd # Specify the location of the Access Manager properties file for AMJRTE. # This URL must be in the format file:///<path to properties file> # Note: http:// urls are not supported. # #externalaccesscontrol.pdurl=file:///$(WAS_INSTALL_ROOT)/java/jre/PdPerm.properties # Specify whether to create ACLs in Access Manager for roles stored externally. # If this value is set to false, the Access Manager administrator will be responsible # for all ACL linkages between TAM and WP. # Possible values: # true - if a TAM ACL will be created for EVERY portal resource # false - if no ACLs will be created for WP objects # default: # true # #externalaccesscontrol.createAcl=true # Specify the action group and the customized actions to map to Portal # role membership. If these items do not exist, they will be created at startup. # Default values: # externalaccesscontrol.pdactiongroup=[WPS] # externalaccesscontrol.pdAction=m # # #externalaccesscontrol.pdactiongroup=[WPS] #externalaccesscontrol.pdaction=m # ----------------------------- # Siteminder Policy Server info # ----------------------------- # The following directives will be used to configure # the connection between WPS and the Policy Server. # Domain name to be created in the SiteMinder administrative GUI. All Realms and sub-realms # will be created under this domain. This domain will be created when starting WP. # #externalaccesscontrol.domainname=WebSphere Portal # Scheme to associate with the realms. This scheme must be defined in SiteMinder before # starting WP. The default value is Basic. # #externalaccesscontrol.scheme=Basic # Agent name and secret to establish a runtime connection with SiteMinder # The agent should be a webagent with a static shared secret using the "supports 4.x agents" # option. # You can use the WAS PropFilePasswordEncoder utility to mask the password. # Using PropFilePasswordEncoder will remove any comments and uncommented properties, # so create a backup copy of this file for future reference. # For example: <WAS_ROOT>/bin/PropFilePasswordEncoder # <WPS_ROOT>/config/properties/ExternalAccessControlService.properties # externalaccesscontrol.agentsecret # *NOTE* this command is on 3 lines in this file, but should be typed on 1 line # in a command window. # # #externalaccesscontrol.agentname=wpsagent #externalaccesscontrol.agentsecret=passw0rd # Administrative user to create, delete, modify SiteMinder objects in order to # represent WP roles. This user must have sufficient access to Domain # level objects in SiteMinder. # You can use the WAS PropFilePasswordEncoder utility to mask the password. # Using PropFilePasswordEncoder will remove any comments and uncommented properties, # so create a backup copy of this file for future reference. # For example: <WAS_ROOT>/bin/PropFilePasswordEncoder # <WPS_ROOT>/config/properties/ExternalAccessControlService.properties # externalaccesscontrol.password # *NOTE* this command is on 3 lines in this file, but should be typed on 1 line # in a command window. # # #externalaccesscontrol.admin = siteminder #externalaccesscontrol.password = passw0rd # User Directory associated with the domain. Failover may be configured # for user directories in the Siteminder administrative GUI. This User directory must # exist before starting WP. # #externalaccesscontrol.userdir = User Directory 1 # Whether the ESM subsystem should switch to another Policy Server if it cannot contact # the current one. Values are true and false. # This property may be specifed as either "exteralaccesscontrol.failOver" or # "exteralaccesscontrol.failover". # NOTE: It is important that this value and the number of Policy Server IP addresses # specified on the "servers" property be carefully coordinated. If multiple Policy Server # addresses are specified on the "servers" property, and this property is # set to false, then the Netegrity Agent API will follow round-robin load balancing, # "spraying" requests between the configured Policy Servers. # This may be appropriate for a TAI which is only doing "read" operations from # the Policy Server(s), but not for write operations . # If you have multiple servers defined in the externalaccesscontrol.servers property, # set failOver to true. # # Default: false # #externalaccesscontrol.failOver = false # Specifies the IP Addresses of all the Policy Servers. Multiple addresses are # to be comma delimited. # # Example: servers=10.0.0.1,10.0.0.2 # #externalaccesscontrol.servers = # For each server in the externalaccesscontrol.servers property, # the following properties may be definedto override the default values. In order to # differentiate each server's settings, the keys are in the following format: # # <Server IP Address>.<key> # # If any are omitted, then the defaults are assumed. # # The keys are: # accountingPort: Accounting Port for the Policy Server. Default is 44441. # authenticationPort: Authentication Port for the Policy Server. Default # is 44442. # authorizationPort: Authorization Port for the Policy Server. # Default is 44443. # connectionMax: Maximum number of connections the Authorization service may make to this # Policy Server. Default is 10. # connectionMin: Initial number of connections the Authorization service will establish with # the Policy Server. Default is 1. # connectionStep: Number of connections to allocate when the Authorization service is out of # connections to the Policy Server. Default is 1. # timeout: Connection timeout in seconds. Default is 20. # # Example for server 10.0.0.1: # 10.0.0.1.accountingPort=44441 # 10.0.0.1.authenticationPort=44442 # 10.0.0.1.authorizationPort=44443 # 10.0.0.1.connectionMax=30 # 10.0.0.1.connectionMin=10 # 10.0.0.1.connectionStep=5 # 10.0.0.1.timeout=60