Use external security managers in a cluster



Search Tips   |   Advanced Search



Perform any configuration for an external security manager after you have completed all other setup, including ensuring that the WebSphere Portal cluster is functional.

When setting up security in a cluster to use an external security manager, perform the security configuration on each node in the cluster, as described in the following topics:

If you make any changes to the external security manager configuration after initially setting it up, first make the changes in wkplc_comp.propreties on the primary node of the cluster.

If additional nodes exist in the cluster, ensure that any changes you make to the file on the primary node are propagated to the file on other nodes in the cluster.

For an external Web server, additional configuration is required before running any task to configure an external security manager with a WebSphere Portal cluster.

Edit on each node, and ensure that the values for...

...are set to the backend server host name and port number you are using for your Web server.

Tivoli Access Manager


on each node in the cluster.

If the task fails, run the run-svrssl-config task.

The parameter... represents an individual configured AMJRTE connection to Tivoli Access Manager.

Each node in the cluster must have a unique value for wp.acc.impl.PDServerName before running the run-svrssl-config task.

Ensure that the WebSEAL Trust Association Interceptor (TAI) parameters are the same on each node in the cluster. If you run a configuration task at a later time that overwrites the WebSEAL junction, the WAS TAI properties are not automatically updated, so manually ensure that all nodes are using the same parameters.

The file location specified by the property... the file indicates the location of the Tivoli Access Manager AMJRTE properties file,

In a cluster composed of nodes with different operating systems, the location of the file might differ, depending on the node.

Ensure that the value of the property...

...on each node corresponds to the location of the file.

This value can be set globally for all cluster members by using the configURL property, accessed in the deployment manager administrative console...

To ensure that the location of the file is properly specified, use one of the following approaches:

Parent topic: