Configure Tivoli Access Manager

 

+

Search Tips   |   Advanced Search

 

Portal can leverage the following Tivoli Access Manager services:

• WebSEAL single signon
• Protected Object Space and ACL management for authorization
• Global Sign-on (GSO) lockbox credential vault integration
• Automatic user provisioning from WebSphere Portal self-registration to TAM

Tasks

• Create the AMJRTE properties file

  Create the AMJRTE properties files before configuring TAM for authentication, authorization, Credential vault, and/or user provisioning.

• Configure TAM for authentication, authorization, and the Credential Vault

  This file explains how to configure authentication, authorization, and the vault adapter together.

• Configure TAM to perform authentication only

  WebSphere Portal runs on IBM WAS, which can use Trust Association Interceptors (TAIs) to provide third-party authentication. WebSphere Portal and WAS support a TAI that is provided by Tivoli. If you use TAM to perform authorization for WebSphere Portal, also use TAM to perform the authentication. Using TAM to perform only authorization is not supported.

• Configure TAM to perform authorization

  You can configure IBM TAM to perform authorization as an independent task from configuring TAM to perform authentication, but configure both tasks. Using TAM to perform only authorization is not supported.

• Configure the Credential Vault adapter for TAM

  You can use IBM TAM in the WebSphere Portal Credential Vault service. WebSphere Portal includes a vault adapter to access the TAM Global Sign-on (GSO) lockbox. Any existing Tivoli resource or resource credentials can be used in your portlets that access the credential vault service without any additional configuration. In addition, the credential vault service and credential vault management portlet can create new or update existing GSO lockbox entries.

• Enable user provisioning

  When users are created in WebSphere Portal, they are not automatically imported into TAM.

  Enabling automatic user provisioning to TAM changes this behavior. Once this feature is enabled, users are automatically imported into TAM whenever they are created in WebSphere Portal. When user provisioning to TAM, anyone with access to the public URL can become an active user in TAM as long as the self-registration feature remains enabled.

• Verify TAM is working

  After configuring WebSphere Portal to use TAM for externalized authorization, you should verify that it is working properly before continuing with any additional configuration tasks.

• Removing the Credential Vault adapter

  If you no longer require the use of the credential vault adapter that you created, you can remove it from your configuration.

• Removing TAM

  After you have installed and used IBM TAM, you may find that you no longer require its use. You can then remove it from the WebSphere Portal environment and restore authentication capabilities to IBM WAS and authorization capabilities to WebSphere Portal.

• Disable user provisioning

  After enabling and using the user provisioning feature within IBM TAM, you can disable the feature.

Parent topic:

External security managers

---