+

Search Tips   |   Advanced Search


Verify Tivoli Access Manager is working

After configuring WebSphere Portal to use Tivoli Access Manager for externalized authorization, you should verify that it is working properly before continuing with any additional configuration tasks.

To verify that Tivoli Access Manager is working properly:

  1. Verify that your topology matches the topology described in the protected object space.

  2. To verify that at least one user, typically the administrator, has the Administrator@VIRTUAL/EXTERNAL ACCESS CONTROL_1 role:

    1. Enter the pdadmin> acl show WPS_Administrator-VIRTUAL_wps-EXTERNAL_ACCESS_CONTROL_1 command on the pdadmin command line to verify that the administrator and administrator group have the Administrator@VIRTUAL/EXTERNAL ACCESS CONTROL_1 role.

    2. Optional: Enter the following commands to add the administrator to the Administrator@VIRTUAL/EXTERNAL ACCESS CONTROL_1 role if no entry is found:

      • pdadmin> acl modify WPS_Administrator-VIRTUAL_wps-EXTERNAL_ACCESS_CONTROL_1 set user wpsadmin T[WPS]m

      • pdadmin> acl modify WPS_Administrator-VIRTUAL_wps-EXTERNAL_ACCESS_CONTROL_1 set group wpsadmins T[WPS]m

      where wpsadmin is the administrator user ID and wpsadmins is the administrator group.

  3. Perform the following steps from the Resource Permissions portlet:

    1. Select a resource type.

    2. Click the Assign Access icon for the specific resource.

    3. Click the Edit Role icon for a role that you want to externalize.

    4. Click Add to explicitly assign at least one user or group to your chosen role for the resource.

    5. Click Search for Users or User Groups or click the pull down for the Search by option where the default is set to All available to select specific users or user groups. Then click OK. An informational message box should display the message that members were successfully added to the role.

    6. Optional: Explicitly assign additional roles. If you do not assign at least one user or group to each role type for the resource, use the external security manager interface to create this role type later.

      For example, if you do not assign any users or groups to the Editor role type for the resource, then use the external security manager interface to create the Editor role type later.

    7. Click the Externalize icon for the resource. These steps move every role that is defined for each resource you assigned to the Tivoli Access Manager protected object space. One ACL is created for each externalized role.

  4. Add users to the ACLs that are attached to the role types on that resource by using either the Tivoli Access Manager GUI or the pdadmin command line.

    If you log on to WebSphere Portal for administration purposes and you intend to externalize resources to Tivoli Access Manager, remember the following:

    • You must be a member of the wpsadmins group

    • The wpsadmins group must appear in the VIRTUAL/EXTERNAL_ACCESS_CONTROL_1 ACL


Parent topic:

Configure Tivoli Access Manager