+

Search Tips   |   Advanced Search

Remove Tivoli Access Manager


After you have installed and used IBM Tivoli Access Manager, you may find that you no longer require its use. We can then remove it from the IBM WebSphere Portal environment and restore authentication capabilities to IBM WAS and authorization capabilities to WebSphere Portal.

To remove Tivoli Access Manager from the WebSphere Portal environment:

  1. Complete the following steps, from the WAS admin console, if you configured Tivoli Access Manager for authentication:

    1. Select Security > Global security > Web and SIP security > Trust association > Interceptors.

    2. Delete com.ibm.sec.authn.tai.TAMETai or if we are still using the deprecated Trust Association Interceptors (TAIs) implementation, delete com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlus.

    3. Click OK then Save.

  2. Stop and restart servers, dmgrs, and node agents.

  3. Optional: Complete the following steps, from the WAS admin console, if you configured Tivoli Access Manager for authorization:

    1. Change the enableExternalization property to false in WP AccessControlService in the Integrated Solutions Console. This action prevents the Externalize/Internalize icon from appearing in the Administrative Access portlet once Tivoli Access Manager is removed.

    2. Use either the Resource Permissions portlet or xmlaccess.sh to internalize any resources that Tivoli Access Manager manages.

    3. Edit the services.properties file found in the WP_PROFILE/PortalServer/config/config directory; find the value com.ibm.wps.services.ac.ExternalAccessControlService, and change it to com.ibm.wps.ac.impl.ExternalAccessControlDefaultImpl.

      Clustered environments: Complete this step on all nodes.

    To remove the credential vault adapter and its associated segments if you configured it for Tivoli Access Manager:

    1. Use the Credential Vault portlet to remove any segments added since installation.

      Do not remove DefaultAdminSegment.

    2. Remove the Vault.AccessManager Credential Vault Adapter implementation properties; including class, config, manager, and readonly; from the Credential Vault Service configuration.

      The systemcred.dn property cannot be removed.

    3. Remove the accessmanagervault.properties file from the WP_PROFILE/PortalServer/config/config directory.

      Clustered environments: Complete this step on all nodes.

  4. If you enabled user provisioning, go to Disable user provisioning.

  5. Optional: Restore the backup copy of the theme so that the login and logout pages restore to the default before Tivoli Access Manager was enabled.

  6. Optional: Remove all junction points, access control lists (ACLs), protected objectspace entries (POS entries), custom actions, and custom action groups.

  7. Optional: Remove the connection to Tivoli Access Manager:

      ./ConfigEngine.sh run-svrssl-unconfig -DWasPassword=foo -Dwp.ac.impl.PDAdminPwd=foo from the WP_PROFILE/ConfigEngine

    Clustered environments:

    • Complete this step on all nodes.
    • WasPassword is the dmgr administrative password.

  8. If necessary, uninstall any Tivoli Access Manager components.

  9. Stop and restart servers, dmgrs, and node agents.


Parent: Configure Tivoli Access Manager for non-z/OS operating systems