Configure the Credential Vault adapter for Tivoli Access Manager

Configure the Credential Vault adapter for Tivoli Access Manager

We can use IBM Tivoli Access Manager in the IBM WebSphere Portal Credential Vault service. WebSphere Portal includes a vault adapter to access the Tivoli Access Manager Global Sign-on (GSO) lockbox. Any existing Tivoli resource or resource credentials can be used in the portlets that access the credential vault service without any additional configuration. In addition, the credential vault service and credential vault management portlet can create new or update existing GSO lockbox entries.
Users who are storing credentials in the accessmanagervault.properties file must be defined in Tivoli Access Manager as global signon (GSO) users.
To configure the Tivoli Access Manager vault adapter that is packaged with WebSphere Portal:
In a clustered environment on each node.

Validate that the AMJRTE properties exists:

Operating system Task
Windows ConfigEngine.bat validate-pdadmin-connection -DWasPassword=foo -Dwp.ac.impl.PDAdminPwd=foo
AIX SolarisLinux ./ConfigEngine.sh validate-pdadmin-connection -DWasPassword=foo -Dwp.ac.impl.PDAdminPwd=foo
IBM i ConfigEngine.sh validate-pdadmin-connection -DWasPassword=foo -Dwp.ac.impl.PDdAdminPwd=foo

Clustered environments:

Complete this step on all nodes.
WasPassword is the dmgr administrative password.

If the task does not run successfully: Run run-svrssl-config to create the properties file, see Create the AMJRTE properties file, then run validate-pdadmin-connection again. If the task is not successful after a second attempt, do not perform any subsequent steps in this topic. The face that the task does not run successfully indicates that the portal cannot connect to the Tivoli Access Manager server.

Create and populate the WP_PROFILE/PortalServer/config/config/accessmanagervault.properties file:

properties file
Operating system Task
Windows ConfigEngine.bat enable-tam-vault -DWasPassword=foo -Dwp.ac.impl.PDAdminPwd=foo from the WP_PROFILE\ConfigEngine
AIXSolarisLinux ./ConfigEngine.sh enable-tam-vault -DWasPassword=foo -Dwp.ac.impl.PDAdminPwd=foo from the WP_PROFILE/ConfigEngine
IBM i ConfigEngine.sh enable-tam-vault -DWasPassword=foo -Dwp.ac.impl.PDAdminPwd=foo from the WP_PROFILE/ConfigEngine

Clustered environments: WasPassword is the dmgr administrative password.

Stop and restart servers, dmgrs, and node agents.

Optional: Use the WAS encoding mechanism to mask the passwords in the production version of the file. The accessmanagervault.properties file contains the Tivoli Access Manager administrative password in the pdpw property.

Parent: Configure Tivoli Access Manager for non-z/OS operating systems
Related:
Start and stop servers, dmgrs, and node agents
Related:
Create the AMJRTE properties file

Operating system	Task
Windows	ConfigEngine.bat validate-pdadmin-connection -DWasPassword=foo -Dwp.ac.impl.PDAdminPwd=foo
AIX SolarisLinux	./ConfigEngine.sh validate-pdadmin-connection -DWasPassword=foo -Dwp.ac.impl.PDAdminPwd=foo
IBM i	ConfigEngine.sh validate-pdadmin-connection -DWasPassword=foo -Dwp.ac.impl.PDdAdminPwd=foo

Operating system	Task
Windows	ConfigEngine.bat enable-tam-vault -DWasPassword=foo -Dwp.ac.impl.PDAdminPwd=foo from the WP_PROFILE\ConfigEngine
AIXSolarisLinux	./ConfigEngine.sh enable-tam-vault -DWasPassword=foo -Dwp.ac.impl.PDAdminPwd=foo from the WP_PROFILE/ConfigEngine
IBM i	ConfigEngine.sh enable-tam-vault -DWasPassword=foo -Dwp.ac.impl.PDAdminPwd=foo from the WP_PROFILE/ConfigEngine