Create the PdPerm.properties file | HCL Digital Experience
The PdPerm.properties file configures the Access Manager Java Run Time Environment (AMJRTE). Create the PdPerm.properties file before configuring Security Access Manager for authentication, authorization, Credential Vault, or user provisioning. Run the run-svrssl-config task to create the files. This task also creates the keystore file that is used to encrypt communication with Security Access Manager.
Cluster note: Complete these steps on every node in the cluster.
Additional notes:
- Prerequisites must be followed prior to executing the following steps. Refer to the Help Center topic Security Access Manager prerequisites for more information.
- The updated PD.jar file must also be in place prior to executing the following steps.
Procedure
- Edit...
wp_profile_root/ConfigEngine/properties/wkplc_comp.properties
- In the AMJRTE connection parameters heading set the following parameters. Complete this step on all nodes in a cluster. The parameters must match on all nodes. The one exception is the wp.ac.impl.PDServerName parameter.
wp.ac.impl.PDAdminId User ID for the administrative Security Access Manager user. wp.ac.impl.PDPermPath Fully qualified path and file name where the PdPerm.properties file is created. wp.ac.impl.PDServerName Unique application name used to create a server in the Security Access Manager Policy server. The application name is an arbitrary name but must be unique for this server instance. You might want to use the node name for this HCL Portal server instance.
Cluster note: The wp.ac.impl.PDServerName parameter represents an individually configured AMJRTE connection to Security Access Manager. Therefore, each node in the cluster must specify a unique value for the wp.ac.impl.PDServerName parameter before running the run-svrssl-config task. If the cluster has four nodes, set this parameter differently on each node; for example, amwp81, amwp82, amwp83, and amwp84.
wp.ac.impl.SvrSslCfgPort Configuration port for the application name. The property is ignored by the SvrSslCfgPort. wp.ac.impl.SvrSslCfgMode Configuration mode of the SvrSslCfg command. The only valid value is remote. wp.ac.impl.TamHost Host name of the Security Access Manager Policy server used when you run PDJrteCfg. wp.ac.impl.PDPolicyServerList Host name, port, and priority combinations for the Security Access Manager Policy servers used when you run SvrSslCfg. wp.ac.impl.PDAuthzServerList Host name, port, and priority combination for the Security Access Manager authorization servers. wp.ac.impl.PDKeyPath Fully qualified path and file name of the location for the keystore file. This file is created when you run the run-svrssl-config task. The keystore file holds the keys used to encrypt communication between the Portal node and the Security Access Manager server. wp.ac.impl.JavaHome Directory name of the environment where IBM Java for WebSphere Application Server is located. By default this value is the ${WasHome}/AppServer/java/jre directory, however, the value may vary by environment (e.g. It may be ${WasHome}/AppServer/java/8.0/jre in the environment).
- Save your changes to the properties file.
- Create the PdPerm.properties file:
cd wp_profile_root/ConfigEngine.
./ConfigEngine.sh run-svrssl-config -Dwp.ac.impl.PDAdminPwd=foo -DWasPassword=foo
If the configuration task fails, validate the values in wkplc_comp.properties.
The following files are created:
- PdPerm.properties
Located in the directory path specified for the wp.ac.impl.PDPermPath parameter.
- pdperm.ks
Located in the directory path specified for the wp.ac.impl.PDKeyPath parameter.