IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Enable user authentication

IBM Tivoli Monitoring, Version 6.3 Fix Pack 2


Authentication through the Tivoli Enterprise Monitoring Automation Server

The Tivoli Enterprise Monitoring Automation Server extends the hub monitoring server by providing the Open Services Lifecycle Collaboration Performance Monitoring (OSLC-PM) service provider. The service provider registers monitoring resources such as computer systems, software servers, and databases with the Jazz for Service Management Registry Services component and also responds to HTTP GET requests for resource health metrics from OSLC clients.

By default the Performance Monitoring service provider does not authenticate HTTP GET requests from OSLC clients. If you want the Performance Monitoring service provider to authenticate these requests, install and configure the Security Services component of Jazz for Service Management. Security Services enables non-WebSphere based applications such as the Performance Monitoring service provider to participate in Lightweight Third Party Authentication (LTPA) based single sign-on. Registry Services and Security Services must be installed into the same WebSphere Application Server. They should also be configured to use the same LDAP user registry as the OSLC client applications and be configured for single sign-on.

Registry Services and Security Services and the OSLC client applications must be in the same the Internet and Intranet domain, for example mycompany.com, or one of its sub-domains. They also must be configured to use the same realm name which is set when configuring a WebSphere Application Server to use a LDAP repository.

To configure Registry Services and Security Services for single sign-on, generate the LTPA key for the application server where they are installed, export the key, and then import the LTPA key into the OSLC client applications that will be sending HTTP GET requests to the Performance Monitoring service provider. See "Configuring Jazz for Service Management for a central user registry" and "Configuring Jazz for Service Management for SSO" in the Jazz for Service Management Information Center. These chapters contain instructions for configuring Registry Services and Security Services to use an LDAP user registry and generating and exporting their LTPA key.

The Performance Monitoring service provider must be configured to use Security Services to authenticate OSLC client requests by setting the Tivoli Enterprise Monitoring Automation Server KAS_SECURITY_SERVICES_ENABLED environment variable to YES and restarting the automation server.

When the Performance Monitoring service provider receives a HTTP GET request from an OSLC client, it forwards the LTPA token to Security Services to authenticate the request. If the request does not contain a LTPA token, or Security Services indicates that the token is not valid or has expired, the Performance Monitoring service provider returns a HTTP 401 status code to indicate that the request could not be authenticated.

The Performance Monitoring service provider uses basic authentication when it sends requests to Registry Services so LTPA tokens are not involved in the service provider's resource registration interactions.


Parent topic:

Enable user authentication

+

Search Tips   |   Advanced Search