Portal, Express Beta Version 6.1 Operating systems: i5/OS, Linux,Windows

Configuring Tivoli Access Manager

IBM^® WebSphere^® Portal Express supports the use of IBM Tivoli^® Access Manager for e-business. Existing Tivoli Access Manager users can leverage the commonly used Tivoli Access Manager services to assist them in their deployment.

• WebSEAL Single Signon (SSO) for authentication
• Protected Object Space and Access Control List Management for authorization
• Global Sign-on (GSO) lockbox credential vault integration
• Automatic user provisioning from WebSphere Portal Express self-registration to Tivoli Access Manager

Perform the following tasks to configure Tivoli Access Manager:

• Configuring Tivoli Access Manager for authentication, authorization, and the Credential Vault
  This file explains how to configure authentication, authorization, and the vault adapter together.
• Configuring Tivoli Access Manager to perform authentication only
  IBM WebSphere Portal Express runs on IBM WebSphere Application Server, which can use Trust Association Interceptors (TAIs) to provide third-party authentication. WebSphere Portal Express and WebSphere Application Server support a TAI that is provided by Tivoli. If you use Tivoli Access Manager to perform authorization for WebSphere Portal Express, also use Tivoli Access Manager to perform the authentication. Using Tivoli Access Manager to perform only authorization is not supported.
• Configuring Tivoli Access Manager to perform authorization
  You can configure IBM Tivoli Access Manager for e-business to perform authorization as an independent task from configuring Tivoli Access Manager to perform authentication, but configure both tasks. Using Tivoli Access Manager to perform only authorization is not supported.
• Configuring the Credential Vault adapter for Tivoli Access Manager
  You can use IBM Tivoli Access Manager for e-business in the IBM WebSphere Portal Express Credential Vault service. WebSphere Portal Express includes a vault adapter to access the Tivoli Access Manager Global Sign-on (GSO) lockbox. Any existing Tivoli resource or resource credentials can be used in your portlets that access the credential vault service without any additional configuration. In addition, the credential vault service and credential vault management portlet can create new or update existing GSO lockbox entries.
• Enabling user provisioning
  When users are created in WebSphere Portal Express, they are not automatically imported into Tivoli Access Manager. Enabling automatic user provisioning to Tivoli Access Manager changes this behavior. Once this feature is enabled, users are automatically imported into Tivoli Access Manager whenever they are created in WebSphere Portal Express. When user provisioning to Tivoli Access Manager, anyone with access to the public URL can become an active user in Tivoli Access Manager as long as the self-registration feature remains enabled.
• Removing the Credential Vault adapter
  If you no longer require the use of the credential vault adapter that you created, you can remove it from your configuration.
• Verifying Tivoli Access Manager is working
  After configuring Tivoli Access Manager, you should verify that it is working properly before continuing with any additional configuration tasks.
• Removing Tivoli Access Manager from the WebSphere Portal Express environment
  This file explains how to remove IBM Tivoli Access Manager for e-business from the IBM WebSphere Portal Express environment.
• Disabling user provisioning
  After enabling and using the user provisioning feature within IBM Tivoli Access Manager for e-business, you can disable the feature.