Portal, Express Beta Version 6.1 Operating systems: i5/OS, Linux,Windows

Removing Tivoli Access Manager from the WebSphere Portal Express environment

This file explains how to remove IBM^® Tivoli^® Access Manager for e-business from the IBM WebSphere^® Portal Express environment.

Follow these steps to remove IBM Tivoli Access Manager for e-business from the IBM WebSphere Portal Express environment. After performing this procedure, the following changes occur:

• IBM WebSphere Application Server handles authentication for WebSphere Portal Express
• WebSphere Portal Express handles authorization for its resources

1. If you used the credential vault adapter for Tivoli Access Manager, remove the vault adapter and its associated segments. You must perform these steps in the specified order:

   1. Use the Credential Vault portlet to remove any segments added since installation. Note: Do not remove DefaultAdminSegment. See the Credential Vault portlet help for information.
   2. In the Credential Vault Service configuration, remove the Vault.AccessManager Credential Vault Adapter implementation properties, including class, config, manager, and readonly. Note: The systemcred.dn property cannot be removed.
   3. Remove the file named accessmanagervault.properties from the portal_server_root/shared/app/config directory.
2. If you used Tivoli Access Manager for authorization, use the following steps:

   1. Change the authentication.execute.portal.jaas.login property to false in Authentication Service.
   2. Change the enableExternalization property to false in Access Control Config Service. This will prevent the Externalize/Internalize icon from appearing in the Administrative Access portlet once Tivoli Access Manager is removed.
   3. Use either the Resource Permissions portlet or the XML configuration interface to internalize any resources managed by Tivoli Access Manager.
   4. Edit the services.properties file found in the /shared/app/config directory; find the value com.ibm.wps.services.ac.ExternalAccessControlService, and change it to com.ibm.wps.ac.impl.ExternalAccessControlDefaultImpl.
3. If you previously disabled the ability to create users through WebSphere Portal Express, now restore it by re-enabling auto-registration. Restore the backup copy of the /installedApps/hostname/wps.ear/wps.war/themes/html/theme_name/ToolBarInclude.jsp file that is located in the subdirectory of each theme.
4. If you used Tivoli Access Manager for authentication, use the WebSphere Application Server Administrative Console to disable the WebSEAL TAI:

   1. In the WebSphere Application Server Administrative Console, click Security > Global security > Authentication > Authentication mechanisms > LTPA. Click Trust Association under Additional Properties.
   2. Deselect the Trust Association Enabled check box.
   3. Click OK; then click Save.
5. If you enabled user provisioning to Tivoli Access Manager, go to Disabling user provisioning.
6. Restart WebSphere Application Server.
7. Optional: Prepare to manage Tivoli Access Manager resources more efficiently. Remove all junction points, access control lists (ACLs), protected objectspace entries (POS entries), custom actions and custom action groups.
8. Optional: To remove the connection to Tivoli Access Manager, run the run-svrssl-unconfig configuration task to deregister the WebSphere Application Server and WebSphere Portal Express Server Java Virtual Machine (JVM) fromTivoli Access Manager.
9. If necessary, uninstall any Tivoli Access Manager components.