WebSphere Portal, Express Beta Version 6.1
Operating systems: i5/OS, Linux,Windows

 

Configuring the Credential Vault adapter for Tivoli Access Manager

You can use IBM® Tivoli® Access Manager for e-business in the IBM WebSphere® Portal Express Credential Vault service. WebSphere Portal Express includes a vault adapter to access the Tivoli Access Manager Global Sign-on (GSO) lockbox. Any existing Tivoli resource or resource credentials can be used in your portlets that access the credential vault service without any additional configuration. In addition, the credential vault service and credential vault management portlet can create new or update existing GSO lockbox entries.

Note: Users who are storing credentials in the accessmanagervault.properties file must be defined in Tivoli Access Manager as global signon (GSO) users.

Perform the following steps to configure the Tivoli Access Manager vault adapter that is packaged with WebSphere Portal:

  1. Use a text editor to open the wkplc_comp.properties file, located in the following directory:

    Option Description
    Windows wp_profile\ConfigEngine
    Linux wp_profile/ConfigEngine
    i5/OS profiles/wp_profile/ConfigEngine

  2. Enter only the following parameters in the wkplc_comp.properties file under the AMJRTE connection parameters heading:

    1. For wp.ac.impl.PDAdminId, enter the user ID for the administrative Tivoli Access Manager user.

    2. For wp.ac.impl.PDAminPwd, enter the password for the administrative Tivoli Access Manager user.

    3. For wp.ac.impl.PDPermPath, enter the location of the Tivoli Access Manager AMJRTE properties file.

  3. Save your changes to the wkplc_comp.properties file.

  4. Run the following validation task:

    Option Description
    Windows ConfigEngine.bat validate-pdadmin-connection -Dwp.ac.impl.PDAminPwd=password from the wp_profile\ConfigEngine directory
    Linux ./ConfigEngine.sh validate-pdadmin-connection -Dwp.ac.impl.PDAminPwd=password from the wp_profile/ConfigEngine directory
    i5/OS ConfigEngine.sh -profileName profile_root validate-pdadmin-connection -Dwp.ac.impl.PDAminPwd=password from the profiles/wp_profile/ConfigEngine directory, where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal Express is installed.

  5. Run the following task to create and populate the PortalServer_root/shared/app/config/accessmanagervault.properties file:

    Option Description
    Windows ConfigEngine.bat enable-tam-vault -Dwp.ac.impl.PDAminPwd=password from the wp_profile\ConfigEngine directory
    Linux ./ConfigEngine.sh enable-tam-vault -Dwp.ac.impl.PDAminPwd=password from the wp_profile/ConfigEngine directory
    i5/OS ConfigEngine.sh -profileName profile_root enable-tam-vault -Dwp.ac.impl.PDAminPwd=password from the profiles/wp_profile/ConfigEngine directory

  6. Perform the following steps to stop and restart the server1 and WebSphere_Portal servers:

    1. Open a command prompt and change to the following directory:

      • Windows: wp_profile_root\bin

      • Linux: wp_profile_root/bin

      • i5/OS: wp_profile_root/bin

    2. Enter the following command to stop the WebSphere Application Server:

      • Windows: stopServer.bat server1 -user admin_userid -password admin_password

      • Linux: ./stopServer.sh server1 -user admin_userid -password admin_password

      • i5/OS: stopServer server1 -profileName profile_root -user admin_userid -password admin_password where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal Express is installed; for example, wp_profile.

    3. Enter the following command to stop the WebSphere_Portal server:

      • Windows: stopServer.bat WebSphere_Portal -user admin_userid -password admin_password

      • Linux: ./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password

      • i5/OS: stopServer WebSphere_Portal -profileName profile_root -user admin_userid -password admin_password

    4. Enter the following command to start the WebSphere Application Server:

      • Windows: startServer.bat server1

      • Linux: ./startServer.sh server1

      • i5/OS: startServer server1 -profileName profile_root

    5. Enter the following command to start the WebSphere_Portal server:

      • Windows: startServer.bat WebSphere_Portal

      • Linux: ./startServer.sh WebSphere_Portal

      • i5/OS: startServer WebSphere_Portal -profileName profile_root

  7. Optional: Use the WebSphere Application Server encoding mechanism to mask the passwords in the production version of the file. The accessmanagervault.properties file contains the Tivoli Access Manager administrative password in the pdpw property. Refer to Application Server has an encoding mechanism to mask the passwords and remove all comments from the production versions of properties files."> Password masking for information.
Parent topic: Configuring Tivoli Access Manager
Library | Support | Terms of use |