Tivoli Access Manager JACC provider configuration
Configure the Java Authorization Contract for Containers (JACC) provider for TAM to deliver authentication and authorization protection for the applications or for authentication only. Most deployments that use the JACC provider for TAM to configure TAM provide both authentication and authorization functionality.
If we want TAM to provide authentication, but leave authorization as part of WAS's native security, add the property...
com.tivoli.pd.as.amwas.DisableAddAuthorizationTableEntry=true...to the file...
$WP_PROFILE/config/cells/cell_name/amwas.amjacc.template.propertiesConfigure the JACC provider for TAM using either...
The JACC configuration files for TAM that are common across multiple WAS profiles are created by default under...
$WAS_HOME/java/jreWhen we install WAS, we are given permissions to read and write to the files in this directory.
On *nix systems, profiles created by users who are different to the user that installed WAS have read-only permissions for this directory. This situation is not ideal because configuration of the JACC provider for TAM fails in these situations. To avoid this situation, edit...
$WP_PROFILE/config/cells/cell_name/amwas.amjacc.template.properties...and add...
com.tivoli.pd.as.jacc.CommonFileLocation=/new/location...where new location is a fully qualified directory name.
This property applies read and write permissions to the java/jre directory.
To unconfigure the JACC TAM interface and then reconfigure it...
$AdminTask reconfigureTAM -interactive
Related tasks
Enable embedded TAM
Set the JACC provider for TAM
Set the JACC provider for TAM using the wsadmin utility
Set the JACC provider for TAM