+

Search Tips   |   Advanced Search


Configure the Credential Vault adapter for Tivoli Access Manager

You can use IBM Tivoli Access Manager in the WebSphere Portal Credential Vault service. WebSphere Portal includes a vault adapter to access the Tivoli Access Manager Global Sign-on (GSO) lockbox. Any existing Tivoli resource or resource credentials can be used in your portlets that access the credential vault service without any additional configuration. In addition, the credential vault service and credential vault management portlet can create new or update existing GSO lockbox entries.

Users who are storing credentials in the accessmanagervault.properties file must be defined in Tivoli Access Manager as global signon (GSO) users.

To configure the Tivoli Access Manager vault adapter that is packaged with WebSphere Portal:

In a clustered environment, perform the following steps on each node.

  1. Validate that AMJRTE properties exists:

      profile_root/ConfigEngine
      ./ConfigEngine.sh validate-pdadmin-connection -DWasPassword=password -Dwp.ac.impl.PDAdminPwd=password

    If this task fails, run run-svrssl-config to create the properties file.

    Attempt the validate-pdadmin-connection task again. If this task still fails, do not proceed any further. It indicates that portal can not connect to the TAM server and subsequent tasks will fail.

  2. Create and populate the file...

      profile_root/PortalServer/config/config/accessmanagervault.properties

    ...by running...

      cd profile_root/ConfigEngine
      ./ConfigEngine.sh enable-tam-vault -DWasPassword=password -Dwp.ac.impl.PDAdminPwd=password

    In a clustered environment, WasPassword is the Deployment Manager administrative password.

  3. Stop and start the server1 and WebSphere_Portal servers,

      cd profile_root/bin
      ./stopServer.sh server1 -username admin_userid -password admin_password
      ./stopServer.sh WebSphere_Portal -username admin_userid -password admin_password
      ./startServer.sh server1
      ./startServer.sh WebSphere_Portal

  4. Optional: Use the WS encoding mechanism to mask the passwords in the production version of the file. The accessmanagervault.properties file contains the Tivoli Access Manager administrative password in the pdpw property.


Parent topic:

Configure Tivoli Access Manager


Related tasks


Creating the AMJRTE properties file