+

Search Tips   |   Advanced Search


Remove Tivoli Access Manager

After you have installed and used IBM Tivoli Access Manager, you may find that you no longer require its use. You can then remove it from the WebSphere Portal environment and restore authentication capabilities to IBM WAS and authorization capabilities to WebSphere Portal.

To remove Tivoli Access Manager from the WebSphere Portal environment. After performing this procedure, the following changes occur:

In a clustered environment, perform the following steps on all nodes.

  1. Perform the following steps, from the admin console, if you configured Tivoli Access Manager for authentication:

    1. Depending on your version of WAS, make the appropriate selection from the navigation:

      • For WAS v6.1:

        Click Security > Secure administration, applications, and infrastructure. Then under Authentication click Web security > Trust association.

      • For WAS v7:

        Click Security > Global security. Then click Web and SIP security > Trust association.

    2. Deselect the Enable trust association check box.

    3. Click OK; then click Save.

    4. Cycle server1.

  2. Optional: Perform the following steps if you configured Tivoli Access Manager for authorization:

    1. Change the enableExternalization property to false in Access Control Config Service. This will prevent the Externalize/Internalize icon from appearing in the Administrative Access portlet once Tivoli Access Manager is removed.

    2. Use either the Resource Permissions portlet or the XML configuration interface to internalize any resources managed by Tivoli Access Manager.

    3. Edit the services.properties file found in the profile_root/PortalServer/config/config directory; find the value com.ibm.wps.services.ac.ExternalAccessControlService, and change it to com.ibm.wps.ac.impl.ExternalAccessControlDefaultImpl.

  3. Optional: To remove the credential vault adapter and its associated segments if you configured it for Tivoli Access Manager:

    1. Use the Credential Vault portlet to remove any segments added since installation.

      Do not remove DefaultAdminSegment.

    2. Remove the Vault.AccessManager Credential Vault Adapter implementation properties; including class, config, manager, and readonly; from the Credential Vault Service configuration.

      The systemcred.dn property cannot be removed.

    3. Remove the accessmanagervault.properties file from the profile_root/PortalServer/config/config directory.

  4. Optional: If you enabled user provisioning, go to Disable user provisioning.

  5. Optional: If you changed the login and logout pages, restore the backup copy of the /installedApps/hostname/wps.ear/wps.war/themes/html/theme_name/ToolBarInclude.jsp file that is located in the subdirectory of each theme.

  6. Optional: Remove all junction points, access control lists (ACLs), protected objectspace entries (POS entries), custom actions, and custom action groups.

  7. Optional: Run the following unconfigure task to remove the connection to Tivoli Access Manager:

    Option Description
    Windows ConfigEngine.bat run-svrssl-unconfig -DWasPassword=password -Dwp.ac.impl.PDAdminPwd=password from the profile_root/ConfigEngine directory.
    UNIX ./ConfigEngine.sh run-svrssl-unconfig -DWasPassword=password -Dwp.ac.impl.PDAdminPwd=password from the profile_root/ConfigEngine directory.
    i5/OS ConfigEngine.sh run-svrssl-unconfig -DWasPassword=password -Dwp.ac.impl.PDAdminPwd=password from the profile_root/ConfigEngine directory.

  8. If necessary, uninstall any Tivoli Access Manager components.


Parent topic:

Configure Tivoli Access Manager