Enable user provisioning
When users are created in WebSphere Portal, they are not automatically imported into Tivoli Access Manager.
Enabling automatic user provisioning to Tivoli Access Manager changes this behavior. Once this feature is enabled, users are automatically imported into Tivoli Access Manager whenever they are created in WebSphere Portal. When user provisioning to Tivoli Access Manager, anyone with access to the public URL can become an active user in Tivoli Access Manager as long as the self-registration feature remains enabled.
There are two ways to create users in WebSphere Portal:
- Self-registration:
This feature is enabled by default.
- Manage Users and Groups portlet:
Administrators can use this portlet to create WebSphere Portal users.
To enable user provisioning within Tivoli Access Manager:
If this is a clustered environment, run the following tasks on each node in the cluster.
- Run...
following validation
to validate that the AMJRTE properties exists:
Option Description Windows ConfigEngine.bat validate-pdadmin-connection -DWasPassword=password -Dwp.ac.impl.PDAdminPwd=password from the profile_root/ConfigEngine directory UNIX ./ConfigEngine.sh validate-pdadmin-connection -DWasPassword=password -Dwp.ac.impl.PDAdminPwd=password from the profile_root/ConfigEngine directory i5/OS ConfigEngine.sh validate-pdadmin-connection -DWasPassword=password -Dwp.ac.impl.PDdAdminPwd=password from the profile_root/ConfigEngine directory.
If this task fails, run the run-svrssl-config task to create the properties file; see "Creating the AMJRTE properties file" for information about running this task. Please attempt the validate-pdadmin-connection task again. If this task still fails, do not proceed any further. It indicates that portal can not connect to the TAM server and subsequent tasks will fail.
- Run...
following
to enable user provisioning:
Option Description Windows ConfigEngine.bat enable-tam-userprov -DWasPassword=password -Dwp.ac.impl.PDAdminPwd=password from the profile_root/ConfigEngine directory. UNIX ./ConfigEngine.sh enable-tam-userprov -DWasPassword=password -Dwp.ac.impl.PDAdminPwd=password from the profile_root/ConfigEngine directory. i5/OS ConfigEngine.sh enable-tam-userprov -DWasPassword=password -Dwp.ac.impl.PDAdminPwd=password from the profile_root/ConfigEngine directory.
- To stop and restart the server1 and WebSphere_Portal servers, where server1 is the name of the WAS and WebSphere_Portal is the name of the WebSphere Portal server:
- Open a command prompt and change to the following directory:
- Windows: profile_root\bin
- UNIX: profile_root/bin
- i5/OS: profile_root/bin
- Enter the following command to stop the WAS:
- Windows: stopServer.bat server1 -username admin_userid -password admin_password
- UNIX: ./stopServer.sh server1 -username admin_userid -password admin_password
- i5/OS: stopServer server1 -username admin_userid -password admin_password
- Enter the following command to stop the WebSphere_Portal server, where WebSphere_Portal is the name of the WebSphere Portal server:
- Windows: stopServer.bat WebSphere_Portal -username admin_userid -password admin_password
- UNIX: ./stopServer.sh WebSphere_Portal -username admin_userid -password admin_password
- i5/OS: stopServer WebSphere_Portal -username admin_userid -password admin_password
- Enter the following command to start the WAS:
- Windows: startServer.bat server1
- UNIX: ./startServer.sh server1
- i5/OS: startServer server1
- Enter the following command to start the WebSphere_Portal server, where WebSphere_Portal is the name of the WebSphere Portal server:
- Windows: startServer.bat WebSphere_Portal
- UNIX: ./startServer.sh WebSphere_Portal
- i5/OS: startServer WebSphere_Portal
Parent topic:
Configure Tivoli Access Manager
Related tasks
Creating the AMJRTE properties file