Use external security managers in a cluster


Overview

Configure external security managers after completing all other setup, including ensuring that the WebSphere Portal cluster is functional and verifying systems requirement.

When setting up security in a cluster to use an external security manager, review and, if required, perform the security configuration on each node in the cluster...

If you make any changes to the external security manager configuration after initially setting it up, first make the changes in the wkplc_comp.propreties on the primary node of the cluster. If additional nodes exist in the cluster, ensure that any changes you make to wkplc_comp.properties on the primary node are propagated to other nodes in the cluster.

Run the validate-pdadmin-connection task on each node in the cluster. If it fails, run run-svrssl-config before attempting to run validate-pdadmin-connection again.

Note that the parameter...

.in wkplc_comp.properties represents an individual configured AMJRTE connection to TAM, and each node in the cluster must have a unique value before running run-svrssl-config.

If you are using an external Web server, additional configuration is required before running any task to configure an external security manager with a WebSphere Portal cluster. Edit wkplc_comp.properties on each node, and ensure that the values for properties...

.are set to the backend server host name and port number you are using for Web server.

Ensure that the WebSEAL Trust Association Interceptor (TAI) parameters, found in wkplc_comp.properties, are the same on each node in the cluster. If you run a configuration task at a later time that overwrites the WebSEAL junction, the WAS TAI properties are not automatically updated, so manually ensure that all nodes are using the same parameters. To manually ensure the nodes are the same, use the Deployment Manager administrative console and navigate to...

Enter the file location specified by the wp.ac.impl.PDPermPath parameter in wkplc_comp.properties. This property indicates the location of the TAM AMJRTE properties file (PdPerm.properties). In a cluster composed of nodes with different OSs, the location of the PdPerm.properties file might differ, depending on the node.

This value can be set globally for all cluster members by using the com.ibm.websphere.security.webseal.configURL property, accessed in the Deployment Manager administrative console by clicking...

Because the Deployment Manager security configuration is not sensitive to each node's filesystem type, the value for the configURL property must be resolved on each node as specified in the administrative console.

To ensure that the location of the PdPerm.properties file is properly specified, use one of the following approaches:


eTrust SiteMinder cluster considerations

Ensure that you have installed and validated the eTrust SiteMinder binaries on each node in the cluster.

If you are only using eTrust SiteMinder for authentication, install and validate the Application Server Agent.

If you are using eTrust SiteMinder for authentication and authorization, both the Application Server Agent and the SDK must be installed and validated.


Parent

Cluster considerations

 


+

Search Tips   |   Advanced Search