<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed Materials - Property of IBM, 5724-E76, (C) Copyright IBM Corp. 2004 - All Rights reserved.
# ESM configuration actions
-->
<!--
#
# TASK definitions used for External Security Managers
#
-->
<!--
####################################################################
# Name: enable-tam-all
#
# Description: task to enable every portal integration point with Tivoli Access Manager,
# including Single Sign On (WAS TAI), portal authorization, and credential vault
#
# Usage: call to enable TAI, authorization and vault to TAM
#
# Syntax: WPSconfig.{bat | sh} enable-tam-all
#
# Inputs: from wpconfig.properties:
# EACserverName reorderRoles JunctionType
# EACcellName PDAdminId JunctionPoint
# EACappName PDPermPath WebSealInstance
#
# TAICreds WebSealUser (for tcp junctions)
# WebSealHost BaUserName (for ssl junctions)
# WebSealPort BaPassword (for ssl junctions)
#
# PDRoot PDAction PDActionGroup
# PDCreateAcl vaultType vaultProperties
# manageResources readOnly
#
# WpsHostName (set to fully qualified hostname)
# WpsHostPort
# PDAdminPw
#
# Assumptions: TAM AMJRTE SvrSslCfg command has been run
# WAS and portal security has been enabled
#
# Error conditions: none, if assumptions are met
#
####################################################################
-->
<target name="enable-tam-all" depends="action-is-security-enabled">
<fail unless="WasSecurityEnabled" message="Security is NOT enabled. Cannot continue" />
<antcall target="enable-tam-tai" />
<antcall target="enable-tam-authorization" />
<antcall target="action-esm-tam-update-vaultservice" />
</target>
<!--
####################################################################
# Name: enable-sm-all
#
# Description: task to enable every portal integration point with Netegrity SiteMinder,
# including Single Sign On (WAS TAI), and portal authorization
#
# Usage: call to enable TAI and Authorization to SiteMinder
#
# Syntax: WPSconfig.{bat | sh} enable-sm-all
#
# Inputs: from wpconfig.properties
# EACserverName reorderRoles EACcellName EACappName
# SMConfigFile SMDomain SMScheme SMAgent
# SMAgentPw SMAdminId SMAdminPw SMUserDir
# SMFailover SMServers
#
# Assumptions: WAS and portal security has been enabled
# Netegrity TAI and SDK installed and available to Portal
#
# Error conditions: none if assumtions are met
#
####################################################################
-->
<target name="enable-sm-all" depends="action-is-security-enabled">
<fail unless="WasSecurityEnabled" message="Security is NOT enabled. Cannot continue" />
<antcall target="enable-sm-tai" />
<antcall target="enable-sm-authorization" />
</target>
<!--
####################################################################
# Name: enable-tam-tai
#
# Description: task to enable and configure Single Sign On using the WebSEAL TAI. This task also creates
# a junction of types tcp or ssl via TAM AMJRTE calls for portal access
#
# Usage: call to enable only external authentication to TAM
#
# Syntax: WPSconfig.{bat | sh} enable-tam-tai
#
# Inputs: from wpconfig.properties
# PDAdminId JunctionPoint JunctionType
# PDAdminPw PDPermPath WebSealInstance
# TAICreds WebSealHost WebSealPort
# WpsHostName (set to fully qualified hostname)
# WpsHostPort
# WebSealUser (for tcp junctions)
# BaUserName (for ssl junctions)
# BaPassword (for ssl junctions)
#
#
# Assumptions: TAM AMJRTE SvrSslCfg command has been run
# WAS and portal security has been enabled
#
# Error conditions:
#
####################################################################
-->
<target name="enable-tam-tai" depends="action-is-security-enabled" >
<fail unless="WasSecurityEnabled" message="Security is NOT enabled. Cannot continue" />
<antcall target="action-create-webseal-junction" />
<antcall target="action-create-webseal-tai" />
</target>
<!--
####################################################################
# Name: enable-sm-tai
#
# Description: to enable and configure the WebSphere Application Server administrative console with
# Netegrity SiteMinder TAI
#
# Usage: call to only enable Single Sign On with Netregrity SiteMinder ONLY
#
# Syntax: WPSconfig.{bat | sh} enable-sm-tai
#
# Inputs: from wpconfig.properties
# SMConfigFile
#
# Assumptions: WAS and portal security has been enabled
# SiteMinder TAI installed to WAS directory structure
#
#
# Error conditions:
#
####################################################################
-->
<target name="enable-sm-tai" depends="action-is-security-enabled,validate-smtai-available" >
<fail unless="WasSecurityEnabled" message="Security is NOT enabled. Cannot continue" />
<antcall target="action-create-sm-tai" />
</target>
<!--
####################################################################
# Name: enable-tam-authorization
#
# Description: to enable and configure webSphere Portal to use TAM as an external
# authorization engine
#
# Usage: If you want to be able to maintain Portal role memberships in TAM
#
# Syntax: WPSconfig.{bat | sh} enable-tam-authorization
#
# Inputs: from wpconfig.properties
# EACserverName reorderRoles
# EACcellName PDAdminId
# EACappName PDPermPath
# PDRoot PDAction
# PDActionGroup PDCreateAcl
#
#
# Assumptions: TAM AMJRTE SvrSslCfg command has been run
# WAS and Portal security has been enabled
#
# Error conditions: incorrect TAM username and pw
#
####################################################################
-->
<target name="enable-tam-authorization" depends="action-is-security-enabled, validate-pdadmin-connection">
<fail unless="WasSecurityEnabled" message="Security is NOT enabled. Cannot continue" />
<antcall target="action-create-tam-jaas" />
<antcall target="action-esm-tam-update-callbackheaderslist" />
<antcall target="action-esm-tam-update-services" />
<antcall target="action-esm-tam-update-externalaccesscontrolservice" />
<antcall target="action-esm-update-static-files" />
</target>
<!--
####################################################################
# Name: enable-sm-authorization
#
# Description: to enable and configure webSphere Portal to use Netegrity SiteMinder as an external
# authorization engine
#
# Usage: If you want to be able to maintain Portal role memberships in SiteMinder
#
# Syntax: WPSconfig.{bat | sh} enable-sm-authorization
#
# Inputs: from wpconfig.properties
# EACserverName reorderRoles EACcellName EACappName
# SMDomain SMScheme SMAgent SMAgentPw
# SMAdminId SMAdminPw SMUserDir SMFailover
# SMServers
#
# Assumptions: WAS and portal security has been enabled, SiteMinder SDK installed
# and added to WAS/WPS classpath
#
# Error conditions:
#
####################################################################
-->
<target name="enable-sm-authorization" depends="action-is-security-enabled,validate-smsdk-available" >
<fail unless="WasSecurityEnabled" message="Security is NOT enabled. Cannot continue" />
<antcall target="action-create-sm-jaas" />
<antcall target="action-esm-sm-update-callbackheaderslist" />
<antcall target="action-esm-sm-update-services" />
<antcall target="action-esm-sm-update-externalaccesscontrolservice" />
<antcall target="action-esm-update-static-files" />
</target>
<!--
####################################################################
# Name: enable-tam-vault
#
# Description: configures portal to use the AccessManager41VaultAdapter, writing TAM rsrc and rsrccred
# objects to the GSO lockbox
#
# Usage: if you want to maintain credentials in TAM
#
# Syntax: WPSconfig.{bat | sh} enable-tam-vault
#
# Inputs: from wpconfig.properties
# PDAdminId vaultType vaultProperties
# PDAdminPw manageResources readOnly
# PDPermPath
#
# Assumptions: TAM AMJRTE SvrSslCfg command has been run
# WAS and portal security has been enabled
#
# Error conditions:
#
####################################################################
-->
<target name="enable-tam-vault" depends="action-is-security-enabled" >
<fail unless="WasSecurityEnabled" message="Security is NOT enabled. Cannot continue" />
<antcall target="action-esm-tam-update-vaultservice" />
</target>
<!--
####################################################################
# Name: validate-pdadmin-connection
#
# Description: verifies connectivity between TAM and Portal
#
# Usage: to verify prerequisite component
#
# Syntax: WPSconfig.{bat | sh} validate-pdadmin-connection
#
# Inputs: from wpconfig.properties
# PDAdminId
# PDAdminPw
# PDPermPath
#
# Assumptions: TAM AMJRTE SvrSslCfg command has been run
# WAS and portal security has been enabled
#
# Error conditions: SvrSslCfg has not been run
# incorrect username, password, or properties file
#
####################################################################
-->
<target name="validate-pdadmin-connection" depends="init">
<taskdef name="checkpdadmin" classname="com.ibm.wps.config.esm.PDAdminCheckConnectionTask" classpath="${WpsInstallLocation}/bin/esmtools.jar"/>
<checkpdadmin adminUser="${PDAdminId}" adminPw="${PDAdminPw}" url="file:${PDPermPath}" />
</target>
<!--
####################################################################
# Name: validate-smsdk-available
#
# Description: verifies the Netegrity SiteMinder SDK has been installed and
# is available to Portal
#
# Usage: to verify prerequisite component
#
# Syntax: WPSconfig.{bat | sh} validate-smsdk-available
#
# Inputs: none
#
# Assumptions: none
#
# Error conditions: if the required classes are not available
#
####################################################################
-->
<target name="validate-smsdk-available" >
<available classname="com.netegrity.sdk.apiutil.SmApiException" property="foundsmsdk" />
<fail message="SM SDK classes not available" unless="foundsmsdk" />
<echo message="Is the SM SDK available? ${foundsmsdk} " />
</target>
<!--
####################################################################
# Name: validate-smtai-available
#
# Description: verifies the Netegrity SiteMinder TAI has been installed and
# is available to WAS
#
# Usage: to verify prerequisite component
#
# Syntax: WPSconfig.{bat | sh} validate-smtai-available
#
# Inputs: none
#
# Assumptions: none
#
# Error conditions: if the required classes are not available
#
####################################################################
-->
<target name="validate-smtai-available" >
<available classname="com.netegrity.siteminder.websphere.tai.SiteMinderTrustAssociationInterceptor" property="foundsmtai" />
<fail message="SM TAI classes not available" unless="foundsmtai" />
<echo message="Is the SM TAI available? ${foundsmtai} " />
</target>
<!--
####################################################################
# Name: run-svrssl-config
#
# Description: runs the TAM AMJRTE SvrSslCfg command to configure the SSL link between
# WAS/WPS and Tivoli Access Manager
#
# Usage: to run the SvrSslCfg command
#
# Syntax: WPSconfig.{bat | sh} run-svrssl-config
#
# Inputs: from wpconfig.properties
# PDServerName
# PDAdminId
# PDAdminPw
# PDPermPath
# SvrSslCfgPort
# SvrSslCfgMode
# PDPolicyServerList
# PDAuthzServerList
# PDKeyPath
#
# Assumptions: AMJRTE has been installed and available to WAS.
#
# Error conditions: TAM Policy or Authorization server not found
# incorrect username or password for TAM admin user
#
####################################################################
-->
<target name="run-svrssl-config" depends="validate-pdjrte-available" >
<antcall target="action-run-pdjrte-config" />
<validateHost hostname="${PDPolicyServerList}" />
<validateHost hostname="${PDAuthzServerList}" />
<echo message="Command to run is: java com.tivoli.pd.jcfg.SvrSslCfg -action config -admin_id ${PDAdminId} -admin_pwd ${PDAdminPw} -appsvr_id ${PDServerName} -port ${SvrSslCfgPort} -mode ${SvrSslCfgMode} -policysvr ${PDPolicyServerList} -authzsvr ${PDAuthzServerList} -cfg_file ${PDPermPath} -key_file ${PDKeyPath}" />
<java classname="com.tivoli.pd.jcfg.SvrSslCfg" failonerror="true" fork="true" >
<jvmarg value="-Dfile.encoding=${file.encoding}" />
<jvmarg value="${jvmArgForZos}" />
<arg value="-action" />
<arg value="config" />
<arg value="-admin_id" />
<arg value="${PDAdminId}" />
<arg value="-admin_pwd" />
<arg value="${PDAdminPw}" />
<arg value="-appsvr_id" />
<arg value="${PDServerName}" />
<arg value="-port" />
<arg value="${SvrSslCfgPort}" />
<arg value="-mode" />
<arg value="${SvrSslCfgMode}" />
<arg value="-policysvr" />
<arg value="${PDPolicyServerList}" />
<arg value="-authzsvr" />
<arg value="${PDAuthzServerList}" />
<arg value="-cfg_file" />
<arg value="${PDPermPath}" />
<arg value="-key_file" />
<arg value="${PDKeyPath}" />
</java>
</target>
<!--
Backup Targets for ESM configuration actions
-->
<target name="action-run-pdjrte-config" depends="init">
<!--
<property environment="env" />
-->
<validateHost hostname="${TamHost}" />
<echo message="Command to run is: java com.tivoli.pd.jcfg.PDJrteCfg -action config -host ${TamHost} -was -cfgfiles_path ${JavaHome}/jre" />
<java classname="com.tivoli.pd.jcfg.PDJrteCfg" failonerror="true" fork="true" >
<classpath>
<pathelement location="${JavaHome}/jre/lib/ext/PD.jar" />
<pathelement location="${JavaHome}/jre/lib/ext/ibmjceprovider.jar" />
<pathelement location="${JavaHome}/jre/lib/ext/ibmpkcs.jar" />
</classpath>
<jvmarg value="-Djava.ext.dirs" />
<jvmarg value="-Dpd.home=${JavaHome}/jre/PolicyDirector" />
<jvmarg value="-Dfile.encoding=${file.encoding}" />
<jvmarg value="${jvmArgForZos}" />
<arg value="-action" />
<arg value="config" />
<!--
<arg value="-java_home" />
<arg value="${JavaHome}/jre" />
-->
<arg value="-host" />
<arg value="${TamHost}" />
<arg value="-was" />
<arg value="-cfgfiles_path" />
<arg value="${JavaHome}/jre" />
</java>
</target>
<target name="validate-pdjrte-available" >
<available classname="com.tivoli.pd.jcfg.SvrSslCfg" property="foundPdJrte" />
<echo message="Is the SvrSslCfg Application available? ${foundPdJrte} " />
<fail message="PDJRTE classes not available" unless="foundPdJrte" />
</target>
<target name="run-svrssl-unconfig" depends="init" >
<validateHost hostname="${PDPolicyServerList}" />
<echo message="Command to run is: java com.tivoli.pd.jcfg.SvrSslCfg -action unconfig -admin_id ${PDAdminId} -admin_pwd ${PDAdminPw} -appsvr_id ${PDServerName} -policysvr ${PDPolicyServerList} -cfg_file ${PDPermPath}" />
<java classname="com.tivoli.pd.jcfg.SvrSslCfg" failonerror="true" fork="true" >
<jvmarg value="-Dfile.encoding=${file.encoding}" />
<jvmarg value="${jvmArgForZos}" />
<arg value="-action" />
<arg value="unconfig" />
<arg value="-admin_id" />
<arg value="${PDAdminId}" />
<arg value="-admin_pwd" />
<arg value="${PDAdminPw}" />
<arg value="-appsvr_id" />
<arg value="${PDServerName}" />
<arg value="-policysvr" />
<arg value="${PDPolicyServerList}" />
<arg value="-cfg_file" />
<arg value="${PDPermPath}" />
</java>
</target>
<target name="action-create-webseal-tai" depends="init,start-admin-server" >
<wsadmin properties="${work.dir}/was/jacl.properties"
script="${config.dir}/was/wp_zOs_modifyTai.jacl"
user="${WasUserid}"
password="${WasPassword}"
conntype="SOAP"
failonerror="yes">
<arg value="${WpsInstallLocation}"/>
</wsadmin>
</target>
<target name="action-create-sm-tai" depends="init,start-admin-server" >
<wsadmin properties="${work.dir}/was/jacl.properties"
script="${config.dir}/was/wp_zOs_modifyTaism.jacl"
user="${WasUserid}"
password="${WasPassword}"
conntype="SOAP"
failonerror="yes">
<arg value="${WpsInstallLocation}"/>
</wsadmin>
</target>
<target name="action-create-tam-jaas" depends="init,start-admin-server" >
<wsadmin properties="${work.dir}/was/jacl.properties"
script="${config.dir}/was/wp_zOs_modifyJAAS.jacl"
user="${WasUserid}"
password="${WasPassword}"
conntype="SOAP"
failonerror="yes">
<arg value="${WpsInstallLocation}"/>
</wsadmin>
</target>
<target name="action-create-sm-jaas" depends="init,start-admin-server" >
<wsadmin properties="${work.dir}/was/jacl.properties"
script="${config.dir}/was/wp_zOs_modifyJAASsm.jacl"
user="${WasUserid}"
password="${WasPassword}"
conntype="SOAP"
failonerror="yes">
</wsadmin>
</target>
<target name="action-create-webseal-junction" depends="validate-pdadmin-connection">
<taskdef name="createjunction" classname="com.ibm.wps.config.esm.CreateWebSealJunctionTask" classpath="${WpsInstallLocation}/bin/esmtools.jar"/>
<createjunction type="${JunctionType}" hostName="${WpsHostName}" port="${WpsHostPort}" creds="${TAICreds}" junctionPoint="${JunctionPoint}" websealServerName="${WebSealInstance}" username="${PDAdminId}" password="${PDAdminPw}" pdUrl="file:${PDPermPath}" baUserName="${BaUserName}" baPassword="${BaPassword}" />
</target>
<target name="action-esm-update-acconfigservice" >
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config/services" includes="AccessControlConfigService.properties"/>
<setvariable name="accessControlConfig.enableExternalization" value="true"/>
</editfile>
</target>
<target name="action-esm-update-acdatamanagementservice" >
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config/services" includes="AccessControlDataManagementService.properties"/>
<setvariable name="accessControlDataManagement.cacheTimeout" value="300"/>
</editfile>
</target>
<target name="action-esm-update-acdatamanagementservice-reorder-rolenames" >
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config/services" includes="AccessControlDataManagementService.properties"/>
<setvariable name="accessControlDataManagement.reorderRoleNames" value="${reorderRoles}"/>
</editfile>
</target>
<target name="action-esm-update-configservice" >
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config/services" includes="AuthenticationService.properties"/>
<setvariable name="authentication.execute.portal.jaas.login" value="true"/>
</editfile>
</target>
<target name="action-esm-update-configservice-remove" >
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config/services" includes="AuthenticationService.properties"/>
<setvariable name="authentication.execute.portal.jaas.login" value="false"/>
</editfile>
</target>
<target name="action-esm-tam-update-services" >
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config" includes="services.properties"/>
<setvariable name="com.ibm.wps.services.ac.ExternalAccessControlService" value="com.ibm.wps.ac.esm.TAMExternalAccessControlImpl"/>
</editfile>
</target>
<target name="action-esm-sm-update-services" >
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config" includes="services.properties"/>
<setvariable name="com.ibm.wps.services.ac.ExternalAccessControlService" value="com.ibm.wps.ac.esm.SiteMinderExternalAccessControlImpl"/>
</editfile>
</target>
<target name="action-esm-tam-update-callbackheaderslist">
<!-- we must create the file first (temporarily?) -->
<concat destfile="${WpsInstallLocation}/shared/app/config/callbackheaderslist.properties" >#temp file created by ESM configuration task
</concat>
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config" includes="callbackheaderslist.properties"/>
<setvariable name="header.1" value="iv-user"/>
<setvariable name="header.2" value="iv-creds"/>
</editfile>
</target>
<target name="action-esm-sm-update-callbackheaderslist">
<!-- we must create the file first (temporarily?) -->
<concat destfile="${WpsInstallLocation}/shared/app/config/callbackheaderslist.properties" >#temp file created by ESM configuration task
</concat>
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config" includes="callbackheaderslist.properties"/>
<setvariable name="header.1" value="sm_serversessionid"/>
<setvariable name="header.2" value="sm_serversessionspec" />
</editfile>
</target>
<target name="action-esm-tam-update-externalaccesscontrolservice">
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config/services" includes="ExternalAccessControlService.properties"/>
<setvariable name="externalaccesscontrol.pdroot" value="${PDRoot}"/>
<setvariable name="externalaccesscontrol.ready" value="true"/>
<setvariable name="externalaccesscontrol.createAcl" value="${PDCreateAcl}"/>
<setvariable name="externalaccesscontrol.pduser" value="${PDAdminId}"/>
<setvariable name="externalaccesscontrol.pdpw" value="${PDAdminPw}"/>
<setvariable name="externalaccesscontrol.pdurl" value="file:${PDPermPath}"/>
<setvariable name="externalaccesscontrol.pdaction" value="${PDAction}"/>
<setvariable name="externalaccesscontrol.pdactiongroup" value="${PDActionGroup}"/>
<setvariable name="externalaccesscontrol.server" value="${EACserverName}"/>
<setvariable name="externalaccesscontrol.cell" value="${EACcellName}"/>
<setvariable name="externalaccesscontrol.application" value="${EACappName}"/>
</editfile>
<antcall target="action-esm-update-acdatamanagementservice-reorder-rolenames" />
</target>
<target name="action-esm-sm-update-externalaccesscontrolservice">
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config/services" includes="ExternalAccessControlService.properties"/>
<setvariable name="externalaccesscontrol.domainname" value="${SMDomain}"/>
<setvariable name="externalaccesscontrol.ready" value="true"/>
<setvariable name="externalaccesscontrol.scheme" value="${SMScheme}"/>
<setvariable name="externalaccesscontrol.agentname" value="${SMAgent}"/>
<setvariable name="externalaccesscontrol.agentsecret" value="${SMAgentPw}"/>
<setvariable name="externalaccesscontrol.admin" value="${SMAdminId}"/>
<setvariable name="externalaccesscontrol.password" value="${SMAdminPw}"/>
<setvariable name="externalaccesscontrol.userdir" value="${SMUserDir}"/>
<setvariable name="externalaccesscontrol.failover" value="${SMFailover}"/>
<setvariable name="externalaccesscontrol.servers" value="${SMServers}"/>
<setvariable name="externalaccesscontrol.server" value="${EACserverName}"/>
<setvariable name="externalaccesscontrol.cell" value="${EACcellName}"/>
<setvariable name="externalaccesscontrol.application" value="${EACappName}"/>
</editfile>
<antcall target="action-esm-update-acdatamanagementservice-reorder-rolenames" />
</target>
<target name="action-esm-tam-update-AMVaultWiz">
<!-- we must create the file first -->
<concat destfile="${WpsInstallLocation}/shared/app/config/${vaultProperties}" >#file created by ESM configuration task
</concat>
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config" includes="${vaultProperties}"/>
<setvariable name="pduser" value="${PDAdminId}"/>
<setvariable name="pdpw" value="${PDAdminPw}"/>
<setvariable name="pdurl" value="file:${PDPermPath}" />
</editfile>
<echo message="properties added to ${vaultProperties} successfully" />
</target>
<target name="action-esm-tam-update-vaultservice" depends="validate-pdadmin-connection">
<property file="${WpsInstallLocation}/shared/app/config/services/VaultService.properties"/>
<condition property="tamVaultAlreadyExists">
<contains string="${types}" substring=",${vaultType}" />
</condition>
<fail message="${vaultType} vault type already configured. No action taken" if="tamVaultAlreadyExists" />
<editfile>
<fileset dir="${WpsInstallLocation}/shared/app/config/services" includes="VaultService.properties"/>
<!-- TO DOcheck for exising vaults using the com.ibm.wps.sso.AccessManager41VaultAdapter class -->
<!-- installshield gets existing value for vaults as ${existingVaults}, and makes sure no other AM41 vault adapterss are cfgd..ugh -->
<setvariable name="types" value="${types},${vaultType}" />
<!-- if it doesn;t exist, append the following -->
<setvariable name="${vaultType}.vaultadapter" value="com.ibm.wps.services.credentialvault.AccessManager41VaultAdapter"/>
<setvariable name="${vaultType}.config" value="${vaultProperties}"/>
<setvariable name="${vaultType}.manageresources" value="${manageResources}" />
<setvariable name="${vaultType}.readonly" value="${readOnly}" />
</editfile>
<echo message="${vaultType} added to VaultService.properties successfully" />
<antcall target="action-esm-tam-update-AMVaultWiz" />
</target>
<target name="action-esm-update-static-files">
<antcall target="action-esm-update-acdatamanagementservice" />
<antcall target="action-esm-update-acconfigservice" />
<antcall target="action-esm-update-acdatamanagementservice" />
<antcall target="action-esm-update-configservice"/>
</target>
<!-- DISABLE JAAS -->
<target name="action-disable-jaas-temp" if="isJAASEnabled" >
<echo message="Updating JAAS execution for this task only"/>
<antcall target="stop-portal-server" />
<antcall target="action-esm-update-configservice-remove" />
<antcall target="start-portal-server" />
</target>
<!-- EnABLE JAAS -->
<target name="action-enable-jaas-temp" if="isJAASEnabled" >
<echo message="Restoring JAAS execution for this task only"/>
<antcall target="stop-portal-server" />
<antcall target="action-esm-update-configservice" />
<antcall target="start-portal-server" />
</target>
<target name="enable-tam-userprov" >
<property file="${WpsInstallLocation}/shared/app/config/services/AuthenticationService.properties" />
<condition property="isJAASEnabled">
<equals arg1="true" arg2="${authentication.execute.portal.jaas.login}" />
</condition>
<echo message="isJAASEnabled=${isJAASEnabled}" />
<antcall target="action-disable-jaas-temp" />
<xmlaccess user="${PortalAdminId}" password="${PortalAdminPwd}" url="http://${WpsHostName}:${WpsHostPort}/${WpsContextRoot}/config" srcfile="${WpsInstallLocation}/config/work/TAMUserProv.xml" />
<antcall target="action-enable-jaas-temp" />
</target>
<target name="disable-tam-userprov" >
<property file="${WpsInstallLocation}/shared/app/config/services/AuthenticationService.properties" />
<condition property="isJAASEnabled">
<equals arg1="true" arg2="${authentication.execute.portal.jaas.login}" />
</condition>
<echo message="isJAASEnabled=${isJAASEnabled}" />
<antcall target="action-disable-jaas-temp" />
<xmlaccess user="${PortalAdminId}" password="${PortalAdminPwd}" url="http://${WpsHostName}:${WpsHostPort}/${WpsContextRoot}/config" srcfile="${WpsInstallLocation}/config/work/TAMUserProvDelete.xml" />
<antcall target="action-enable-jaas-temp" />
</target>
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.
Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.