You can configure the Java Authorization Contract for Containers (JACC) provider for Tivoli Access Manager to deliver authentication and authorization protection for your applications or for authentication only. Most deployments that use the JACC provider for Tivoli Access Manager to configure Tivoli Access Manager provide both authentication and authorization functionality.
If you want Tivoli Access Manager to provide authentication, but leave authorization as part of WebSphere Application Server's native security, add the com.tivoli.pd.as.amwas.DisableAddAuthorizationTableEntry=true property to the amwas.amjacc.template.properties file. The file is located in the profile_root/config/cells/cell_name directory.
After this property is set, perform the tasks for setting Tivoli Access Manager Security, as documented.
You can configure the JACC provider for Tivoli Access Manager using either the WebSphere Application Server administrative console or the wsadmin command-line utility.
The JACC configuration files are not common across multiple WebSphere Application profiles. The following property setting is added to the profile_root/config/cells/cell_name/amwas.amjacc.template.properties file to specify the location of the JACC configuration for each profile.
com.tivoli.pd.as.jacc.CommonFileLocation=USER_INSTALL_ROOT/etc/pdThe wsadmin command is available to reconfigure the Java Authorization Contract for Containers (JACC) Tivoli Access Manager interface:
$AdminTask reconfigureTAM -interactive
This
command effectively prompts you through the process of unconfiguring the interface
and then reconfiguring it.