Operating Systems: i5/OS
Personalize the table of contents and search results
Enable an external JACC provider
Use this topic to enable an external JACC provider using the administrative
console.
The Java Authorization Contract for Containers (JACC) defines
a contract between J2EE containers and
authorization providers. This contract enables any third-party authorization
providers to plug into a J2EE 1.4 application server, such as WebSphere Application
Server to make the authorization decisions when a J2EE resource is accessed.
Procedure
- From the WebSphere Application Server administrative
console, click Security > Secure administration, applications, and infrastructure
> External authorization providers.
- Under Related items, click External JACC provider.
- The fields are set for Tivoli Access Manager by default. If you
do not plan to use Tivoli Access Manager as the JACC provider, replace these
fields with the details for your own external JACC provider.
- If any custom properties are required by the JACC provider, click Custom
properties under Additional properties and enter the properties.
When using the Tivoli Access Manager, use the Tivoli Access Manager
properties link instead of the Custom properties link. For more information,
see Configuring the JACC provider for Tivoli Access Manager using the administrative
console.
- On the External authorization providers panel, select the External
authorization using a JACC provider option and click OK.
- Complete the remaining steps to enable security.
If you are using Tivoli Access Manager, select LDAP as the
user registry and use the same LDAP server. For more information on configuring
LDAP registries, see Configuring Lightweight Directory Access Protocol user registries.
- Verify that all of the changes
are synchronized across all nodes. For more information, see Synchronizing nodes with the wsadmin tool
- In a multinode environment, stop
and start the deployment manager configuration. Issue the following commands
on the Qshell command line:
profile_root/bin/stopManager
-username user_name
-password password
profile_root/bin/startManager
- Restart all servers to make these changes effective.
}
Configuring the JACC provider for Tivoli Access Manager using the administrative
console
Administering security users and roles with Tivoli Access Manager
Configuring Tivoli Access Manager groups
Configuring additional authorization servers
Logging Tivoli Access Manager security
Interfaces that support JACC
Enabling the JACC provider for Tivoli Access Manager
Enabling embedded Tivoli Access Manager
Disabling embedded Tivoli Access Manager client using the administrative
console
Forcing the unconfiguration of the Tivoli Access Manager JACC provider
Manually configuring Tivoli Access Manager only for authentication
on Websphere Application Server 6.x
Manually migrating from WebSphere Application Server 5.1 to WebSphere
Application Server 6.x with Tivoli Access Manager enabled on multiple nodes
Manually migrating from WebSphere Application Server 5.1 to WebSphere
Application Server 6.x with Tivoli Access Manager enabled on a stand-alone
server
Related concepts
Authorization providers
Tivoli Access Manager integration as the JACC provider
JACC providers
JACC support in WebSphere Application Server
Related tasks
Authorizing access to J2EE resources using Tivoli Access Manager
Propagating security policy of installed applications to a JACC provider
using wsadmin scripting
Authorizing access to J2EE resources using Tivoli Access Manager
Related Reference
External Java Authorization Contract for Containers provider settings
Interfaces that support JACC
Security authorization provider troubleshooting tips
|