Operating Systems: i5/OS
Personalize the table of contents and search results
Create a trusted user account in Tivoli Access Manager
Tivoli Access Manager trust association interceptors require the
creation of a trusted user account in the shared LDAP user registry.
Overview
This account includes the ID and password that WebSEAL uses to identify
itself to WebSphere Application Server. To prevent potential vulnerabilities,
do not use the sec_master ID as the trusted user account and ensure that the
password you use is unique and generated randomly. Use the trusted user account
for the TAI or TAI++ only.
Procedure
- Use either the Tivoli Access Manager pdadmin command-line utility
or Web Portal Manager to create the trusted user. For example, from the pdadmin command
line.
- Reference the code listed below as an example for creating a trusted
user account.
- Reference the following additional resources for more information:
- Configuring WebSEAL for use with WebSphere Application Server
- Configuring Tivoli Access Manager plug-in for Web servers for use with
WebSphere Application Server
Example
pdadmin> user create webseal_userid webseal_userid_DN firstname
surname password
pdadmin> user modify webseal_userid account-valid yes
}
Related tasks
Configuring single sign-on capability with Tivoli Access Manager or
WebSEAL
|