Set the JACC provider for Tivoli Access Manager using the wsadmin utility

Set the JACC provider for Tivoli Access Manager using the wsadmin utility

+
Search Tips | Advanced Search

Use the wsadmin utility to configure Tivoli Access Manager security for WAS.
Verify that all the managed servers, including node agents, are started.
The following configuration is performed once on the dmgr server. The configuration parameters are forwarded to managed servers, including node agents, when a synchronization is performed. The managed servers require their own restart for the configuration changes to take effect.

Start WAS.
Start wsadmin
cd APP_ROOT/bin
./wsadmin.sh

At the wsadmin prompt...

$AdminTask configureTAM -interactive

You are prompted to enter the following information:

Option Description
WAS node name Specify a single node or enter an asterisk (*) to choose all nodes including the deployment manager.
TAM Policy Server Enter the name of the TAM policy server and the connection port. Use the format...
policy_server : port

The policy server communication port is set at the time of TAM configuration. The default port is 7135.
TAM Authorization Server Enter the name of the TAM authorization server.
Use the format...
auth_server : port : priority

The authorization server communication port is set at the time of TAM configuration. The default port is 7136. More than one authorization server can be specified by separating the entries with commas. Having more than one authorization server configured is useful for failover and performance. The priority value is the order of authorization server use. For example:
auth_server1:7136:1,auth_server2:7137:2

A priority of 1 is still required when configuring against a single authorization server.
WAS administrator's distinguished name Enter the full distinguished name of the WAS security administrator ID, as created in Create the security admin user for TAM. For example:
cn=wasadmin,o=organization,c=country

TAM user registry distinguished name suffix For example:
o=organization,c=country

TAM administrator's user name Enter the TAM administration user ID, as created at the time of TAM configuration. This ID is usually, sec_master.
TAM administrator's user password Enter the password for the TAM administrator.
TAM security domain Enter the name of the TAM security domain used to store users and groups. If a security domain is not already established at the time of TAM configuration, click Return to accept the default.
Embedded TAM listening port set WAS needs to listen on a TCP/IP port for authorization database updates from the policy server. More than one process can run on a particular node and machine so a list of ports is required for the processes. Enter the ports that are used as listening ports by TAM clients, separated by a comma. If we specify a range of ports, separate the lower and higher values by a colon. For example...
7999, 9990:9999

Defer Set to yes, this option defers the configuration of the management server until the next restart. Set to no, configuration of the management server occurs immediately. Managed servers are configured on their next restart.

When all information is entered, select F to save the configuration properties or C to cancel from the configuration process and discard entered information.

Next steps
Enable the JACC provider for TAM

Related tasks
Set the JACC provider for TAM
Create the security admin user for TAM

Related
TAM JACC provider configuration

Option	Description
WAS node name	Specify a single node or enter an asterisk (*) to choose all nodes including the deployment manager.
TAM Policy Server	Enter the name of the TAM policy server and the connection port. Use the format... policy_server : port The policy server communication port is set at the time of TAM configuration. The default port is 7135.
TAM Authorization Server	Enter the name of the TAM authorization server. Use the format... auth_server : port : priority The authorization server communication port is set at the time of TAM configuration. The default port is 7136. More than one authorization server can be specified by separating the entries with commas. Having more than one authorization server configured is useful for failover and performance. The priority value is the order of authorization server use. For example: auth_server1:7136:1,auth_server2:7137:2 A priority of 1 is still required when configuring against a single authorization server.
WAS administrator's distinguished name	Enter the full distinguished name of the WAS security administrator ID, as created in Create the security admin user for TAM. For example: cn=wasadmin,o=organization,c=country
TAM user registry distinguished name suffix	For example: o=organization,c=country
TAM administrator's user name	Enter the TAM administration user ID, as created at the time of TAM configuration. This ID is usually, sec_master.
TAM administrator's user password	Enter the password for the TAM administrator.
TAM security domain	Enter the name of the TAM security domain used to store users and groups. If a security domain is not already established at the time of TAM configuration, click Return to accept the default.
Embedded TAM listening port set	WAS needs to listen on a TCP/IP port for authorization database updates from the policy server. More than one process can run on a particular node and machine so a list of ports is required for the processes. Enter the ports that are used as listening ports by TAM clients, separated by a comma. If we specify a range of ports, separate the lower and higher values by a colon. For example... 7999, 9990:9999
Defer	Set to yes, this option defers the configuration of the management server until the next restart. Set to no, configuration of the management server occurs immediately. Managed servers are configured on their next restart.