Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authorizing access to resources > Authorizing access to Java EE resources using Tivoli Access Manager > Enable an external JACC provider

Configure Tivoli Access Manager as the JACC provider

1. Create the security administrative user for Tivoli Access Manager

2. Start all managed servers, including node agents.

3. Click...
   Security | Global security | External authorization providers | General properties | External authorization using a JACC provider | Related items | External JACC provider | Additional properties | Tivoli Access Manager Properties

4. Enter the following information...

   Enable embedded Tivoli Access Manager

   Enable Tivoli Access Manager.

   Ignore errors during embedded Tivoli Access Manager disablement

   Unconfigure the JACC provider. Do not select this option during configuration.

   Client listening port set

   TAM TCP/IP client ports used by WAS to listen for authorization database updates from policy servers. Use commas and colons as delimiters.

   7999, 9990:9999

   Policy server

   Tivoli Access Manager policy server and port. Default is 7135.

   policy_server:port

   Authorization servers

   Tivoli Access Manager authorization server. Default is 7136.

   auth_server:port:priority

   A priority value of 1 is required when configuring against a single authorization server. To set priority values...

   auth_server1:7136:1
   auth_server2:7137:2

   Administrator user name

   TAM admin user name. Default is sec_master.

   Administrator user password

   TAM administrator password.

   User registry distinguished name suffix

   DN suffix for the user registry shared between TAM and WAS...

   o=foo, c=us

   Security domain

   TAM security domain that stores WAS users and groups. TAM can contain more than one security domain, each with its own administrative user, users, groups and other objects. If a TAM security domain is not established, leave the value as Default.

   Administrator user distinguished name

   Full DN of the WAS security administrator ID...

   cn=wasdmin, o=organization, c=country

   Must match Server user ID for the realm definition on the LDAP User Registry panel...

   Security | Global security | User account repository | Standalone LDAP registry | Configure

5. Click OK to save the configuration properties.

   WAS completes the following actions...

   • Validates the configuration parameters.

   • Configures the host server or cell manager.

   These processes might take some time depending on network traffic or the speed of your machine.

6. Synchronize changes

7. Restart dmgr, appservers, and node agents

What to do next

Related

Create the security administrative user for TAM
TAM JACC provider configuration
TAM JACC provider settings
JACC provider configuration properties for TAM
Disable embedded TAM client
Configure the JACC provider for TAM using the wsadmin utility
Disable embedded TAM client using wsadmin
Enable an external JACC provider

+

Search Tips   |   Advanced Search