Configure the JACC provider for Tivoli Access Manager using the wsadmin utility

Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Scripting for security > Configure security with scripting

Configure the JACC provider for Tivoli Access Manager using the wsadmin utility

We can use the wsadmin utility to configure Tivoli Access Manager security for WAS.
Verify that all the managed servers, including node agents, are started. The following configuration is performed once on the dmgr server. The configuration parameters are forwarded to managed servers, including node agents, when a synchronization is performed. The managed servers require their own restart for the configuration changes to take effect.

Procedure

Start WAS.

Start the wsadmin.sh command-line utility.
cd WAS_HOME/bin

At the wsadmin.sh prompt, run:
$AdminTask configureTAM -interactive

Configuration tasks

Property Default Command Description
WAS node * configureTAM
reconfigureTAM
unconfigureTAM

Specify a single node or enter an asterisk (*) to run the configuration task on all of the appserver instances including the dmgr, node agents, and servers.
TAM Policy Server Default port: 7135 configureTAM
reconfigureTAM

The TAM policy server and the connection port. Use the format, policy_server : port. The policy server communication port is set at the time of TAM configuration.
TAM Authorization Server Default port: 7136 configureTAM
reconfigureTAM

Enter the name, port, and priority of each configured TAM authorization server. Use the format auth_server : port : priority. The authorization server communication port is set at the time of TAM configuration. We can specify more than one authorization server by separating the entries with commas. Having more than one authorization server configured is useful for failover and performance. The priority value is the order of authorization server use. For example: auth_server1:7136:1,auth_server2:7137:2. A priority of 1 is still required when you use a single authorization server.
WAS administrator DN configureTAM
reconfigureTAM

Enter the full distinguished name of the security primary administrator ID for WAS as created in Create the security administrative user for TAM. For example: cn=wasadmin,o=organization,c=country
TAM user registry distinguished name suffix configureTAM
reconfigureTAM

Enter the suffix that we have set up in the user registry to contain the user and groups for TAM. For example: o=organization,c=country
TAM administrator's user name sec_master configureTAM
reconfigureTAM
unconfigureTAM

Enter the TAM administration user ID that you created when you configured TAM. This ID is usually sec_master.
TAM administrator's user password configureTAM
reconfigureTAM
unconfigureTAM

Enter the password that is associated with the TAM administration user ID.
TAM security domain Default configureTAM
reconfigureTAM

The TAM security domain used to store users and groups. If a security domain is not already established at the time of TAM configuration, click Return to accept the default.
Embedded TAM listening port set 8900:8999 configureTAM
reconfigureTAM

WAS needs to listen on a TCP/IP port for authorization database updates from the policy server. More than one process can run on a particular node and machine so a list of ports is required for the processes. Enter the ports that are used as listening ports by TAM clients, separated by a comma. If you specify a range of ports, separate the lower and higher values by a colon. For example, 7999, 9990:9999.
Defer No configureTAM
reconfigureTAM
unconfigureTAM

Set this option to yes to defer the configuration of the management server until the next restart. Set the option to no if you want the configuration of the management server to occur immediately. Managed servers are configured on their next restart.
Force No reconfigureTAM
unconfigureTAM

Set this value to yes to ignore errors during the unconfiguration process and allow the entire process to complete. Set the value to no if you want errors to stop the unconfiguration process. This option is especially useful if the environment needs to be cleaned up and problems are occurring that do not allow the entire cleanup process to complete successfully.

When all information is entered, select F to save the configuration properties or C to cancel from the configuration process and discard entered information.

What to do next
Now enable the JACC provider for TAM - see the Enabling the JACC provider for TAM article for more information.
Configure the JACC provider for TAM
Create the security administrative user for TAM
Enable the JACC provider for TAM

Related

TAM JACC provider configuration

+
Search Tips | Advanced Search

Property	Default	Command	Description
WAS node	*	configureTAM reconfigureTAM unconfigureTAM	Specify a single node or enter an asterisk (*) to run the configuration task on all of the appserver instances including the dmgr, node agents, and servers.
TAM Policy Server	Default port: 7135	configureTAM reconfigureTAM	The TAM policy server and the connection port. Use the format, policy_server : port. The policy server communication port is set at the time of TAM configuration.
TAM Authorization Server	Default port: 7136	configureTAM reconfigureTAM	Enter the name, port, and priority of each configured TAM authorization server. Use the format auth_server : port : priority. The authorization server communication port is set at the time of TAM configuration. We can specify more than one authorization server by separating the entries with commas. Having more than one authorization server configured is useful for failover and performance. The priority value is the order of authorization server use. For example: auth_server1:7136:1,auth_server2:7137:2. A priority of 1 is still required when you use a single authorization server.
WAS administrator DN		configureTAM reconfigureTAM	Enter the full distinguished name of the security primary administrator ID for WAS as created in Create the security administrative user for TAM. For example: cn=wasadmin,o=organization,c=country
TAM user registry distinguished name suffix		configureTAM reconfigureTAM	Enter the suffix that we have set up in the user registry to contain the user and groups for TAM. For example: o=organization,c=country
TAM administrator's user name	sec_master	configureTAM reconfigureTAM unconfigureTAM	Enter the TAM administration user ID that you created when you configured TAM. This ID is usually sec_master.
TAM administrator's user password		configureTAM reconfigureTAM unconfigureTAM	Enter the password that is associated with the TAM administration user ID.
TAM security domain	Default	configureTAM reconfigureTAM	The TAM security domain used to store users and groups. If a security domain is not already established at the time of TAM configuration, click Return to accept the default.
Embedded TAM listening port set	8900:8999	configureTAM reconfigureTAM	WAS needs to listen on a TCP/IP port for authorization database updates from the policy server. More than one process can run on a particular node and machine so a list of ports is required for the processes. Enter the ports that are used as listening ports by TAM clients, separated by a comma. If you specify a range of ports, separate the lower and higher values by a colon. For example, 7999, 9990:9999.
Defer	No	configureTAM reconfigureTAM unconfigureTAM	Set this option to yes to defer the configuration of the management server until the next restart. Set the option to no if you want the configuration of the management server to occur immediately. Managed servers are configured on their next restart.
Force	No	reconfigureTAM unconfigureTAM	Set this value to yes to ignore errors during the unconfiguration process and allow the entire process to complete. Set the value to no if you want errors to stop the unconfiguration process. This option is especially useful if the environment needs to be cleaned up and problems are occurring that do not allow the entire cleanup process to complete successfully.