ibm websphere application server...
TRANSCRIPT
IBM Tivoli Access Manager for e-business
IBM WebSphere ApplicationServer /I8Of> 5.1
S152-0810-00
���
IBM Tivoli Access Manager for e-business
IBM WebSphere ApplicationServer /I8Of> 5.1
S152-0810-00
���
"b
Z9C>JO0d'VDz7.0,kDAZ 101 3D=< B, :yw;PDE"#
Z;f(2003 j 11 B)
>f>JCZ IBM Tivoli Access Manager V5.1.0(z7E 5724-C08)T0yPsx"PfM^)f,1=ZBf>P
mPyw*9#
© Copyright International Business Machines Corporation 2002, 2003. All rights reserved.
?<
0T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii>iDA_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii>iDZ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viivfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
"PE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiBase E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiWeb 2+TE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix*"_N< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix<u9d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x`Xvfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xZ_CJvfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
(z!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii*5m~'V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii>iP9CD<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Ve<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xivYw53Dnp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Z 1 B i\MEv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1+ Tivoli Access Manager k WebSphere Application Server /I . . . . . . . . . . . . . . . . . . 2Java 2 Enterprise Edition yZG+D2+T . . . . . . . . . . . . . . . . . . . . . . . . . 4+weMi3d=G+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4`v WebSphere ~qwD/P_T\m . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Z 2 B 208>E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11m~Z] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11'VD=( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
WebSphere Application Server V5.1 D'V . . . . . . . . . . . . . . . . . . . . . . . . 12ELMZf*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12X8m~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Tivoli Access Manager Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Java Runtime Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
C'"amHvu~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14ST0D"Pf}6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159C20r<xP20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169C>z5CLr20 Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . 18
Z Solaris O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Z AIX O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Z HP-UX O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Z Linux O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Z Windows O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Z 3 B dC}L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25dCu<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Z 1 ?V:* WebSphere Application Server 4( Tivoli Access Manager \mC' . . . . . . . . . . 26Z 2 ?V:tC WebSphere 2+T . . . . . . . . . . . . . . . . . . . . . . . . . . 27Z 3 ?V:dC Access Manager Java Runtime Environment . . . . . . . . . . . . . . . . . . 29Z 4 ?V:Sk2+r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Z 5 ?V a:(F WebSphere 2+ThC - WebSphere V4.0.6 . . . . . . . . . . . . . . . . 31Z 5 ?V b:(F WebSphere 2+ThC - WebSphere V5.0.2 . . . . . . . . . . . . . . . . 33
© Copyright IBM Corp. 2002, 2003 iii
Z WebSphere Application Server V5.1 73PdC Tivoli Access Manager for WebSphere . . . . . . . . . 36Z 1 ?V:* WebSphere Application Server 4( Tivoli Access Manager \mC' . . . . . . . . . . 36Z 2 ?V:Z WebSphere Application Server V5.1 PtC2+T . . . . . . . . . . . . . . . . 37Z 3 ?V:dC Access Manager Java Runtime Environment . . . . . . . . . . . . . . . . . . 37Z 4 ?V:dC Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . 37Z 5 ?V:(F\m_T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
dC=S20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Z A-1 ?V:dC Access Manager Java Runtime Environment . . . . . . . . . . . . . . . . . 39Z A-2 ?V:Sk2+r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Z 4 B (F2+TG+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43gN(F2+TG+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43(F5CLrV^T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46JOoO<I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
9CU>D~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484,S=Q4(D ACL DC' . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48(FLD~{D Windows D~'\ . . . . . . . . . . . . . . . . . . . . . . . . . . 48Web Portal Manager ^(+ ACL ,S=Ts . . . . . . . . . . . . . . . . . . . . . . . 48/fC' [...] G pdwas-admin DI1 . . . . . . . . . . . . . . . . . . . . . . . . . . 48M'zO$ra0=Zx*' . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49(F5CLrD{";PC}7DoTT> . . . . . . . . . . . . . . . . . . . . . . . . 49
Z 5 B \mNq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51WebSphere Advanced Edition Single Server V4.0.6 . . . . . . . . . . . . . . . . . . . . . . . 51Tivoli Access Manager \m$_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528(KP1tT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
dC2,G+_Y:f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52dC/,G+_Y:f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53yZG+D_Tr\N} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
dC=S authorization server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55rXF(mSTs` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56GSO we3dhC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
4(BD&CLrG< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Tivoli Access Manager for WebSphere U>G< . . . . . . . . . . . . . . . . . . . . . . . 609C WebSEAL %;"a= WebSphere Application Server . . . . . . . . . . . . . . . . . . . . 62
=h 1 - Z Tivoli Access Manager P4(IEDC'J' . . . . . . . . . . . . . . . . . . 62=h 2 - 4(= WebSphere Application Server D WebSEAL *a . . . . . . . . . . . . . . . 62=h 3a - 9C TAI * WebSphere Application Server V4.0.6 dC SSO . . . . . . . . . . . . . . 63=h 3b - 9C TAI * WebSphere Application Server V5.0.2 dC SSO . . . . . . . . . . . . . . 63=h 4 - Z WebSEAL PhC SSO \k . . . . . . . . . . . . . . . . . . . . . . . . 64=h 5 - bT WebSEAL ,S . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
JOoO<I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64WebSphere ~qwZdCM(Fs;t/ - vTZ WebSphere Application Server V4.0.6 . . . . . . . . 64WebSphere ~qwZ!{dCs;t/ - vTZ WebSphere Application Server V4.0.6 . . . . . . . . . 65
8] Tivoli Access Manager for WebSphere D~ . . . . . . . . . . . . . . . . . . . . . . . 66
Z 6 B LL:gNtC2+T . . . . . . . . . . . . . . . . . . . . . . . . . . 67LL:CZ Tivoli Access Manager for WebSphere Application Server V4.0.6 . . . . . . . . . . . . . . 67
gN9C>LL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Z 1 ?V:r LDAP C'"ammSC' . . . . . . . . . . . . . . . . . . . . . . . . 68Z 2 ?V:20 Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . 69Z 3 ?V:r WebSphere &CLrmS2+T . . . . . . . . . . . . . . . . . . . . . . 69Z 4 ?V:* WebSphere Application Server 4( Tivoli Access Manager \mC' . . . . . . . . . . 71Z 5 ?V:tC WebSphere 2+T . . . . . . . . . . . . . . . . . . . . . . . . . . 71Z 6 ?V:?p&CLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Z 7 ?V:bTQ?pD&CLrD2+T . . . . . . . . . . . . . . . . . . . . . . . . 73
iv IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
Z 8 ?V:+&CLr(F= Tivoli Access Manager . . . . . . . . . . . . . . . . . . . . 73Z 9 ?V:bTQ?pD&CLrD2+T . . . . . . . . . . . . . . . . . . . . . . . . 75Z 10 ?V:|DG+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75Z 11 ?V:bTQ?pD&CLrD2+T . . . . . . . . . . . . . . . . . . . . . . . 76
LL:CZ Tivoli Access Manager for WebSphere Application Server V5.0.2 . . . . . . . . . . . . . . 76gN9C>LL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Z 1 ?V:r LDAP C'"ammSC' . . . . . . . . . . . . . . . . . . . . . . . . 77Z 2 ?V:20 Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . 78Z 3 ?V:r WebSphere &CLrmS2+T . . . . . . . . . . . . . . . . . . . . . . 78Z 4 ?V:* WebSphere Application Server 4( Tivoli Access Manager \mC' . . . . . . . . . . 80Z 5 ?V:tC WebSphere 2+T . . . . . . . . . . . . . . . . . . . . . . . . . . 80Z 6 ?V:?p&CLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Z 7 ?V:bTQ?pD&CLrD2+T . . . . . . . . . . . . . . . . . . . . . . . . 81Z 8 ?V:+&CLr(F= Tivoli Access Manager . . . . . . . . . . . . . . . . . . . . 82Z 9 ?V:bTQ?pD&CLrD2+T . . . . . . . . . . . . . . . . . . . . . . . . 83Z 10 ?V:|DG+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Z 11 ?V:bTQ?pD&CLrD2+T . . . . . . . . . . . . . . . . . . . . . . . 84
Z 7 B >}Yw8>E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85S Solaris >} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85S Windows >} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86S AIX >} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86S HP-UX >} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86S Linux >} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
=< A. |nN< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89pdwascfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90migrateEAR4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94migrateEAR5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
=< B. yw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Lj . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Jcm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
w} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
?< v
0T
6-9C IBM® Tivoli® Access Manager for WebSphere Application Server(Tivoli Access
Manager for WebSphere)#Kz7)9K Tivoli Access Manager T'V* IBM®
WebSphere™ Application Server x`4D&CLr#
IBM® Tivoli® Access Manager(Tivoli Access Manager)GKP IBM Tivoli Access
Manager z75PPD&CLryhDy!m~#|'V IBM Tivoli Access Manager
&CLrD/I,bya)Ks6'DZ(M\mbv=8#b)z7w*/Ibv
=8v[,|Ga)K;VCJXF\mbv=8,bV=8*gSLq&CLr/
PKxgM&CLr2+_T#
":IBM Tivoli Access Manager GH0"PDF* Tivoli SecureWay® Policy Director
m~DB{F#,y,TZl$ Tivoli SecureWay Policy Director m~MD5DC
',\m~qwVZF* policy server#
6IBM Tivoli Access Manager for WebSphere Application Server /I8O7a)K2
0"dCM\m8>E"#>D59a)KPX* WebSphere &CLrdC/P=2+
_TDLL#
>iDA_
>\m8OD?jC'|(:
v 2+\m1
v xg53\m1
v IT hF&
A_&1l$:
v rXx-i,|( HTTP"TCP/IP"D~+d-i(FTP)M telnet
v ?pM\m WebSphere Application Server 53M&CLr
v 2+\m,|,O$MZ(
g{Z9C2+WSVc(SSL)(E,z9&Cl$ SSL -i"\?;;(+CM(
C)"}V){"\kc(MO$PD#
>iDZ]
>D5|,TBBZ:
v Z 1 B,:i\MEv;
i\K* WebSphere Application Server a)Z(~qD Tivoli Access Manager i
~DEv#
v Z 2 B,:208>E";
hvKgN20 Tivoli Access Manager for WebSphere#
v Z 3 B,:dC}L;
© Copyright IBM Corp. 2002, 2003 vii
hvKgNdC Tivoli Access Manager for WebSphere#
v Z 4 B,:(F2+TG+;
hvKgN9C Tivoli Access Manager for WebSphere (F5CLrT+ Java 2
Enterprise Edition 2+TG+(F= Tivoli Access Manager C'Mi#
v Z 5 B,:\mNq;
hvKgN4P\m Tivoli Access Manager for WebSphere D\mNq#
v Z 6 B,:LL:gNtC2+T;
hvKgN* WebSphere Application Server &CLrmS2+T#2hvKg{+
2+E"(F= Tivoli Access Manager T0gNbTGqQI&tC2+T#
v Z 7 B,:>}Yw8>E";
hvKgN>} Tivoli Access Manager for WebSphere#
vfo
4iT Tivoli Access Manager JOb"X8vfoT0`XvfoDhv47(zI
\O*D)vfoPyoz#Z7(zh*Dvfo.s,kN<PXZ_CJvf
oD8>E"#
XZ IBM Tivoli Access Manager for e-business z7>mD=SE"IZTBX7R
=:
http://www.ibm.com/software/tivoli/products/access-mgr-e-bus/
Tivoli Access Manager JObITV*TB`p:
v :"PE";
v :Base E";
v Z ix 3D:Web 2+TE";
v Z ix 3D:*"_N<;
v Z x 3D:<u9d;
"PE"
v 6IBM Tivoli Access Manager for e-business kHDA7(G152-0804-00)
a)9C Tivoli Access Manager 20Mt/DE"#
v 6IBM Tivoli Access Manager for e-business "P5w7(G152-0805-00)
a)nBE",}gm~V^"d(=(,T0D5|B#
Base E"
v 6IBM Tivoli Access Manager Base 208O7(S152-0806-00)
5wgN20MdC Tivoli Access Manager Base m~,|( Web Portal Manager
SZ#CiG IBM Tivoli Access Manager for e-business Web Security Installation Guide
D;vS/,<Zkd| Tivoli Access Manager z7(g IBM Tivoli Access Manager
for Business Integration M IBM Tivoli Access Manager for Operating Systems);
p9C#
v 6IBM Tivoli Access Manager Base \m8O7(S152-0807-00)
viii IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
hv9C Tivoli Access Manager ~qDEnM}L#a)S Web Portal Manager g
fM(}9C pdadmin |n4PNqD8>E"#
Web 2+TE"
v IBM Tivol i Access Manager for e-business Web Securi ty Instal lat ion
Guide(S152-0808-00)
a)PX Tivoli Access Manager Base m~T0 Web Security i~D20"dCM
>}D8>E"#CiG6IBM Tivoli Access Manager Base 208O7D,/#
v IBM Tivoli Access Manager Upgrade Guide(SC32-1369-00)
5wgNS Tivoli SecureWay Policy Director V3.8 r Tivoli Access Manager DH
0f>}6= Tivoli Access Manager V5.1#
v 6IBM Tivoli Access Manager for e-business WebSEAL \m8O7(S152-0809-00)
a)9C WebSEAL \m2+ Web rDJ4D30JO"\mLr,T0<uN<
E"#
v 6IBM Tivoli Access Manager for e-business IBM WebSphere Application Server /
I8O7(S152-0810-00)
a)CZ+ Tivoli Access Manager k IBM WebSphere® Application Server xP/
ID20">}M\mD8>E"#
v IBM Tivoli Access Manager for e-business IBM WebSphere Edge Server Integration
Guide(SC32-1367-00)
a)CZ+ Tivoli Access Manager k IBM WebSphere Edge Server &CLrxP
/ID20">}M\mD8>E"#
v 6IBM Tivoli Access Manager for e-business Plug-in for Web Servers /I8O7
(S152-0813-00)
a)9C Web ~qwDe~#$ Web r2+D208>E""\mLr,T0<
uN<E"#
v 6IBM Tivoli Access Manager for e-business BEA WebLogic Server /I8O7
(S152-0811-00)
a)CZ+ Tivoli Access Manager k BEA WebLogic Server xP/ID20">
}M\mD8>E"#
v IBM Tivoli Access Manager for e-business IBM Tivoli Identity Manager Provisioning
Fast Start Guide(SC32-1364-00)
a)k+ Tivoli Access Manager M Tivoli Identity Manager /I`XDNqDEv,
"5wgN9CM20 Provisioning Fast Start /O#
*"_N<
v IBM Tivoli Access Manager for e-business Authorization C API Developer
Reference(SC32-1355-00)
a)hvgN9C Tivoli Access Manager Z( C API k Tivoli Access Manager ~
qe~SZ+ Tivoli Access Manager 2+TmS=&CLrPDN<JO#
v IBM Tivoli Access Manager for e-business Authorization Java Classes Developer
Reference(SC32-1350-00)
0T ix
a)9CZ( API D Java™ oT5V'V&CLr9C Tivoli Access Manager 2
+TDN<E"#
v IBM Tivoli Access Manager for e-business Administration C API Developer
Reference(SC32-1357-00)
a)XZ9C\m API 'V&CLr4P Tivoli Access Manager \mNqDN<
E"#>D5hv\m API D C 5V#
v IBM Tivoli Access Manager for e-business Administration Java Classes Developer
Reference(SC32-1356-00)
a)9C\m API D Java oT5V'V&CLr4P Tivoli Access Manager \m
NqDN<E"#
v IBM Tivol i Access Manager for e-bus iness Web Secur i ty Deve loper
Reference(SC32-1358-00)
a)PXgrO$~q(CDAS)"gr3dr\(CDMF)T0\kS?#iD\
mM`LE"#
<u9d
v IBM Tivoli Access Manager for e-business Command Reference(SC32-1354-00)
a)XZf Tivoli Access Manager a)D|nP5CLrME>DE"#
v IBM Tivoli Access Manager Error Message Reference(SC32-1353-00)
a) Tivoli Access Manager yzz{"D5wMFvDYw#
v IBM Tivo l i Acces s Manager for e -bus ines s Prob lem Determina t ion
Guide(SC32-1352-00)
a) Tivoli Access Manager DJb7(DE"#
v 6IBM Tivoli Access Manager for e-business T\w{8O7(S152-0812-00)
a)IxP IBM Tivoli Directory Server(w*C'"am)D Tivoli Access Manager
y9ID73DT\w{E"#
`Xvfo
b;?VPvKk Tivoli Access Manager JOb`XDvfo#
Tivoli Software Library a)K`V Tivoli vfo,}gW$i"}]m"]>"
Redbooks M(f/#Tivoli Software Library ISTB Web >cOq!:
http://www.ibm.com/software/tivoli/library/
Tivoli Software Glossary |,m`k Tivoli m~`XD<uuoD(e#Tivoli Software
Glossary(v"of)ISTB Tivoli Software Library Web 3fOs_D Glossary4Sq!:http://www.ibm.com/software/tivoli/library/
IBM Global Security KitTivoli Access Manager (}9C IBM Global Security Kit(GSKit)V7.0 a)}]S
\#GSKit |,ZT&ZzX(=(D IBM Tivoli Access Manager Base CD T0 IBM
Tivoli Access Manager Web Security CD"IBM Tivoli Access Manager Web Administration
Interfaces CD M IBM Tivoli Access Manager Directory Server CD O#
x IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
GSKit m~|a) iKeyman \?\m5CLr gsk7ikm,|CZ4(\?}]b"+
C-(C\?TT0$iks#TBD5IS Tivoli Information Center Web >cOk
IBM Tivoli Access Manager z7D5`,D?VPR=:
v IBM Global Secur i ty Ki t Secure Sockets Layer and iKeyman User’s
Guide(SC32-1363-00)
*F.Zd Tivoli Access Manager 73PtC SSL (EDxgr532+\m1
a)K`XE"#
IBM Tivoli Directory ServerIBM Tivoli Directory Server V5.2 |,ZT&ZZ{Yw53D IBM Tivoli Access
Manager Directory Server CD O#
":IBM Tivoli Directory Server GH0"PDTB{Fm~DB{F:
v IBM Directory Server(V4.1 M V5.1)
v IBM SecureWay Directory Server(V3.2.2)
IBM Directory Server V4.1"IBM Directory Server V5.1 M IBM Tivoli Directory Server
V5.2 <\= IBM Tivoli Access Manager V5.1 D'V#
XZ IBM Tivoli Directory Server D=SE"IZTBX7R=:
http://www.ibm.com/software/network/directory/library/
IBM DB2 (C}]bIBM DB2® (C}]b™s5~qwf,f> 8.1 Z IBM Tivoli Access Manager
Directory Server CD Oa),"k IBM Tivoli Directory Server m~;p20#Z+
IBM Tivoli Directory Server"z/OS™ r OS/390® LDAP ~qwCw Tivoli Access
Manager DC'"am1,DB2 GXhD#
XZ DB2 D=SE"IZTBX7R=:
http://www.ibm.com/software/data/db2/
IBM WebSphere Application ServerIBM WebSphere Application Server Advanced Single Server Edition 5.0 |,ZT&Z
Z{Yw53D IBM Tivoli Access Manager Web Administration Interfaces CD O#
WebSphere Application Server tCT Web Portal Manager SZ(CZ\m Tivoli Access
Manager)M Web \m$_(CZ\m IBM Tivoli Directory Server)b=_D'V#
IBM WebSphere Application Server Fix Pack 2 2G Tivoli Access Manager yXhD,
"Z IBM Tivoli Access Manager WebSphere Fix Pack CD Oa)#
XZ IBM WebSphere Application Server D=SE"IZTBX7R=:
http://www.ibm.com/software/webservers/appserv/infocenter.html
IBM Tivoli Access Manager for Business IntegrationIBM Tivoli Access Manager for Business Integration w*I%@):Dz7a),* IBM
MQSeries® V5.2 M IBM WebSphere® MQ V5.3 D{"a)K2+Tbv=8#IBM
Tivoli Access Manager for Business Integration Jm WebSphere MQSeries &CLr(
}9Ck"MMSU&CLrX*D\?=\X"Rj{X"M}]#s WebSEAL M
0T xi
IBM Tivoli Access Manager for Operating Systems ;y,IBM Tivoli Access Manager
for Business Integration G9C IBM Tivoli Access Manager ~qDJ4\mw.;#
XZ IBM Tivoli Access Manager for Business Integration D=SE"IZTBX7R
=:
http://www.ibm.com/software/tivoli/products/access-mgr-bus-integration/
TBk IBM Tivoli Access Manager for Business Integration V5.1 `X*DD5IZ
Tivoli Information Center Web >cOqC:
v 6IBM Tivoli Access Manager for Business Integration \m8O7(S152-0085-01)
v 6IBM Tivoli Access Manager for Business Integration Jb7(8O7(G152-0676-00)
v 6IBM Tivoli Access Manager for Business Integration "P5w7(G152-0518-00)
v 6IBM Tivoli Access Manager for Business Integration kHDA7(G152-0675-00)
IBM Tivoli Access Manager for WebSphere BusinessIntegration BrokersIBM Tivoli Access Manager for WebSphere Business Integration Brokers w* IBM Tivoli
Access Manager for Business Integration D;?Vxa),* WebSphere Business
Integration Message Broker V5.0 M WebSphere Business Integration Event Broker V5.0
a)K2+bv=8#IBM Tivoli Access Manager for WebSphere Business Integration
Brokers (}a)yZ\kM>$DO$"/P(eDZ(MsF~q4k Tivoli Access
Manager -,KPT#$ JMS "</$)&CLr#
XZ IBM Tivoli Access Manager for WebSphere Integration Brokers D=SE"IZ
TBX7R=:
http://www.ibm.com/software/tivoli/products/access-mgr-bus-integration/
TBk IBM Tivoli Access Manager for WebSphere Integration Brokers V5.1 `X*D
D5IZ Tivoli Information Center Web >cOqC:
v 6IBM Tivoli Access Manager for WebSphere Business Integration Brokers \m8O7
(S152-0793-00)
v 6IBM Tivoli Access Manager for WebSphere Business Integration Brokers "P5w7
(G152-0794-00)
v 6IBM Tivoli Access Manager for Business Integration kHDA7(G152-0675-00)
IBM Tivoli Access Manager for Operating SystemsIBM Tivoli Access Manager for Operating Systems w*I%@):Dz7qC,}K
a)>zYw53ya)D&\Tb,9a)Z UNIX 53ODZ(_T5)c#IBM
Tivoli Access Manager for Operating Systems s WebSEAL M IBM Tivoli Access Manager
for Business Integration ;y,G9C IBM Tivoli Access Manager ~qDJ4\mw
.;#
XZ IBM Tivoli Access Manager for Operating Systems D=SE"IZTBX7R=:
http://www.ibm.com/software/tivoli/products/access-mgr-operating-sys/
xii IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
TBk IBM Tivoli Access Manager for Operating Systems V5.1 `X*DD5IZ Tivoli
Information Center Web >cOqC:
v 6IBM Tivoli Access Manager for Operating Systems 208O7(S152-0190-00)
v 6IBM Tivoli Access Manager for Operating Systems \m8O7(S152-0571-00)
v 6IBM Tivoli Access Manager for Operating Systems Jb7(8O7(S152-0179-00)
v 6IBM Tivoli Access Manager for Operating Systems "P5w7(G152-0185-00)
v 6IBM Tivoli Access Manager for Operating Systems kHDA7(G152-0186-00)
IBM Tivoli Identity ManagerIBM Tivoli Identity Manager V4.5 w*I%@):Dz7xa),9zIT/P\mC
'(gC'j6M\k)M)&(a)r7zT&CLr"J4rYw53DCJ)#
Tivoli Identity Manager IT(}9C Tivoli Access Manager zmLrxk Tivoli Access
Manager /IZ;p#k*5zD IBM M'zmTq!XZ:rCzmLrD|`E
"#
XZ IBM Tivoli Identity Manager D=SE"IZTBX7R=:
http://www.ibm.com/software/tivoli/products/identity-mgr/
Z_CJvfo
TB Tivoli Software Library PZ_a)>z7DIF2D5q=(PDF)M/r,D
>jGoT(HTML)q=Dvfo:http://www.ibm.com/software/tivoli/library
*ZbPiRz7vfo,k%wb3fs`D Product manuals 4S#;sZ Tivoli
Software Information Center 3fOR="%wz7{F#
z7vfo|("P5w"208O"C'8O"\m18OT0*"_N<s+#
":*7#}7r! PDF vfo,kZ Adobe Acrobat0r!10Z(I(}%wD
~ → r!4T>C0Z)P!qJO3f4!r#
(z!n
(z!n&\ozmePP2(gP*\^FrPSuO-)DC'3{X9CwV
m~z7#TZCz7,zIT9C(z<u4c}"/@gf#2I9C|L!z
sj4Yw<NC'gfDyP&\#
*5m~'V
ZM3;Jb*5 IBM Tivoli m~'V.0,k%w;ZTB Web >cD Tivolisupport 4STCJ IBM Tivoli m~'V>c: http://www.ibm.com/software/support/
g{h*d|oz,rk(}9CTB Web >cD IBM Software Support Guide Py
hvD=(4*5m~'V: http://techsupport.services.ibm.com/guides/handbook.html
C8Oa)KTBE":
v SU'VyhD"aMJqhs
v g0Ek(!vZzyZDzRrXx)
0T xiii
v *5M''V.0&U/D;5PE"
>iP9CD<(
>N<iTX(uoMYwT0@5ZYw53D|nM769CKtI<(#
Ve<(
>N<iP9CKTBVe<(:
Ve QTk\'D>"X|V"N}"!n"Java `{T0TsxVD!4|nr
s!4lO|nyTVeT>#
1e d?"vfojbM&C?wDXb%JrLoyT1eT>#
HmVM
QTk\'D>"53{""C'XkdkDD>T0N}5r|n!n5x
V*4Dzk>}"|nP"A;dv"D~M?<{CHmVM#
Yw53Dnp
>iTZ8(73d?M?<{E9CK UNIX <(#9C Windows |nP1,TZ
73d?kC %variable% f; $variable,"C41\(\)f;?<76PD?v}1
\(/)#g{Z Windows 53O9C bash shell,rIT9C UNIX <(#
xiv IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
Z 1 B i\MEv
IBM Tivoli Access Manager for WebSphere Application Server(Tivoli Access Manager
for WebSphere)G IBM Tivoli Access Manager(Tivoli Access Manager)D)9,|
* IBM WebSphere Application Server &CLra)KyZ]wDZ(M/P=_T\
m#
Tivoli Access Manager for WebSphere 9 Tivoli Access Manager WZ9C,,1*
WebSphere Application Server J4Mk WebSphere Application Server ^XDJ4a
)/P=2+_T\m#
Tivoli Access Manager a)KT+2m]"C'E*D~MZ(zFD\m#Tivoli
Access Manager 2a)K<NC'gf5CLr - Tivoli Access Manager Web Portal
Manager,|IT,1CwJCZ Java™ 2 Enterprise Edition(J2EE)DJ4M;JC
Z J2EE DJ4D%v2+\mc#
WebSphere Application Server 'V J2EE 2+T`M API#Tivoli Access Manager for
WebSphere 'V9C J2EE 2+T`D WebSphere &CLr#;h*T&CLrxP
NN`kr?p|D,Tivoli Access Manager for WebSphere M\a)K'V#
Tivoli Access Manager for WebSphere ITk WebSphere ]w/IZ;p,9|G\
9C Tivoli Access Manager 2+rya)D2+~q#Z20 Tivoli Access Manager
for WebSphere .0,XkH?p2+r#
Tivoli Access Manager DBC'Z?p Tivoli Access Manager 2+r.0,&14i
Tivoli Access Manager 2+#M#K&a)KrLD**#
Tivoli Access Manager G;vj{DZ(Mxg2+_T\mbv=8,|a)KTX
mOV"ZZ?xMb?xODJ4DKTK#$#
Tivoli Access Manager _PnBD2+_T\mDXw#Kb,Tivoli Access Manager
9'VO$"Z("}]2+TMJ4\m\&#+ Tivoli Access Manager kyZr
XxDj<&CLraO9C,I9(_H2+M\m<CDZ?xMb?x#
Tivoli Access Manager ZdKD&a):
v O$r\
Tivoli Access Manager 'V6'c:DO$zF#+Gk"b,Z9C Tivoli Access
Manager for WebSphere .0,WebSphere *4PdTmDO$=h#
v Z(r\
(}j< J2EE Z(`CJD Tivoli Access Manager Z(~qa)KT>z Tivoli
Access Manager ~qwMZ}=&CLrDCJksDJmM\xv_#
(}4iz7D5,zITKbPX Tivoli Access Manager D|`E"(|(xP?
pv_yXhDE")#kSTB8O*<:
v 6IBM Tivoli Access Manager Base 208O7
© Copyright IBM Corp. 2002, 2003 1
K8OhvKgNf."20MdC Tivoli Access Manager 2+r#;5PrW2
0E>9z\lY?p&\j+D2+r#*?p2+r("-M1,b)E>+
G.VPCD#
v 6IBM Tivoli Access Manager Base \m8O7
KD5a)KCZ\m\#$J4D Tivoli Access Manager 2+#MDEv#K8
OhvKgNdCxPCJXFv_D Tivoli Access Manager ~qw#mb,9P
hvgN4PX*Nq,gyw2+_T"(e\#$Ts{FUdM\mC'M
iE*D~Dj88>E"#
+ Tivoli Access Manager k WebSphere Application Server /I
Tivoli Access Manager for WebSphere )9K Tivoli Access Manager 2+#MTcC
Z* IBM WebSphere Application Server 9(D&CLr#2+#MCZTB==:
1C'(we)T<CJ\#$J41,WebSphere 4PTBNq:
v O$we#
v 1Z&CLrD?phv{P8(2+T(ywD2+T)1,WebSphere ]w7(
h*CJJ4DG+,"9C Tivoli Access Manager for WebSphere 47(GqQ
-*10weZ(yhDNNG+#
v 1&CLr*"_Q+2+Tzk1SmS=&CLrP(`L2+T)1,
WebSphere ]w9C Tivoli Access Manager 44PXhDG+I1Jqli#
2 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
m 1 {vKTBB~rP:
1. ZKPxP J2EE 2+TD WebSphere &CLr,"RC'T<CJ\#$J41,
WebSphere 9CC'"am4O$C'#}g,Z< 1 P,WebSphere Advanced
Edition(`~qwf>)TU IBM Directory C'"am4xPO$#k Tivoli
Access Manager 2mC'"am#(TZ WebSphere Advanced Edition Single Server,
rTUyZwzD2+TxPO$#)
2. 1C'ksCJ\#$D=(rJ41,WebSphere ]w9C4T J2EE &CLr
?phv{DE"47(yhDG+I1Jq#
3. WebSphere ]w9C/ID Tivoli Access Manager #i4S Tivoli Access Manager
authorization server ksZ(v_(0QZ(1r0Q\x1)#
g{fZ=SDOBDE",r WebSphere ]w2+|+]x authorization server#
I!DOBDE"|,%*{"wz{M~qw{#g{ Tivoli Access Manager _
T}]b*NNOBDE"8(K_T,r authorization server ITZxPZ(v
_19CKE"#
4. authorization server N<2mDC'"amPD Tivoli Access Manager C'(e#
(}G9C WebSphere Advanced Edition Single Server,qr+k WebSphere ;
p2mC'"am)#authorization server SEN<Z Tivoli Access Manager \#
$Ts{FUdP*8(C'(eDmI(#\#$Ts{FUd|,Z< 1 Py
>D_T}]bP#
< 1. Tivoli Access Manager k WebSphere Application Server ;p?p
Z 1 B i\MEv 3
5. Tivoli Access Manager authorization server +CJv_5X= WebSphere ]w#
6. WebSphere Application Server ITZ(r\xT\#$=(rJ4DCJ#
Java 2 Enterprise Edition yZG+D2+T
Java 2 Enterprise Edition(J2EE)2+T9CweDEn4zm4Pn/D5eDm]#
5eITGK(C')rxL#mb,J2EE 9CgBhvDG+En#
=(3dIG+#Bm4TxP&CLrDy>,C4(eG+M3d=G+D=
(#BmPDu?QZ(m>G+ITCJ8(D=(#
m 1. +=(3d=G+
G+
=(
getBalance deposit closeAccount
Teller QZ( QZ(
Cashier QZ(
Supervisor QZ(
SB4,TO(eDG+IT3d=weM/ri#Bm%*qPDu?wCm>w
eriITwCQZ(xCG+DNN=(#
m 2. weriD=(wCmI(
we/i
G+
Teller Cashier Supervisor
TellerGroup wC
CashierGroup wC
SupervisorGroup
Frank(;vwe,;GT
ONNiDI1)
wC wC
ZOmP,we Frank \wC getBalance M closeAccount =(,+;\wC
deposit =(,r*;P+K=(Z(x Cashier r Supervisor G+#
+weMi3d=G+
Z&CLrKP1.0,KP Tivoli Access Manager for WebSphere (F5CLrT
2k Tivoli Access Manager \#$Ts{FUd#(F5CLrS J2EE &CLr?
phv{qCG+M=(D`XE"#
Z&CLrKP1&,1C'ksCJ\#$DJ41,+r WebSphere ]w+]TB
E":
v Principal
C'QO$Dm]#
v RoleName
G+{F#
v AppName
4 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
&CLr{F#
v CellName
xgOwz53ViD{F#
v HostName
|,Z CellName PDwz53D{F#
v ServerName
HostName w\D~qwD{F#
G+{FGS?phv{P=(=G+D3dPIzx4D#1!ivB,Tivoli Access
Manager DCJliGyZ RoleName M AppName 4PD#IT=cX)9CJ
liT<G CellName"HostName M ServerName#b)5<GI!D,"R;P
(eK|G1ETdxP@@#
Tivoli Access Manager CJXFm(ACL)7(QVdxweD) J2EE &CLrG+#
(F5CLr+ ACL =S=\#$Ts{FUdPD AppName O#
B< 2 {vKTBB~rP:
1. Z&CLrKP1.0,Tivoli Access Manager for WebSphere (F5CLrCJ
J2EE &CLr?phv{4i!PXG+M0G+=we1r0G+=i13dD
E"#
2. (F5CLr+E"*;* Tivoli Access Manager q=,"+|+]x Tivoli Access
Manager policy server#
3. policy server +u?mS=\#$Ts{FUdTm>*&CLr(eDG+#1Z
?phv{P(eK0G+=we1r0G+=i13d1,`&Dweri+m
S=kBTs,SD ACL P#
Z 1 B i\MEv 5
Tivoli Access Manager 2+#M9Cf"Z\#$Ts{FUdPD(e49( ACL
IT,SDJ4cNa9#b) ACL (eKG+=C'riD3d#
B< 3 {vgNIT+ ACL &CZhvG+D\#$Ts{FUd#yP WebSphere
&CLrD\#$Ts{FUdGIF* WebAppServer D%c\#$TsyiID#
WebAppServer TsP;vF* deployedResources DSTs#b=vTs{F;p
d1Z WebSphere &CLrP(eDyP J2EE G+D%c0:#
< 2. +G+3d= Tivoli Access Manager \#$TsUd
6 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
G+ZcNa9DB;6P(e*TG+ RoleName 8(DJ4#CTs}B=Gzm
&CLr AppName DJ4#Z AppName \#$TsBG`vI!DJ4,(eb)
J4IT|+7XFTG+DCJ#I!J4G CellName"HostName M ServerName#
ZOfD< 3 P,ACL 1 Z( user1 ZxgDNN;CDNb&CLrPCJ8(D
RoleName#User2 M group1 Gb=\xDCJ#
Z Tivoli Access Manager 2+#MP,b)CJhCGS\#$TsUdcNa9P
D RoleName B(eDTsLPD#1!ivB+"zKLP#rK,Z< 3 P,C
JhCGSm> AppName/CellName/HostName/ServerName DTsLPD#
P1,2+_T*s;Z ACL ,ScBDTsDCJhCXkkLPDCJhC;,#
ZbVivB,Tivoli Access Manager \m1(e;v|,yhCJhCDB ACL#
SE\m1+B ACL =S=8(XFc&DTs#bvB ACL 2GLPDCJhC#
}g,1&CLrZX(wzDX(~qwODX(%*PKP1,2+_TITf
(;&CZh user1 RoleName mI(#*5)K_T,\m1(e;v^FT|?D
ACL,g< 3 D ACL 2 y>#K ACL \xT user1"user2 M grp1 DCJ#SE
\m1=SK ACL = ServerName Ts,CTsm>CJXk\^FD~qw#
< 3 T>S ACL 2 = ServerName D,S#k"b ACL 2 ;&CZ8(D~qw#
1Z HostName B(eK`v ServerName Ts1,ACL 2 ;&CZ|y,S=D
ServerName Ts#cNa9Db;cPyPd| ServerName TsTILPZ ACL 1P(eDCJhC",S= RoleName#
PXZ\#$Ts{FUdP9C ACL D|`E",kND6IBM Tivoli Access
Manager Base \m8O7#
< 3. + ACL ,S=\#$Ts{FUdPDTs#
Z 1 B i\MEv 7
`v WebSphere ~qwD/P_T\m
Tivoli Access Manager a)K2+_TD/P\m#Tivoli Access Manager IT\m
g`v WebSphere Application Server D2+_T#Kb,Tivoli Access Manager 99
C`,D#M4\mgG WebSphere &CLrD2+T#
Z+ J2EE &CLrD?phv{PhvDG+Mweri3d(F= Tivoli Access
Manager "RQ-r Tivoli Access Manager "aKC'Mi.s,zIT9C Tivoli
Access Manager \m$_\mT2+T(eDx;=|D#9C Tivoli Access Manager
Web Portal Manager 4\mkG+=we/iD3d`XD2+T(ePD|D#9C
WebSphere XF(4xPd|k2+T`XD|D#k"b,(} WebSphere XF(
TG+3dyxPD|D+T Tivoli Access Manager 2+#M;I{#
9CTB Tivoli Access Manager $_4\m2+_T:
v Tivoli Access Manager Web Portal Manager
Web Portal Manager G Tivoli Access Manager \mXF(#KXF(a)K\mZ
Tivoli Access Manager \#$Ts{FUdP(eD Tivoli Access Manager C'"
YwMJ4D<NC'gf#IT9CCXF(44(M\m ACL#XF(2ITC
4\mC'"amPDC'MiD(e#
v pdadmin
pdadmin 5CLrG;vyZ|nPD5CLr,CZ\m Tivoli Access Manager
2+#M#bv&\?sD5CLrITCZ\m Tivoli Access Manager \#$T
s{FUdDwv=f,|(C'"Ts"J4M ACL#,1,pdadmin 9IT\
mC'"amPDC'Miu?#\m1ITZE>rLrP9Cbv5CLr4
T/4P\mNq#
PX|`E",kND6IBM Tivoli Access Manager Base \m8O7#
v Tivoli Access Manager \m API
Tivoli Access Manager * pdadmin M Web Portal Manager 5VD\mNqa)
K`LSZ#&CLr*"_IT9C C r Java API 44PX(Z&CLrD\
mNq#
PX|`E",kND IBM Tivoli Access Manager for e-business Administration C
API Developer Reference r IBM Tivoli Access Manager for e-business Administration
Java Classes Developer Reference#
8 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
O< 4 {vK Tivoli Access Manager g`v WebSphere ~qwD2+T\m#Q-
Zzw A Of WebSphere Application Server 20K Web Portal Manager#pdadmin5CLrT>ZG WebSphere 53zw B O#
Web Portal Manager M pdadmin <9Czw D OD policy server 4\m2+_T#
Tivoli Access Manager authorization server IT20Z@"Z WebSphere 53D53
O#Z< 4 P,zw E w\ WebSphere Application Server#K~qwP;vQ/I
=:pZ(v_D WebSphere ]wD Tivoli Access Manager for WebSphere #i#K
WebSphere ]wSzw F OD Tivoli Access Manager authorization server q!Z(v
_#
authorization server 2IT20Zk WebSphere Application Server `,D53O,g
zw G Oy>#Tivoli Access Manager D&\kZ%@53OD~qwya)D&\
(gzw E Mzw F Oy>)G`,D#ZxPZ(v_1,+ authorization server
k WebSphere Application Server ;p(;+E/T\#(i9CKdC#
< 4. Tivoli Access Manager a)KT`v~qwD/P=\m#
Z 1 B i\MEv 9
k"b,Tivoli Access Manager _T}]bGSzw D 4F=zw F Mzw G D#
K4F+a_T\"a)JO*F\&#
< 4 2T>K Tivoli Access Manager ~qwM WebSphere ~qw2mzw C OD
LDAP C'"am#< 4 Y(9CDG WebSphere Advanced Edition(`~qw)#1
9C WebSphere Advanced Edition Single Server 1,;2mC'"am#
10 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
Z 2 B 208>E"
>B|,TBwb:
v :m~Z];
v :'VD=(;
v Z 12 3D:ELMZf*s;
v Z 12 3D:X8m~;
v Z 14 3D:C'"amHvu~;
v Z 15 3D:ST0D"Pf}6;
v Z 18 3D:9C>z5CLr20 Tivoli Access Manager for WebSphere;
m~Z]
Tivoli Access Manager for WebSphere a)K;vIk WebSphere Application Server
/IDi~,":pG+=we/iDyP3d#
Tivoli Access Manager for WebSphere 9a)K;v(F5CLr,C5CLrIC4
S Java 2 Enterprise Edition(J2EE)?phv{+0G+=we1r0G+=i1D3
d<k Tivoli Access Manager 2+#=#K5CLrITS9ur)9D WebSphere
s5i5(EAR)D~(F}]#
Tivoli Access Manager for WebSphere V"|,TBm~:
v Tivoli Access Manager for WebSphere Java `
v CZ Java `DdCE>,F* pdwascfg
v (F5CLr migrateEAR4 M migrateEAR5
v ]>(F5CLrM Java `DC>Dy>LLzk
'VD=(
PvD WebSphere Application Server Df>ZTB=(O'V Tivoli Access Manager
for WebSphere:
v WebSphere Application Server V4.0.6
– IBM AIX 5.1 M 5.2
– Sun Solaris 8
– HP-UX 11i
– Microsoft Windows 2000 Server M Advanced Server(Service Pack 3)
– IA32 OD SuSE SLES8
v WebSphere Application Server V5.0.2
– IBM AIX 5.1 M 5.2
– Sun Solaris 8 M 9
– HP-UX 11i
© Copyright IBM Corp. 2002, 2003 11
– Microsoft Windows 2000 Server M Advanced Servers(Service Pack 3)
– Windows 2003 Standard Server M Enterprise Server
– IA32 M zSeries OD SuSE SLES8
WebSphere Application Server V5.1 D'V
WebSphere Application Server V5.1 k Tivoli Access Manager for WebSphere ;pr
|a)#TZ9C WebSphere Application Server V5.1 DM',^h20 Tivoli Access
Manager for WebSphere#
9C WebSphere Application Server V5.1 DM'&CvTZ 11 3DZ 2 B, :20
8>E";PD8>E",x4Z 36 3D:Z WebSphere Application Server V5.1 7
3PdC Tivoli Access Manager for WebSphere;PD8>E"Yw#
ELMZf*s
Tivoli Access Manager for WebSphere PTBELMZf*s:
v 64 MB RAM,(i 128 MB#
bG} WebSphere Application Server MNNd| Tivoli Access Manager i~y8
(DZf*sTbmhDZf?#d| Tivoli Access Manager i~yhDZf?+
!vZwz53O20D) Tivoli Access Manager i~#PX|`E",kND
6IBM Tivoli Access Manager Base 208O7#
v 2 MB ELUd,(i 4 MB#
K*s,vK WebSphere Application Server MNNd| Tivoli Access Manager i
~yhDELUd#
v 5 MB ELUd,CZU>D~#
KUd;|(Zm~i~yhDUdZ#
X8m~
TB8Z[v Tivoli Access Manager for WebSphere k WebSphere Application Server
73/IDHvu~#
v :WebSphere Application Server;
v Z 13 3D:Tivoli Access Manager Base;
v Z 14 3D:Java Runtime Environment;
WebSphere Application ServerXkZwz53O20K WebSphere Application Server DTBf>.;,E\20
Tivoli Access Manager for WebSphere:
v IBM WebSphere Application Server Advanced Edition V4.0.6
r
IBM WebSphere Application Server Advanced Edition Single Server V4.0.6
v IBM WebSphere Application Server V5.0.2
v IBM WebSphere Application Server V5.1
12 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
Xk+ WebSphere Application Server Advanced Edition V4.0.6 M 5.0.2 T0 WebSphere
Application Server V5.1 dC*9C+k Tivoli Access Manager 2mDC'"am#
Xk+ WebSphere C'Mi<k Tivoli Access Manager P#
":2mC'"amD*s;JCZ WebSphere Application Server Advanced Edition
Single Server V4.0.6#Cf>9CyZwzD2+T#XZ|`j8E",kND
Z 51 3D:WebSphere Advanced Edition Single Server V4.0.6;#
XZ20 IBM WebSphere Application Server DD5ZTBX7a):
http://www-4.ibm.com/software/webservers/appserv/doc/v40/ae/infocenter/was/nav_pdf.html
g{zG IBM WebSphere Application Server DBC',kN< Getting Started with
IBM WebSphere Application Server 8O#K8OZTO Web >cPa)#
Tivoli Access Manager BaseTivoli Access Manager for WebSphere *sZ>XwzOAY20;v Tivoli Access
Manager i~,"*s(" Tivoli Access Manager 2+r#(#,2+rGg`v5
3V<D#
>XwzODXhi~
Tivoli Access Manager for WebSphere *sZw\ WebSphere Application Server D>
XFczO20 Access Manager Java Runtime Environment i~#bG'V Tivoli
Access Manager for WebSphere D Tivoli Access Manager Base X8m~DnM*s#
Tivoli Access Manager for WebSphere ;*sZw\ WebSphere Application Server D
>XFczO20NN=SD Tivoli Access Manager i~#
>XwzODI!i~
d;;h*Z>XwzOmSNN=SD Tivoli Access Manager i~,+IT(}Z
WebSphere Application Server yZD,;wzO20 Tivoli Access Manager authorization
server 4E/T\#Tivoli Access Manager KP173G authorization server DHv
u~#g{Z WebSphere wzO20 authorization server,r9XkZKzwO20
Tivoli Access Manager KP173#b=vi~<Gw* Tivoli Access Manager Base
z7D;?V4V"D#
Tivoli Access Manager 2+r
Tivoli Access Manager for WebSphere Xk\;CJ Tivoli Access Manager 2+r#
(F$_Xk\*5 Tivoli Access Manager policy server#*K5VnQT\,(iZ
2+rP220;vr`v Tivoli Access Manager authorization server#by,20K
IBM WebSphere Application Server .s,XkZ20 Tivoli Access Manager for
WebSphere 0(";v2+r#
*("2+r,Xk20MdC policy server#(#,|k WebSphere Application Server
;Z,;wzOKP#ITZ WebSphere Application Server wzOrd|53O20
MdC authorization server#
PX20MdC Tivoli Access Manager 2+r(|( Access Manager Java Rntime
Environment)D|`E",kND6IBM Tivoli Access Manager Base 208O7#
Z 2 B 208>E" 13
Java Runtime Environmentw\ Tivoli Access Manager for WebSphere DFcz53Xk20 Java Runtime
Environment V1.3.1:
Java Runtime Environment Gw* IBM WebSphere Application Server 20D;?V2
0MdCD#Tivoli Access Manager for WebSphere 9C`,D Java Runtime
Environment#
":Tivoli Access Manager for WebSphere 29C Access Manager Java Runtime
Environment#Access Manager Java Runtime Environment )9K V1.3.1 D Java
runtime#
C'"amHvu~
Tivoli Access Manager for WebSphere w* Tivoli Access Manager 2+rD;?VK
w#2+rD policy server 9CC'"am4\mC'MiE"#
Tivoli Access Manager for WebSphere 'V Tivoli Access Manager Base y'VDy
PC'"am`M:
v IBM Directory Server
v Sun ONE Directory Server
v IBM Lotus Domino Server
v Microsoft Active Directory,|(G&CLrf>#
v Novell eDirectory
PX?;C'"am`MD'Vf>Dj{Pm,kND6IBM Tivoli Access Manager
Base 208O7#
Sun ONE Directory Server V5.1 M 5.2 \ Tivoli Access Manager Base 'V+G;\
WebSphere Application Server 4.0.6 r 5.0.2 'V#kND WebSphere Application Server
DX8m~3fT7Of>:
WebSphere Application Server V4.0.6
http://www.ibm.com/software/webservers/appserv/ doc/v40/prereqs/ae_v406.htm
WebSphere Application Server V5.0.2
http://www.ibm.com/software/webservers/appserv/ doc/v50/prereqs/was_v502.htm
?v20DC'"amHvu~2yZk Tivoli Access Manager for WebSphere ;p
9CD WebSphere Application Server f>#
v WebSphere Application Server Advanced Edition V4.0.6 T0 WebSphere Application
Server V5.0.2 M 5.1#
Z20 Tivoli Access Manager for WebSphere 09CC'"amXkzc=vHv
u~:
– Xk+ Tivoli Access Manager policy server M WebSphere Application Server d
C*9C,;C'"am#
14 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
– Xk+* WebSphere Application Server (eDNNVPC'Mi<k Tivoli Access
Manager C'?<,TI* Tivoli Access Manager C'Mi#K&D<kb6E
+)9D Tivoli Access Manager tT,,VPDC'Mi(e;pmS= Tivoli
Access Manager 2+#=P#
IT9C pdadmin |nV$+C'<k Tivoli Access Manager C'"amP#
9C IBM Directory LDAP D Tivoli Access Manager 2+rIT9C Directory
z?0k&\#
PX9C pdadmin |nV$<kC'D|`E",kND6IBM Tivoli Access
Manager Base \m8O7#
PXz?0k IBM Directory C'D|`E",kND6IBM Tivoli Access Manager
for e-business T\w{8O7#
v WebSphere Application Server Advanced Edition Single Server V4.0.6
WebSphere Advanced Edition Single Server ;9CNNb?C'"am#`4,|9
CyZwzD2+T4$w#wz53OD?vC'J'XkZ Tivoli Access
Manager 9CDC'"amPP;v,HDu?#
":TyZwzD2+Txf1dFFyvDNN|D2Xk|D= Tivoli Access
Manager 9CDC'"amP#
ST0D"Pf}6
Tivoli Access Manager for WebSphere ITSBfD0"Pf}6:
v IBM Tivoli Access Manager for WebSphere Application Server V3.9
v IBM Tivoli Access Manager for WebSphere Application Server V4.1
}6}L|(!{dC0"Pf">}0"Pf,;s20 Tivoli Access Manager for
WebSphere V5.1 "dC|#
*}6 Tivoli Access Manager for WebSphere,kjITB=h:
1. !{dC">}0"Pf#k4`XC'8OPT&ZYw53D>}8>E"Y
w:
v 6IBM Tivoli Access Manager for WebSphere Application Server C'8O,V3.97
v IBM Tivoli Access Manager for e-business WebSphere Application Server User’s
Guide, Version 4.1
2. +X8D Tivoli Access Manager y!|M2+rS V3.9 r V4.1 }6= V5.1#
7(Zw\ Tivoli Access Manager for WebSphere DFczO20D) Tivoli Access
Manager y!|#?N?pAY|( Access Manager Java Runtime Environment#
y] Tivoli Access Manager 2+rDXKa9,wzI\9|(:
v Tivoli Access Manager KP173
v Tivoli Access Manager policy server
v Tivoli Access Manager authorization server
1>XFcz53;|( policy server r authorization server 1,zXkWH}6
w\G)~qwDFcz53OD2+r#1 policy server M authorization server
}6= V5.1 1,zMITZ>XFczO}6 Access Manager Java Runtime
Environment m~|K#
Z 2 B 208>E" 15
1>XFcz|, policy server M authorization server 1,zIT;N}6yPD
Tivoli Access Manager y!|#
PX}6 Tivoli Access Manager y!|M2+rD8>E",kND6IBM Tivoli
Access Manager Base 208O7#kZjICD5PD8>E"sLx4PB;
=#
3. 20 Tivoli Access Manager for WebSphere D10f>#k4:9C20r<xP
20;rZ 18 3D:9C>z5CLr20 Tivoli Access Manager for WebSphere;
PD=hYw#
20skdCm~#
9C20r<xP20
install_amwas 20r<(}TJ13r20MdCTBi~xr/K Tivoli Access
Manager for WebSphere 53D20#
v Access Manager Java Runtime Environment
v Tivoli Access Manager for WebSphere Application Server
Z4P20r<.0,+h*hC UNIX M Windows OD WAS_HOME 73d?T0
UNIX OD PDWAS_HOME 73d?#
*+ WAS_HOME 73d?hC* WebSphere Application Server 20?<,k+?<|
D* WebSphere_install_directory/bin "KPTB|n:
UNIX
setupCmdLine.sh
Windows
setupCmdLine.bat
Z UNIX =(O,+ PDWAS_HOME 73d?hC*+20 Tivoli Access Manager for
WebSphere D;C:
PDWAS_HOME=/opt/amwasexport PDWAS_HOME
7# WebSphere Application Server f=D Java Runtime PD java /bin ?<;Z5
376DZ;;#
*9C install_amwas r<20MdC Tivoli Access Manager for WebSphere
Application Server,k4TB=hYw:
1. 7#rPQ-20K Tivoli Access Manager "am~qw"policy server M
authorization server#
2. 7#20KyPX*DYw539!#`XE"kNDZ 12 3D:X8m~;#
3. *9C}"o(1!oT)TbDoTi44,M{",zXkZKP20r<.
020oT'Vm~|#
4. 7#ZKzwO20MdCK WebSphere Application Server#
5. 4PTB?VPEvDdC=h:
v Z 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access
Manager \mC';
16 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
v Z 27 3D:Z 2 ?V:tC WebSphere 2+T;
v Z 31 3D:Z 5 ?V a:(F WebSphere 2+ThC - WebSphere V4.0.6;
rZ 33 3D:Z 5 ?V b:(F WebSphere 2+ThC - WebSphere V5.0.2;
(!vZz}ZKPD WebSphere Application Server Df>)#
6. Z Windows 53O,Zt/20r<.0KvyP}ZKPDLr#
7. #9 WebSphere Application Server#
8. KP install_amwas Lr,CLr;Z AIX"HP-UX"Linux"Solaris M Windows
=(9CD Tivoli Access Manager Web Security CD ODy?<P#
":g{4Z1!;C20 WebSphere Application Server,rZKP install_amwas|n1(}9C -is javahome !n48(d;C#}g:
install_amwas -is:javahome websphere_install_dir/AppServer/java/jre
20r<*<#
a. T>!q20oTT0r#!qJ1DoT"%w7(#
b. T>6-T0r#%wB;=#
c. ZmI$-iT0rP,g{S\mI$unMu~,r%wR,b#
d. g{P420 Tivoli Access Manager Base i~,rVZ+a>z20|G#%
wB;=TLx AMJRTE 20#g{ AMJRTE Q-20,r20r<Lx4
P=h e#qr,+T> AMJRTE 73dC0Z#9CBmw*8OdkdC
5#
dC!n hv 1!5
Policy server wz{* policy server D+^(wz{#}g:pdmgr.tivoli.com n/a
Policy server SSL KZ* policy server l} SSL ksDKZE# 7135
JRE ?<* Q20Df WebSphere Application Server a)D JRE
D76#g{9C -is:javahome !n20,rT>D
76G javahome !n8(DGv76#
n/a
* m>XhD!n
e. a>zdk Tivoli Access Manager for WebSphere Application Server 20?<#
S\1!5"%wB;=#
f. a>zdkdCn#9CBmw*8Odkb)5#
m 3. install_amwas 20r<dC!n#
dC!n hv 1!5
6L ACL C' *
C44( Access Manager &CLrj
6D{F,Cj6I Tivoli Access
Manager for WebSphere C44P(^
li#}g:pdpermadmin
n/a
sec_master \k *Tivoli Access Manager sec_master \m
1J'D\k#n/a
Policy server wz{ *policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy server KZE * policy server l}ksDKZE# 7135
Z 2 B 208>E" 17
m 3. install_amwas 20r<dC!n# (x)
Authorization server wz{ *
Tivoli Access Manager for WebSphere
9CD authorization server Dwz{#
(iKwz{k WebSphere wz{`
,#}g:pdacld.tivoli.com
Authorization server KZE *authorization server l} SSL ksDK
ZE#7136
*4PDdC`M# all"local r remote# all
g{Kz7f WebSphere r|,rhC
* true#
9C20r<201,b&C<Uh
C* false#false
Q20D WebSphere Application Server
Df>#*
Q20D WebSphere Application Server
Df>#!nP:WAS5 r WAS4#WAS5
Tivoli Access Manager for WebSphere
Application Server 20?<#
k*20 Tivoli Access Manager for
WebSphere D?<#K?<1!*ZH
0D200ZPdkD5#
n/a
WebSphere Application Server 20?<#
*
20K WebSphere Application Server
D ? < # K ? < & C h C * k
WAS_HOME 73d?`,D5#
n/a
+*dCD JRTE tTD~D URL#= AMJRTE PdPerm.properties D
URL 76n/a
AMJRTE keystore D~D URL#
= AMJRTE keystore D URL 76,
Z?CZk policy M authorization
server (E#
n/a
* m>XhD!n
":TZ Windows 20,1a> Access Manager Runtime Environment DdC!
n1,k7#z*k WebSphere Application Server ;pa)M20D JRE 8
( JRE ?<#}g:
websphere_install_dir\AppServer\java\jre
9C>z5CLr20 Tivoli Access Manager for WebSphere>ZhvgN20 Tivoli Access Manager for WebSphere,|(Z(i~M(F5CL
r#
jIJCZzDYw53D8>E":
v :Z Solaris O20;
v Z 19 3D:Z AIX O20;
v Z 20 3D:Z HP-UX O20;
v Z 21 3D:Z Linux O20;
v Z 22 3D:Z Windows O20;
Z Solaris O20
Tivoli Access Manager for WebSphere 20+m~|dCkD~b9uV*&m#9C
pkgadd Z Solaris O20m~|#
18 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
":g{zQ-20MdCK Tivoli Access Manager for WebSphere "Rh*XB2
0|,rXkWH!{dC">}|#kNDZ 85 3D:S Solaris >};#
*Z Solaris O20 Tivoli Access Manager for WebSphere,kjITB8>:
1. T root C'G<#
2. i$GqQzc20 Tivoli Access Manager for WebSphere DHvu~#
*4im~`XT,kNDZ 12 3D:X8m~;#
3. i$GqQdC Tivoli Access Manager policy server M WebSphere Application Server
9C,;C'"am#
":b;=;JCZ WebSphere Advanced Edition Single Server#
*4iC'"am`XT,kNDZ 14 3D:C'"amHvu~;#
4. i$GqQ+ WebSphere Application Server C'MiSC'"am<k= Tivoli
Access Manager C'"am#=P#
IT9C Tivoli Access Manager pdadmin |nV$<kC'#}g,CZ<k
LDAP C'Do(*:
pdadmin> user import UserID Distinguished_Name_of_the_user_in_LDAP
PX pdadmin D|`E",kND6IBM Tivoli Access Manager Base \m8O7#
TZ IBM Directory LDAP 73PDs?C',k<G9C LDAP z?<k&\#
PX|`E",kND6IBM Tivoli Access Manager for e-business T\w{8O7#
5. ek IBM Tivoli Access Manager Web Security for Solaris CD#
6. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
v -d /cdrom/cdrom0/solaris - 8(m~|D;C#
v -a /cdrom/cdrom0/solaris/pddefault - 8(20\mE>D;C#
packages gB:
v PDJrte - Access Manager Java Runtime Environment m~|#
v PDWAS - Tivoli Access Manager WebSphere Application Server m~|#
":b)m~|Xk20Zk WebSphere Application Server `,D53O#
7. SB4dC Tivoli Access Manager for WebSphere#PX8>E"k*AZ 25 3D
Z 3 B, :dC}L;#
Z AIX O20
Tivoli Access Manager for WebSphere 20+m~|dCkD~b9uV*&m#
":g{zQ-20MdCK Tivoli Access Manager for WebSphere "Rh*XB2
0|,rXkWH!{dC">} Tivoli Access Manager for WebSphere m~|#
kNDZ 86 3D:S AIX >};#
*Z AIX O20 Tivoli Access Manager for WebSphere,kjITB8>:
Z 2 B 208>E" 19
1. T root C'G<#
2. i$GqQzc20 Tivoli Access Manager for WebSphere DHvu~#
*4im~`XT,kNDZ 12 3D:X8m~;#
3. i$GqQdC Tivoli Access Manager policy server M WebSphere Application Server
9C,;C'"am#
":b;=;JCZ WebSphere Advanced Edition Single Server#
*4iC'"am`XT,kNDZ 14 3D:C'"amHvu~;#
4. i$GqQ+ WebSphere Application Server C'MiSC'"am<k= Tivoli
Access Manager C'"am#=P#
IT9C Tivoli Access Manager pdadmin |nV$<kC'#}g,CZ<k
LDAP C'Do(*:
pdadmin> user import UserID Distinguished_Name_of_the_user_in_LDAP
PX pdadmin D|`E",kND6IBM Tivoli Access Manager Base \m8O7#
TZ IBM Directory LDAP 73PDs?C',k<G9C LDAP z?<k&\#
PX|`E",kND6IBM Tivoli Access Manager for e-business T\w{8O7#
5. + IBM Tivoli Access Manager Web Security for AIX CD ek CD }/w#
6. 20TBm~|:
installp -acgXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,packages gB:
PDJ.rte 8( Access Manager Java Runtime Environment m~|#
PDWAS 8( Access Manager for WebLogic Application Server m~|#
":b)m~|Xk20Zk WebSphere Application Server `,D53O#
7. SB4dC Tivoli Access Manager for WebSphere#PX8>E"k*AZ 25 3D
Z 3 B, :dC}L;#
Z HP-UX O20
Tivoli Access Manager for WebSphere 20+m~|dCkD~b9uV*&m#9C
swinstall Z HP-UX O20m~|#
*Z HP-UX O20 Tivoli Access Manager for WebSphere,kjITB=h:
1. T root C'G<#
2. i$GqQzc20 Tivoli Access Manager for WebSphere DHvu~#
*4im~`XT,kNDZ 12 3D:X8m~;#
3. i$GqQdC Tivoli Access Manager policy server M WebSphere Application Server
9C,;C'"am#
":b;=;JCZ WebSphere Advanced Edition Single Server#
*4iC'"am`XT,kNDZ 14 3D:C'"amHvu~;#
20 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
4. i$GqQ+ WebSphere Application Server C'MiSC'"am<k= Tivoli
Access Manager C'"am#=P#
IT9C Tivoli Access Manager pdadmin |nV$<kC'#}g,CZ<k
LDAP C'Do(*:
pdadmin> user import UserID Distinguished_Name_of_the_user_in_LDAP
PX pdadmin D|`E",kND6IBM Tivoli Access Manager Base \m8O7#
TZ IBM Directory LDAP 73PDs?C',k<G9C LDAP z?<k&\#
PX|`E",kND6IBM Tivoli Access Manager for e-business T\w{8O7#
5. g{ pfs_mountd M pfsd 4ZKP,rZs(Hst/|G#C pfs_mount |
n20 CD#}g,dkTB|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8,/cd-rom G20c#
6. dkTB|n20 Tivoli Access Manager for WebSphere m~|:
# swinstall -s /cd-rom/hp packages
dP packages gB:
PDJ.rte 8( Access Manager Java Runtime Environment m~|#
PDWAS 8( Access Manager for WebSphere Application Server m~|#
":b)m~|Xk20Zk WebSphere Application Server `,D53O#
vV;u{",8>VvWNQ-!CI&#m;u{"8>4PWN}**<#
S CD Ob9uD~"20=2LO#vV;u{",8>4PWNQ-!CI&#
Kv swinstall 5CLr#
7. SB4dC Tivoli Access Manager for WebSphere#PX8>E"k*AZ 25 3D
Z 3 B, :dC}L;#
Z Linux O20
Tivoli Access Manager for WebSphere 20+m~|dCkD~b9uV*&m#9C
rpm Z Linux O20m~|#
g{zQ-20MdCK Tivoli Access Manager for WebSphere "Rh*XB20|,
rXkWH!{dC">}|#kNDZ 87 3D:S Linux >};#
":0zSeries OD Linux1C':zXkWHS IBM Tivoli Access Manager for Linux
on zSeries CD qCT Linux rpm D~DCJ(#
*Z Linux O20 Tivoli Access Manager for WebSphere,kjITB8>:
1. T root C'G<#
2. i$GqQzc20 Tivoli Access Manager for WebSphere DHvu~#
*4im~`XT,kNDZ 12 3D:X8m~;#
3. i$GqQdC Tivoli Access Manager policy server M WebSphere Application Server
9C,;C'"am#
Z 2 B 208>E" 21
":b;=;JCZ WebSphere Advanced Edition Single Server#
*4iC'"am`XT,kNDZ 14 3D:C'"amHvu~;#
4. i$GqQ+ WebSphere Application Server C'MiSC'"am<k= Tivoli
Access Manager C'"am#=P#
IT9C Tivoli Access Manager pdadmin |nV$<kC'#}g,CZ<k
LDAP C'Do(*:
pdadmin> user import UserID Distinguished_Name_of_the_user_in_LDAP
PX pdadmin D|`E",kND6IBM Tivoli Access Manager Base \m8O7#
TZ IBM Directory LDAP 73PDs?C',k<G9C LDAP z?<k&\#
PX|`E",kND6IBM Tivoli Access Manager for e-business T\w{8O7#
5. 20CZ xSeries r zSeries D IBM Tivoli Access Manager Web Security CD#
6. |DA /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20c,series 8(
xSeries"zSeries"iSeries r pSeries#
7. 20TBm~|:
rpm -ihv packages
dP packages 8(TBZ].;:
Access Manager Java RuntimeEnvironment m~|
Access Manager for WebSphereApplication Server
xSeries OD Linux PDJrte-PD-5.1.0–0.i386.rpm PDWAS-PD-5.1.0–0.i386.rpm
zSeries OD Linux PDJrte-PD-5.1.0–0.i390.rpm PDWAS-PD-5.1.0–0.i390.rpm
":b)m~|Xk20Zk WebSphere Application Server `,D53O#
8. SB4dC Tivoli Access Manager for WebSphere#PX8>E"k*AZ 25 3D
Z 3 B, :dC}L;#
Z Windows O20
Tivoli Access Manager for WebSphere 20+m~|dCkD~b9uV*&m#9C
InstallShield setup.exe 20 Tivoli Access Manager for WebSphere D~#
":g{zQ-20MdCK Tivoli Access Manager for WebSphere "Rh*XB2
0|,rXkWH!{dC">}|#kNDZ 86 3D:S Windows >};#
*Z Windows O20MdC Tivoli Access Manager for WebSphere,kjITB8>:
1. T_P Windows \m1X(DC'G<= Windows r#
2. i$GqQzc20 Tivoli Access Manager for WebSphere DHvu~#
*4im~`XT,kNDZ 12 3D:X8m~;#
3. i$GqQdC Tivoli Access Manager policy server M WebSphere Application Server
9C,;C'"am#
":b;=;JCZ WebSphere Advanced Edition Single Server#
*4iC'"am`XT,kNDZ 14 3D:C'"amHvu~;#
22 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
4. i$GqQ+ WebSphere Application Server C'MiSC'"am<k= Tivoli
Access Manager C'"am#=P#
IT9C Tivoli Access Manager pdadmin |nV$<kC'#}g,CZ<k
LDAP C'Do(*:
pdadmin> user import UserID Distinguished_Name_of_the_user_in_LDAP
PX pdadmin D|`E",kND6IBM Tivoli Access Manager Base \m8
O7#
TZ IBM Directory LDAP 73PDs?C',k<G9C LDAP z?<k&\#
PX|`E",kND6IBM Tivoli Access Manager for e-business T\w{8
O7#
5. + IBM Tivoli Access Manager Web Security for Windows CD ek CD }/w#
6. 20 Access Manager Java Runtime Environment M Access Manager for WebSphere
Application Server m~|#*jIbnYw,kKP;ZTB?<D setup.exe D
~:
\windows\PolicyDirector\Disk Images\Disk1\setup.exe
T>0!q20oT1T0r#
7. !qk*CZ20DoT,"%w7(#
8. T>06-1T0r#%wB;=TLx#
9. DAmI$-i,g{z,bb)un,r%wG#
10. !qTBm~|"%wB;=:
v Access Manager Java Runtime Environment
v Access Manager for WebSphere Application Server
11. S\1!?DX?<,r%w/@TZ>X53O!qm;v?<D76#g{
C?<;fZ,rzXk7Ok*4(C?<r_8(QfZD?<#
12. %wjIKv20Lr#
13. SB4dC Tivoli Access Manager for WebSphere#PX8>E"k*AZ 25 3
DZ 3 B, :dC}L;#
Z 2 B 208>E" 23
Z 3 B dC}L
Tivoli Access Manager for WebSphere DdC=hy]zGdCZ;v Tivoli Access
Manager for WebSphere 53= Tivoli Access Manager 2+r9GmS=SD Tivoli
Access Manager for WebSphere 53xd/#
?v Tivoli Access Manager for WebSphere 53<G(}9C pdwascfg 5CLrd
C=2+rPD#J2EE &CLrD2+TE"Xk(F= Tivoli Access Manager _T
}]bP#Tivoli Access Manager for WebSphere a)5VKYwD(F5CLr#k
"bb;h*Z_P8(2+_TD EAR D~D J2EE &CLryZD53O4P#
Kb,P;)dC=h;ZdCZ;v Tivoli Access Manager for WebSphere 53=
x(D Tivoli Access Manager 2+r1EGXhD#
LxjITB3;Z:
v :dCu<20;
v Z 36 3D:Z WebSphere Application Server V5.1 73PdC Tivoli Access Manager
for WebSphere;
v Z 38 3D:dC=S20;
dCu<20
>ZhvgNdC Tivoli Access Manager for WebSphere DZ;N20#
Tivoli Access Manager for WebSphere a)KSYdC}LD5CLr#dC=h9C
b)5CLrT0 Tivoli Access Manager \m5CLr pdadmin M WebSphere X
F(#m`=hvZZ;NdC Tivoli Access Manager for WebSphere =X(D Tivoli
Access Manager 2+r1Eh*4P#
dC8>E"ZTB8ZPhv:
v Z 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access Manager
\mC';
v Z 27 3D:Z 2 ?V:tC WebSphere 2+T;
v Z 29 3D:Z 3 ?V:dC Access Manager Java Runtime Environment;
v Z 30 3D:Z 4 ?V:Sk2+r;
v Z 31 3D:Z 5 ?V a:(F WebSphere 2+ThC - WebSphere V4.0.6;
v Z 33 3D:Z 5 ?V b:(F WebSphere 2+ThC - WebSphere V5.0.2;
u<dC=2+rPDdC=h\agB<#
© Copyright IBM Corp. 2002, 2003 25
kjI>Z|(D?;?VPD8>#
Z 1 ?V:* WebSphere Application Server 4( TivoliAccess Manager \mC'
g{Z WebSphere Application Server PQ-tCK2+T,r&C+ WebSphere
Application Server \mC'<k Tivoli Access Manager TsUd#9C Tivoli Access
Manager |nP5CLr pdadmin r Tivoli Access Manager Web Portal Manager *
WebSphere Application Server <k Tivoli Access Manager \mC'#*S Tivoli Access
Manager |nP5CLr4PKYw:
1. S|nP,T\mC' sec_master m]t/ pdadmin:
pdadmin -a sec_master -p sec_master_password
2. <k WebSphere Application Server \mC'#}g:
pdadmin> user import was_admin_user dn_registry_identifier
9 WebSphere \mC'J'P':
pdadmin> user modify was_admin_user account-valid yes
g{Z WebSphere Application Server PP4tC2+T,rh*4( WebSphere
Application Server \mC'#9C Tivoli Access Manager |nP5CLr pdadminr Tivoli Access Manager Web Portal Manager * WebSphere Application Server 4(
Tivoli Access Manager \mC'#
TB8>E"hvgN9C pdadmin#
1. S|nP,T\mC' sec_master m]t/ pdadmin:
pdadmin -a sec_master -p sec_master_password
2. * WebSphere Application Server 4( Tivoli Access Manager \mC'#}g,T
B8>E"4(BC' wsadmin#TB|nXk,I;v|nPdk:
pdadmin> user create wsadmin cn=wsadmin,o=organization,c=countrywsadmin wsadmin myPassword
+ organization M country D5f;*T LDAP C'"amP'D5#
< 5. Tivoli Access Manager for WebSphere u<20DdCNq#
26 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
9C wsadmin J'P':
pdadmin> user modify wsadmin account-valid yes
Z 2 ?V:tC WebSphere 2+T
y]z}Z9CD WebSphere Application Server Df>,jITB3;ZPD=h:
v :Z WebSphere Application Server V4.0.6 PtC2+T;
v :Z WebSphere Application Server V5.0.2 PtC2+T;
tC WebSphere V5.1 2+TD8>E"|,ZZ 36 3D:Z WebSphere Application
Server V5.1 73PdC Tivoli Access Manager for WebSphere;P#
Z WebSphere Application Server V4.0.6 PtC2+T
*Z WebSphere Application Server V4.0.6 PtC2+T:
1. t/ WebSphere \m~qw#
2. Zt/~qws,t/ WebSphere \mM'z#
3. !qXF( → 2+PD#
4. !q#f!n(#!PtC2+Tr#
5. !qO$!n(#
a. !q LTPA#hCTB LTPA hC:
v nF=Z:120
v r:zDr{#}g:
mydomain.ibm.com
b. !P LDAP 4!r#8( LDAP hC:
m 4. LDAP hC
LDAP hC >}5
Security Server ID cn=wsadmin,o=ibm,c=us
Security Server Password myPassword
Host ldapserver.mydomain.ibm.com
Directory Type SecureWay
Base DN o=ibm,c=us
Bind DN cn=root
Bind Password myPassword
c. %w7(#
6. R|%w WebSphere \mr → Zc → wz{
7. !qXBt/#
Z WebSphere Application Server V5.0.2 PtC2+T
*Z WebSphere Application Server V5.0.2 PtC2+T:
1. t/ WebSphere \m~qw:
2. t/~qws,r*\mXF( - http://localhost:9090/admin/
3. TNNC'G<#
4. dC LDAP:
Z 3 B dC}L 27
a. !q2+T → C'"am → LDAP
b. dCTB5:
m 5. LDAP hC
LDAP hC >}5
Server User ID cn=wsadmin,o=ibm,c=us
Server User Password myPassword
Type IBM_Directory_Server
Host ldapserver.mydomain.ibm.com
Port 389
Base DN o=ibm,c=us
Bind DN cn=root
Bind Password myPassword
Search Timeout 120
Reuse connection true
Ignore case true
SSL Enabled false
SSL Configuration cellname/DefaultSSLSettings
c. %w&C#
5. dC LTPA O$:
a. !qO$zF → LTPA
b. hC\kTS\Mb\ LTPA \?#
c. + LTPA ''\?,15hC* 120#
d. Z,;0ZP,7O\kTS\Mb\ LTPA \?#
e. %w&C#
f. SA;W?D=StT?V,!q%;"a(SSO)#
g. tC%;"a#
h. dk%;"a DNS r{#
i. %w&C#
6. dC2+ThC:
a. !q2+T → +V2+T
b. dCTB5:
m 6. 2+ThC
2+ThC >}5
Enabled true
Enforce Java 2 Security false
Use domain qualified user IDs true
Cache timeout 600
Issue permission warning true
Active protocol CSI and SAS
Active authentication mechanism LTPA
28 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
m 6. 2+ThC (x)
Active user registry LDAP
c. %w&C#
7. %w#f4S#
8. %w#f4%#f0wdC1#
9. S WebSphere Application Server \mXF("z#
10. XBt/ WebSphere Application Server#
Z 3 ?V:dC Access Manager Java Runtime EnvironmentdC Access Manager Java Runtime Environment T)9k IBM WebSphere Application
Server ;pV"D Java runtime#
":Access Manager Java Runtime Environment G Tivoli Access Manager for WebSphere
DX8m~#
IT9C Access Manager Base dC GUI r_S|nP9C pdjrtecfg |ndC Access
Manager Java Runtime Environment#*S Access Manager Base dC GUI dC Access
Manager Java Runtime Environment:
1. |D?<ATB;C:
v (UNIX)/opt/PolicyDirector/bin
v (Windows)C:\Program Files\Tivoli\Policy Director\bin
2. dkTB|n:
pdconfig
T> Access Manager dCA;,zITSPdC Java runtime#
*S|nPdC Access Manager Java Runtime Environment:
1. i$73d? WAS_HOME QhC* IBM WebSphere Application Server w?<#
2. |D?<ATB;C:
v (UNIX)/opt/PolicyDirector/sbin
v (Windows)C:\Program Files\Tivoli\Policy Director\sbin
3. +TB|n,I;Pdk:
v UNIX
pdjrtecfg -action config-java_home $WAS_HOME/java/jre-host policy_server_host
v Windows
pdjrtecfg -action config-java_home %WAS_HOME%\java\jre-host policy_server_host
":7#Z PATH d?PngvVD java ~xFD~D;CkzT pdjrtecfg !
n -java_home pathname 8(D java ~xFD~;C`%d#
Z 3 B dC}L 29
Z 4 ?V:Sk2+r
jITB=h:
1. #9 WebSphere Application Server#
2. c/TBE":
v z#{Cw Tivoli Access Manager for WebSphere &CLrDC'm]DC'J
'{#b)8>E"PD>}|n9Cm] pdpermadmin#z!qDC'{;&C
fZZC'"amP#
v sec_master J'D\k#
v w\ policy server DFczD+^(r{#}g:pdmgrserver.mysubnet.ibm.com
v w\ authorization server DFczD+^(r{#}g:
pdacldserver.mysubnet.ibm.com
v WebSphere 20Dw?<#
3. *+ WAS_HOME 73d?hC* WebSphere Application Server 20?<,k+?<
|D* WebSphere_install_directory/bin "KPTB|n:
UNIX
setupCmdLine.sh
Windows
setupCmdLine.bat
4. Z UNIX =(O,+ PDWAS_HOME 73d?hC* Tivoli Access Manager for
WebSphere 20?<#Z Windows =(O,PDWAS_HOME &CQ-fZZ73P#
UNIX
PDWAS_HOME=/opt/amwasexport PDWAS_HOME
5. +?<|D*:
v (UNIX)/opt/amwas/sbin
v (Windows)C:\Program Files\Tivoli\amwas\sbin
6. KP pdwascfg 5CLr#9CzZ0f=hPU/DE"4r pdwascfg a)
|nP!n#
":TBD>}|nY(z}Z4(F* pdpermadmin DB Tivoli Access Manager
C'J'#}g:
-remote_acl_user pdpermadmin
9CH0c/DN},+TB|n,I;v|nPdk,y]z}Z9CD
WebSphere Application Server Df>,9C -action configWAS4 r configWAS5N}:
pdwascfg -action configWASversion_number-remote_acl_user pdpermadmin-sec_master_pwd myPassWord-pdmgrd_host fully_qualified_DN_of_the_policy_server_host-pdacld_host fully_qualified_DN_of_the_authorization_server_host-was_home c:\WebSphere\AppServer
":TO|nPD –was_home !nD5vw*>}T>#K5+y]z}ZKP
D WebSphere Application Server Df>M}Z9CD=(x|D#}g,K5
ITG:
30 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
WindowsWebSphere Application Server V4.0.6:
c:\WebSphere\AppServer
WebSphere Application Server V5.0.2:
"c:\Program Files\WebSphere\AppServer"
Solaris"Linux M HP-UX/opt/WebSphere/AppServer
AIX /usr/WebSphere/AppServer
pdwascfg 5CLrdC WebSphere Application Server T9C Tivoli Access Manager
for WebSphere w*Z()&L#
":
1. pdwascfg 5CLrv'Vd\mC'4(* sec_master Dr#
2. pdwascfg 5CLrZdyKPD?<O4({* AMWASConfig.log DU>D
~#
7. i$ pdwascfg |nGqI&4(K PdPerm tTD~#
v Solaris"Linux M HP-UX
/opt/WebSphere/AppServer/java/jre/PdPerm.properties
v AIX
/usr/WebSphere/AppServer/java/jre/PdPerm.properties
v Windows
– WebSphere Application Server V4.0.6
C:\WebSphere\AppServer\java\jre\PdPerm.properties
– WebSphere Application Server V5.0.2
C:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties
":TO76{ICK WebSphere Application Server D1!20?<#g{ZG1
!;CxP20,k`&w{76{#
Z 5 ?V a:(F WebSphere 2+ThC - WebSphereV4.0.6
g{}Z9C WebSphere 5.0.2,kx}b;="Lx4PZ 33 3D:Z 5 ?V b:
(F WebSphere 2+ThC - WebSphere V5.0.2;
b;=+&CLr2+_TS WebSphere admin.ear ?phv{D~(F= Tivoli
Access Manager _T}]b#(F5CLrZ Tivoli Access Manager TsUdP4(
zm WebSphere J4DTs#g{b;?V4jI,z+;\t/ WebSphere#
jITB=h:
1. g{ WebSphere }ZKP,k#9|#
2. 7# WAS_HOME 73d?;hC* WebSphere Application Server 20D;C#TB
>}T>1!;C:
v Solaris"Linux HP-UX
Z 3 B dC}L 31
WAS_HOME=/opt/WebSphere/AppServer
v AIX
WAS_HOME=/usr/WebSphere/AppServer
v Windows
WAS_HOME=C:\WebSphere\AppServer
3. c/TBE",z+h*QCE"8(*(F5CLrDdkN}:
v *(FD EAR D~{F#Znu9C(F5CLr1,Xk(F\m EAR D
~:
– Solaris"Linux M HP-UX
/opt/WebSphere/AppServer/config/admin.ear
– AIX
/usr/WebSphere/AppServer/config/admin.ear
– Windows
C:\WebSphere\AppServer\config\admin.ear
v A PDPerm.properties D~D+76#KD~;Z WebSphere Application Server
20?<BD3v?<#TBPmT>K?vYw53OD1!;C#
":D~;CXkm>*3;J4j6#
– Solaris"Linux M HP-UX
file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
– AIX
file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
– Windows
file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties
v Tivoli Access Manager \mJ'D{F#&C* sec_master#
v sec_master J'D\k#
v WebSphere \mC'J'D{F#b&CkzTO4(/<kDJ'%d#}g:
wsadmin
v LDAP (P{F(DN)s:,Tivoli Access Manager policy server M WebSphere
Application Server hzdf"C'E"#b&1kz4( wsadmin C'19CD
DN s:`%d#
ZZ 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access
Manager \mC';PT>D>}4(K_PTB DN D wsadmin:
cn=wsadmin,o=ibm,c=us
ZbVivB,DN s:G: o=ibm,c=us
K5&1w* migrateEAR4 5CLrD –d !nDN}xv#
":IT9C pdadmin T>53O wsadmin D DN:
pdadmin> user show wsadmin
4. |D?<A(F5CLrD;C:
v (UNIX)/opt/amwas/bin
v (Windows)C:\Program Files\Tivoli\amwas\bin
32 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
5. KP(F5CLr4(F|,Z admin.EAR PD}]#
9CZH0=hPc/DN},Z|na>{&+TBD>,I;v|nPdk:
UNIX
migrateEAR4 -j /opt/WebSphere/AppServer/config/admin.ear-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
k"b AIX O PdPerm.properties D~D1!;CG:
/usr/WebSphere/AppServer/java/jre/PdPerm.properties
Windows
migrateEAR4 -j c:\WebSphere\AppServer\config\admin.ear-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties
jI(F1T>4,{"#5CLrDdv+;G<=ZKPK5CLrD?<O
4(DD~ pdwas_migrate.log P#liU>D~T7#*&CLr(FKyP_
T#g{U>D~T>ms,kliO;N"zDBq,|}ms4"XBKP(
F$_#
g{(F;I&,ki$zGq* -c !na)K}7D3;J4j6,"* -j !
na)K}7DD~{#
(F5CLrh*CJ admin.ear#1!ivB,&CLrc`$_|,=0D5`
M(e1(DTD)j<yZ;CD URL }C#rK,iR?phv{ DTD h*
ArXxD,S#g{wz;P,S=rXx,r9C DTD D>X1>#ZbVi
vB,k|B8r>X DTD D?phv{#
/f: 9C Tivoli Access Manager for WebSphere 0,AY+h*YKP;N(
F5CLr#z+h*kT?v}Z#$D&CLrD EAR D~KP|#4PKY
wD8>E";ZZ 43 3DZ 4 B, :(F2+TG+;P#
+ pdwas-admin imS=\m ACLjITB=h,+ pdwas-admin imS=\m ACL:
1. 9C pdadmin + pdwas-admin imS=`&D ACL#+TBD>,I;v|n
dk:
pdadmin> acl modify _WebAppServer_deployedResources_AdminRole_admin_ACLset group pdwas-admin T[WebAppServer]i
2. g{2+r|,`v authorization server,r9C pdadmin 44P server replicate|n,T7#C ACL |D"4|ByP authorization server#
Z 5 ?V b:(F WebSphere 2+ThC - WebSphereV5.0.2
g{z}Z9C WebSphere Application Server 4.0.6,kx}b;=#
b;=+&CLr2+_TS WebSphere adminconsole.ear ?phv{D~(F=
Tivoli Access Manager _T}]b#(F5CLrZ Tivoli Access Manager TsUd
P4(zm WebSphere J4DTs#
Z 3 B dC}L 33
":Tivoli Access Manager for WebSphere ;'V WebSphere Application Server \m
NqD2+T#
jITB=h:
1. g{ WebSphere }ZKP,k#9|#
2. 7#+ WAS_HOME 73d?hC* WebSphere Application Server 20D;C#TB
>}T>1!;C:
v Solaris"Linux M HP-UX
WAS_HOME=/opt/WebSphere/AppServer
v AIX
WAS_HOME=/usr/WebSphere/AppServer
v Windows
WAS_HOME=C:\Program Files\WebSphere\AppServer
3. c/TBE",z+h*QCE"8(*(F5CLrDdkN}:
v *(FD EAR D~{F#Znu9C(F5CLr1,Xk(F\m
EAR"admin-authz.xml M naming-authz.xml:
– Solaris"Linux M HP-UX
/opt/WebSphere/AppServer/installedApps/cellname/adminconsole.ear/opt/WebSphere/AppServer/config/cells/cellname/admin-authz.xml/opt/WebSphere/AppServer/config/cells/cellname/naming-authz.xml
– AIX
/usr/WebSphere/AppServer/installedApps/cellname/adminconsole.ear/usr/WebSphere/AppServer/config/cells/cellname/admin-authz.xml/usr/WebSphere/AppServer/config/cells/cellname/naming-authz.xml
– Windows
C:\Program Files\WebSphere\AppServer\installedApps\cellname\adminconsole.earC:\Program Files\WebSphere\AppServer\config\cells\cellname\admin-authz.xmlC:\Program Files\WebSphere\AppServer\config\cells\cellname\naming-authz.xml
v = PDPerm.properties D~D+76#KD~;Z WebSphere Application Server
20?<BD3v?<#TBPmT>K?vYw53OD1!;C#
":D~;CXkm>*3;J4j6#
– Solaris"Linux M HP-UX
file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
– AIX
file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
– Windows
file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"
v Tivoli Access Manager \mJ'D{F#&C* sec_master#
v sec_master J'D\k#
v WebSphere \mC'J'D{F#C{F&CkzZOf4(DJ'%d#}g:
wsadmin
34 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
v LDAP (P{F(DN)s:,Tivoli Access Manager policy server M WebSphere
Application Server hzdf"C'E"#b&1kz4( wsadmin C'19CD
DN s:`%d#
ZZ 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access
Manager \mC';PT>D>}4(K_PTB DN D wsadmin:
cn=wsadmin,o=ibm,c=us
ZbVivB,DN s:G: o=ibm,c=us
K5&1w* migrateEAR5 5CLrD –d !nDN}xv#
":IT9C pdadmin T>53O wsadmin D DN:
pdadmin> user show wsadmin
4. |D?<A(F5CLrD;C:
v (UNIX)/opt/amwas/bin
v (Windows)C:\Program Files\Tivoli\amwas\bin
5. KP(F5CLr4(F|,ZD~ adminconsole.EAR"admin-authz.xml M
naming-authz.xml PD}]#
9CZH0=hPc/DN},Z|na>{&+TBD>,I;v|ndk:
Solaris"Linux M HP-UX
migrateEAR5–j /opt/WebSphere/AppServer/installedApps/cellname/adminconsole.ear-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties-e adminconsole
migrateEAR5–j /opt/WebSphere/AppServer/config/cells/cellname/admin-authz.xml-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
migrateEAR5–j /opt/WebSphere/AppServer/config/cells/cellname/naming-authz.xml-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
AIX
migrateEAR5–j /usr/WebSphere/AppServer/installedApps/cellname/adminconsole.ear-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties-e adminconsole
migrateEAR5–j /usr/WebSphere/AppServer/config/cells/cellname/admin-authz.xml-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
migrateEAR5–j /opt/WebSphere/AppServer/config/cells/cellname/naming-authz.xml-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
Windows
migrateEAR5–j "c:\Program Files\WebSphere\AppServer\installedApps\cellname\adminconsole.ear"
Z 3 B dC}L 35
-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"-e adminconsole
migrateEAR5-j "c:\Program Files\WebSphere\AppServer\config\cells\cellname\admin-authz.xml"-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"
migrateEAR5–j "c:\Program Files\WebSphere\AppServer\config\cells\cellname\naming-authz.xml"-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"
jI(F1+T>4,{"#5CLrDdv+;G<=ZKPK5CLrD?<
O4(DD~ pdwas_migrate.log P#liU>D~T7#*&CLr(FKyP
_T#g{U>D~T>ms,kliO;N"zDBq,|}ms4"XBKP
(F$_#
g{(F;I&,ki$zGq* -c !na)K}7D3;J48>w,"* -j
!na)K}7DD~{#
(F5CLrh*CJ adminconsole.ear#1!ivB,&CLrc`$_|,=
0D5`M(e1(DTD)j<yZ;CD URL }C#rK,iR?phv{ DTD
h*ArXxD,S#g{wz;P,S=rXx,r9C DTD D>X1>#Zb
VivB,k|B8r>X DTD D?phv{#
/f: 9C Tivoli Access Manager for WebSphere 0,AY+h*YKP;N(F5
CLr#z+h*kT?v}Z#$D&CLrD EAR D~KP|#4PKYwD8
>E";ZZ 43 3DZ 4 B, :(F2+TG+;P#
Z WebSphere Application Server V5.1 73PdC Tivoli AccessManager for WebSphere
g{T WebSphere Application Server V5.1 20dC Access Manager Java Runtime
Environment r Tivoli Access Manager for WebSphere,r^h20|G#Access Manager
Java Runtime Environment M Tivoli Access Manager for WebSphere <w* WebSphere
Application Server 5.1 m~|D;?Va)#+G,dC=hk WebSphere Dd|f
>;,#k4TBwZPD8>E"Yw,Z WebSphere Application Server V5.1 73
PdC Tivoli Access Manager for WebSphere#
Z 1 ?V:* WebSphere Application Server 4( TivoliAccess Manager \mC'
g{ WebSphere \mC'P4fZ,rZ_T(F.0XkZ Tivoli Access Manager
P4(|:
pdadmin -a sec_master -p sec_master_passwordpdadmin> user create was_admin_uid was_admin_user_dnwas_admin_uid was_admin_uid was_admin_pwdpdadmin> user modify was_admin_uid account-valid true
36 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
Z 2 ?V:Z WebSphere Application Server V5.1 PtC2+
T
9C Tivoli Access Manager for WebSphere Application Server tC2+TD=hkt
C>zD WebSphere Application Server 2+TD=hj+`,#*G!D*cG:
v Tivoli Access Manager M WebSphere 2m`,DC'"am#rK,h*+
WebSphere dC*k Tivoli Access Manager 9C`,DC'"am#
v Z WebSphere \mXF(PdC LDAP ?<1,h*7#!P+ Tivoli Access
Manager CZJ'_T4!r#
Z 3 ?V:dC Access Manager Java Runtime EnvironmentkN< WebSphere Application Server V5.1 InfoCenter D5PD:dC WebSphere
Application Server T9C Tivoli Access Manager 4O$;;Z,qCXZXhDdC
=hE"#
Z 4 ?V:dC Tivoli Access Manager for WebSphere4PTB=hdC Tivoli Access Manager for WebSphere Tk WebSphere V5.1 ;p
KP#
1. KP;Z WAS_HOME\bin PD setupcmdline E>4hC73#
2. + PDWAS_HOME 73d?hC* WAS_HOME 73d?D5#Z Windows O,
|nG:
set PDWAS_HOME=%WAS_HOME%
3. KP;Z %WAS_HOME%\bin ?<PD pdwascfg E>44PdC#TB>}9C
pdwascfg.bat#TZ UNIX 73,k9C pdwascfg.sh f;KD~:
%WAS_HOME%\bin\pdwascfg.bat -action configWAS5-remote_acl_user remote_ACL_user_name-sec_master_pwd sec_master_pwd -pdmgrd_host TAM_Policy_Server_host-pdacld_host TAM_Authorization_Server_host -was_home WAS_home-amwas_home WAS_home -embedded true -action_type local -verbose true
remote_ACL_user_name T&ZIdC4(DC'#KC'C4k Tivoli Access
Manager ~qwxPyPD(E#bG;v;&1CZNNd|C>DXpC'#
Z 5 ?V:(F\m_T
Z WebSphere Application Server V5.1 P,h*+nbDXF(_T(eD~(F=
Tivoli Access Manager#(F5CLr;Z %WAS_HOME%\bin ?<P#
*(FyPXhD_T(Z Windows O),rh*KPTB|n(,I;P):
UNIX
":Z AIX O,WebSphere D1!;CG /usr/WebSphere/AppServer
migrateEAR5-j /opt/WebSphere/AppServer/installedApps/cellname/adminconsole.ear-a sec_master -p sec_master_pwd-w was_admin_uid -e "adminconsole"-d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties-e adminconsole
migrateEAR5
Z 3 B dC}L 37
-j /opt/WebSphere/AppServer/config/cells/cellname/admin-authz.xml-a sec_master -p sec_master_pwd-w was_admin_uid -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
migrateEAR5-j /opt/WebSphere/AppServer/config/cells/cellname/naming-authz.xml-a sec_master -p sec_master_pwd-w was_admin_uid -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
Windows
migrateEAR5-j "c:\Program Files\WebSphere\AppServer\installedApps\cellname\adminconsole.ear-a sec_master -p sec_master_pwd-w was_admin_uid-d "o=ibm,c=us" -c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"-e adminconsole
migrateEAR5-j "c:\Program Files\WebSphere\AppServer\config\cells\cellname\admin-authz.xml"-a sec_master -p sec_master_pwd-w was_admin_uid -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"
migrateEAR5-j "c:\Program Files\WebSphere\AppServer\config\cells\cellname\naming-authz.xml"-a sec_master -p sec_master_pwd-w was_admin_uid -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"
-e !nG(F adminconsole.ear D~yXhD,r* WebSphere Application Server
+Z?pZdX|{K&CLr#
dC=S20
>ZhvgN+=SD Tivoli Access Manager for WebSphere 20dC= Tivoli Access
Manager 2+rP#
>ZD8>E"wKgBYh:
v zQ-I&jIZ 25 3D:dCu<20;PD8>#
(}jITO8>,z+gMQ2+TE"S admin.ear D~(F= Tivoli Access
Manager(g{}Z9C WebSphere Application Server V4.0.6 D0)r_S
adminconsole.ear D~(F= Tivoli Access Manager(g{}Z9C WebSphere
Application Server V5.0.2 D0)#
v zQ-ZH0dCDu<wz53TbD(=S)wz53O20K Tivoli Access
Manager for WebSphere#VZ<8ZC=Swz53OdC Tivoli Access Manager
for WebSphere K#
":}GzH0QjIZ 25 3D:dCu<20;;Z,qr;*9C>ZPD8>
E"#
38 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
b)8>E"";hvgNSd| EAR D~P(F2+TE"#ITV*jITNb
d| EAR D~D(FM>ZPDdC8>#XZgN(F EAR D~D|`E",k
NDZ 43 3DZ 4 B, :(F2+TG+;#
dC=h\agB<:
dC=hZTB8ZPhv:
v :Z A-1 ?V:dC Access Manager Java Runtime Environment;
v Z 40 3D:Z A-2 ?V:Sk2+r;
Z A-1 ?V:dC Access Manager Java RuntimeEnvironment
dC Access Manager Java Runtime Environment i~TCJk IBM WebSphere
Application Server ;pV"D Java runtime#
":Access Manager Java Runtime Environment G Tivoli Access Manager for WebSphere
DX8m~#
IT9C Tivoli Access Manager Base dC GUI r_S|nP9C pdjrtecfg |nd
C Access Manager Java Runtime Environment#*S Access Manager Base dC GUI
dC Access Manager Java Runtime Environment:
1. |D?<ATB;C:
v (UNIX)/opt/PolicyDirector/bin
v (Windows)C:\Program Files\Tivoli\Policy Director\bin
2. dkTB|n:
pdconfig
T> Access Manager dCA;,zITSPdC Java runtime#
*S|nPdC Access Manager Java Runtime Environment i~:
1. i$73d? WAS_HOME QhC* IBM WebSphere Application Server w?<#
2. |D?<ATB;C:
v (UNIX)/opt/PolicyDirector/sbin
v (Windows)C:\Program Files\Tivoli\Policy Director\sbin
3. dkTB|n:
v (UNIX)pdjrtecfg -action config -java_home $WAS_HOME/java/jre
< 6. =S Tivoli Access Manager for WebSphere 53DdCNq
Z 3 B dC}L 39
v (Windows)pdjrtecfg -action config -java_home %WAS_HOME%\java\jre
":k7#Z PATH d?PngvVD java ~xFD~D;CkzT pdjrtecfg !
n -java_home pathname 8(D java ~xFD~;C`%d#
Z A-2 ?V:Sk2+r
jITB=h:
1. #9 WebSphere Application Server#
2. c/TBE":
v z#{Cw Tivoli Access Manager for WebSphere &CLrDC'm]DC'J
'{#b)8>E"PD>}|n9Cm] pdperm2admin#zIT!qk*DN
N{F#
":ITT Tivoli Access Manager 2+r9CVPDm],rIT4(BDm
]#Zs`}ivB,z+4(;vBD(;m]4zmwz53O10}
ZdCD Tivoli Access Manager for WebSphere i~#
v sec_master J'D\k#
v w\ policy server DFczD+^(r{#}g:pdmgrserver.mysubnet.ibm.com
v w\ authorization server DFczD+^(r{#}g:
pdacldserver.mysubnet.ibm.com
3. *+ WAS_HOME 73d?hC* WebSphere Application Server 20?<,k+?<
|D* WebSphere_install_directory/bin "KPTB|n:
UNIX
setupCmdLine.sh
Windows
setupCmdLine.bat
4. Z UNIX =(O,+ PDWAS_HOME 73d?hC* Tivoli Access Manager for
WebSphere 20?<#Z Windows =(O,PDWAS_HOME &CQ-fZZ73
P#
UNIX
PDWAS_HOME=/opt/amwasexport PDWAS_HOME
5. +?<|D*:
v UNIX:/opt/amwas/bin
v Windows:C:\Program Files\Tivoli\amwas\sbin
6.
9CH0c/D>}N},+TB|n,I;v|nPdk,y]z}Z9CD
WebSphere Application Server Df>,9C -action configWAS4 r configWAS5N}:
pdwascfg -action configWASversion_number-remote_acl_user pdperm2admin-sec_master_pwd myPassWord-pdmgrd_host pdmgrserver.mysubnet.ibm.com -pdacld_hostpdacldserver.mysubnet.ibm.com-was_home c:\WebSphere\AppServer[-amwas_home location_of_the_amwas_installation]
40 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
7. i$ pdwascfg |nGqI&4(K PdPerm tTD~#
v Solaris"Linux M HP-UX
/opt/WebSphere/AppServer/java/jre/PdPerm.properties
v AIX
/usr/WebSphere/AppServer/java/jre/PdPerm.properties
v Windows
– WebSphere Application Server V4.0.6
C:\WebSphere\AppServer\java\jre\PdPerm.properties
– WebSphere Application Server V5.0.2
C:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties
":TO76{ICK WebSphere Application Server D1!20?<#g{ZG1
!;CxP20,k`&w{76{#
Z 3 B dC}L 41
Z 4 B (F2+TG+
Tivoli Access Manager for WebSphere a)(F5CLr,C5CLrT/+2+TG
+(e*;* Tivoli Access Manager \#$Ts#G+(eA!T WebSphere &CL
r?phv{,"(F= Tivoli Access Manager \#$TsUd#>BhvgN9C
C5CLr#
wbw}:
v :gN(F2+TG+;
v Z 46 3D:(F5CLrV^T;
v Z 47 3D:JOoO<I;
gN(F2+TG+
gZZ 25 3DZ 3 B, :dC}L;Pyv,b)8>bZjI Tivoli Access Manager
for WebSphere Du<dC.s9C#
*+ J2EE &CLr2+TG+(F= Tivoli Access Manager for WebSphere,kjI
TB=h:
1. i$Z UNIX 53OzGqT root C'rZ Windows 53OT_P\m1X(
DC'G<#
2. (F5CLrh*CJQ-;#$D&CLrD?phv{#1!ivB,&C
Lrc`$_|,=0D5`M(e1(DTD)j<yZ;CD URL }C#r
K,iR?phv{ DTD h*ArXxD,S#g{wz;P,S=rXx,r
9C DTD D>X1>#ZbVivB,k|B8r>X DTD D?phv{#
3. *+ WAS_HOME 73d?hC* WebSphere Application Server 20?<,k+?
<|D* WebSphere_install_directory/bin "KPTB|n:
UNIX
setupCmdLine.sh
Windows
setupCmdLine.bat
4. Z UNIX =(O,+ PDWAS_HOME 73d?hC* Tivoli Access Manager for
WebSphere 20?<#Z Windows =(O,PDWAS_HOME &CQ-fZZ73
P#
UNIX
PDWAS_HOME=/opt/amwasexport PDWAS_HOME
5. c/TBE",z+h*QCE"8(*(F5CLrDdkN}:
v *(FD EAR D~{F#}g:
– Solaris"Linux M HP-UX
- WebSphere Application Server V4.0.6:
/opt/WebSphere/AppServer/installedApps/secureApp.ear
© Copyright IBM Corp. 2002, 2003 43
- WebSphere Application Server V5.0.2:
/opt/WebSphere/AppServer/installedApps/cellname/secureApp.ear
– AIX
- WebSphere Application Server V4.0.6:
/usr/WebSphere/AppServer/installedApps/secureApp.ear
- WebSphere Application Server V5.0.2:
/usr/WebSphere/AppServer/installedApps/cellname/secureApp.ear
– Windows
- WebSphere Application Server V4.0.6:
c:\WebSphere\AppServer\installedApps\secureApp.ear
- WebSphere Application Server V5.0.2:
c:\Program FilesWebSphere\AppServer\installedApps\cellname\secureApp.ear
v PDPerm.properties D~D;C#KD~;Z WebSphere Application Server 2
0?<BD3v?<#TBPmT>K?vYw53OD1!;C#
":D~;CXkm>*3;J48>w#
– Solaris"Linux M HP-UX
file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
– AIX
file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
– Windows
- WebSphere Application Server V4.0.6:
file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties
- WebSphere Application Server V5.0.2:
file:/c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties
v Tivoli Access Manager \mJ'D{F#&C* sec_master#
v sec_master J'D\k#
v WebSphere \mC'J'D{F#b&1kzZ Tivoli Access Manager for
WebSphere u<dCZd4(DJ'`%d#}g:
wsadmin
v LDAP (P{F(DN)s:,Tivoli Access Manager policy server M WebSphere
Application Server hzdf"C'E"#b&1kz4( wsadmin C'19C
D DN s:`%d#
Z 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access
Manager \mC';PT>D>}4(K_PTB DN D wsadmin:
cn=wsadmin,o=ibm,c=us
ZbVivB,DN s:G: o=ibm,c=us
K5&1w* migrateEAR 5CLrD –d !nDN}xv#
":IT9C pdadmin T>53O wsadmin D DN:
pdadmin> user show wsadmin
44 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
v &CLrT>{F#ITZ&CLr?p1|D&CLr{F,2ITZTs
(} WebSphere XF(xP|D#+;Z EAR D~P4&K|D#g{;P
^D EAR D~T43B{F,+4(msD\#$Ts#9C -e !n8(Z
WebSphere Application Server XF(OT>D&CLrD{F#
6. 7#_PnBDCZ&CLrD EAR D~#7#K EAR D~_PyPZ{DC
'=G+D3d#g{z;7(yPDG+3dGqfZ,k<v&CLr#
PX<v EAR D~D8>E",kND IBM WebSphere Application Server D5#
7. |D?<A(F5CLrD;C:
v (UNIX)/opt/amwas/bin
v (Windows)C:\Program Files\Tivoli\amwas\bin
8. KP(F5CLr4(F&CLr}]#
9CZ0f=hPc/DN},Z|na>{&+TBZ],I;v|nPd
k:
TZ WebSphere Application Server V4.0.6:
UNIX
migrateEAR4-j /opt/WebSphere/AppServer/installedApps/your_application.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties [-e application_name]
k"b AIX O PdPerm.properties D~D1!;CG:
/usr/WebSphere/AppServer/java/jre/PdPerm.properties
Windows
migrateEAR4 -j \WebSphere\AppServer\installedApps\your_application.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties[-e application_name]
Z 4 B (F2+TG+ 45
TZ WebSphere Application Server V5.0.2:
UNIX
migrateEAR5-j /opt/WebSphere/AppServer/installedApps/cellname/your_application.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties [-e application_name]
k"b AIX O PdPerm.properties D~D1!;CG:
/usr/WebSphere/AppServer/java/jre/PdPerm.properties
Windows
migrateEAR5-j "c:\Program Files\WebSphere\AppServer\installedApps\cellname\your_application.ear"-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties[-e application_name]
jI(F1+T>4,{"#5CLrDdv+;G<=ZKPK5CLrD?
<O4(DD~ pdwas_migrate.log P#liU>D~T7#*&CLr(FKy
P_T#g{U>D~T>ms,kliO;N"zDBq,|}ms4"XB
KP(F$_#
g{(F;I&,ki$z* -c !na)K}7D3;J48>w,"* -j !
na)K}7DD~{#
9. *?v|,Xk(F= Tivoli Access Manager DG+(eDs5i5(EAR)D
~X4H0D=h#
;h*TZ?phv{P;P2+TE"D J2EE &CLrKP(F5CLr#
":TZ?v(;D EAR D~;KP;N(F5CLr#g{3v EAR D~P
`v1>,r;h**?v1><KP(F5CLr#(F5CLrZ?v
Tivoli Access Manager rP;hKP;N#
10. !q4PTBYw.;:
v g{}Z9C WebSphere Application Server Advanced Edition Single Server,
r*AB;=#
v g{;Z9C WebSphere Application Server Single Server Edition,r(FQj
I#;*4PB;=#
11. Tivoli Access Manager for WebSphere k WebSphere Single Server Edition ;p
9C1,Xk9C pdadmin +C'V$mS=(F5CLr4(D ACL P#
:(F5CLrV^T;PhvKmSC'D>} pdadmin |n#
2I4iLLZ 67 3DZ 6 B, :LL:gNtC2+T;PhvDy>&CL
rPD+C'mS= ACL PD=(#kND:+&CLr(F= Tivoli Access
Manager;;ZPD>}|n#
(F5CLrV^T
(F5CLrPTBV^T:
46 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
v (F5CLrhF*v+ EAR D~PDG+(F= Tivoli Access Manager \#$
TsUd#;*+K(F5CLrCwG+D,$5CLr#(F EAR D~.s,
k9C Web Portal Manager r pdadmin 5CLr4\mG+#
v (F5CLr;(FZ EAR D~P8(DC'MG+#k7#*zD&CLr9C
nBD EAR D~#
v T EAR D~KPK;N(F5CLrs,(izZ EAR D~|Ds;*YNKP
(F5CLr#14( EAR "(F=\#$TsUd,;sYN(F1,I\"z
TBJb#
– ZZ~Nrsx(F1,g{3;VPG+Q-S EAR >},|+;aS\#$
TsUdP>}#
– ZZ~Nrsx(F1,T EAR D~D|DI\*s(F5CLr8> Tivoli
Access Manager >} ACL (e#ZP)!OP,Tivoli Access Manager I\a
h9bV>}Yw#k"b,+ EAR D~(F= Tivoli Access Manager \#$
TsUda<B4(,S=TsD ACL#g{\m1V$+ ACL (e,S=d
|\#$Ts,Tivoli Access Manager +h9>}K ACL#rK,49Z;NK
P(F5CLr14(D-<Ts;YfZ,ACL 2;a;>}#
v 9C pdadmin 4^DG+#IT9C pdadmin mS=SG+#
v 1k WebSphere Application Server Advanced Edition Single System Edition ;p9
C(F5CLr1,XkV$+C'mS=(F5CLr4(D ACL P#KV^;
0l WebSphere Application Server Advanced Edition#
9C pdadmin +C'mS= ACL#TB>}yZLLDZ 73 3D:Z 8 ?V:
+&CLr(F= Tivoli Access Manager;BZPhvDy>&CLr4T>gN+
C'mS= ACL P#k"b,?v pdadmin |nXk,I;v|nPdk#
c:> pdadmin -a sec_master -p myPasswordpdadmin> acl list(iRT _WebAppServer_deployedResources_GoodGuys_ *7D ACL)
pdadmin> acl modify _WebAppServer_deployedResources_GoodGuys_simpleSessionApp_ACLadd user user1 T[WebAppServer]ipdadmin> acl modify _WebAppServer_deployedResources_GoodGuys_simpleSessionApp_ACLadd user user2 T[WebAppServer]ipdadmin> acl modify _WebAppServer_deployedResources_GoodGuys_simpleSessionApp_ACLadd user user3 T[WebAppServer]ipdadmin> acl modify _WebAppServer_deployedResources_GoodGuys_simpleSessionApp_ACLadd user user4 T[WebAppServer]ipdadmin> exit
JOoO<I
>Z|,TBwb:
v Z 48 3D:9CU>D~;
v Z 48 3D:4,S=Q4(D ACL DC';
v Z 48 3D:(FLD~{D Windows D~'\;
v Z 48 3D:Web Portal Manager ^(+ ACL ,S=Ts;
v Z 48 3D:/fC' [...] G pdwas-admin DI1;
v Z 49 3D:M'zO$ra0=Zx*';
v Z 49 3D:(F5CLrD{";PC}7DoTT>;
Z 4 B (F2+TG+ 47
9CU>D~
ZT(F5CLrDJbxPJOoO1,k9C WebSphere M Tivoli Access Manager
a)DU>D~:
v * Tivoli Access Manager authorization server dCU>G<#ZCJ\#$Ts{
FUdPDTsv='Q1,+ZK&xPG<#k"b,4T Tivoli Access
Manager Z(i~DksyzIDU>E"G<ZKk"b,KU>k
WebSphere U>;,#PX|`E",kND6IBM Tivoli Access Manager Base \
m8O7#
v (F5CLrDn/G<ZD~ pdwas_migrate.log P#CD~;Z(F5CLry
KPD?<#nsDU>{";chvn|(F5CLrT<v24#rK,Zs
`}ivB,|+8>ms"zZ24X=#
4,S=Q4(D ACL DC'
Jb:admin.ear D~}KG+3db,;|,NNC'E"#a{G;PC',S=
Q4(D ACL#
bv=8:9C pdadmin +i pdwas-admin mS= ACL P#+TB|n,I;v
|nPdk:
pdadmin> acl modify _WebAppServer_deployedResources_AdminRole_admin_ACLset group pdwas-admin T[WebAppServer]i
(FLD~{D Windows D~'\
Jb:(F5CLrT|,(KE(~)DD~{;pwC#rK1T<(F Windows
LD~{1+"zJb#
bv=8:X|{KD~{T!T(KE(~)
Web Portal Manager ^(+ ACL ,S=Ts
Jb:Web Portal Manager I\^(+ ACL ,S=Ts{FP|,UqDTs#
d(=(:9C pdadmin ,S ACL 4w*d(=(#
bv=8:g{I\D0,ZKP(F5CLr0,7#?phv{PPvD(eP
;PUq#ki$&CLr{FP;|,Uq#
/fC' [...] G pdwas-admin DI1
Jb:KP(F5CLr1,I\4=;u0/f1{",8vC' wsadmin Gi
pdwas-admin DI1#
bv=8:K/fGbO.PD,R;GvZ2+T?DxT>D#K/fC4+C
'j6* pdwas-admin iD10I1,by\m1M\i$ZbvX*D\miPy
|,DC'PmD<7T#
":IT(} WebSphere \mXF(r Tivoli Access Manager Web Portal Manager 4
|B pdwas-admin iDI1
48 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
M'zO$ra0=Zx*'
Jb:Tivoli Access Manager a)1! SSL ,15CZ,S= Tivoli Access Manager
policy server#Z4P(F5CLrZd,}K,151,I\4=TB{":
~qw'%TM'zDO$,I\GIZa0=ZlID#
bv=8:1vVK{"1,9C -t minutes !nYNKP(F5CLr#(F5C
Lr9C 60 VSw*1!5#K5;&1sZZ( API M'zk policy server dD
10 SSL ,1#
IT(}li;Z Tivoli Access Manager dCD~ ivmgrd.conf PD [ssl] ZBD
N} ssl-v3-timeout 47( SSL ,15#ssl-v3-timeout D1!5G 7200 k(120
VS)#hCKK1!5s,k7#I(F5CLr -t j>hCD SSL ,1AYP 60
VS#
PX|`E",kND6IBM Tivoli Access Manager Base \m8O7#
(F5CLrD{";PC}7DoTT>
Jb:Z Windows 53O,4T Tivoli Access Manager for WebSphere (F5CL
rD{"TZ3)oT(}gMwOQ@o)T>;}7#
d(=(:^D DOS Windows tT:
1. Z DOS |na>{&dkTB|n:
MSDOS> chcp 1252
2. S DOS 0ZK%,!qtT#
3. !q Lucida XF(#
k"b,0Lucida XF(1G True Type Ve#
4. !q7(#!qfeOD7(T;+tT&CZ100Z#
5. VZITi4(F5CLrDdvK#
Z 4 B (F2+TG+ 49
Z 5 B \mNq
>B|,TBwb:
v :WebSphere Advanced Edition Single Server V4.0.6;
v Z 52 3D:Tivoli Access Manager \m$_;
v Z 52 3D:8(KP1tT;
v Z 56 3D:rXF(mSTs`;
v Z 55 3D:dC=S authorization server;
v Z 56 3D:GSO we3dhC;
v Z 60 3D:Tivoli Access Manager for WebSphere U>G<;
v Z 62 3D:9C WebSEAL %;"a= WebSphere Application Server;
v Z 64 3D:JOoO<I;
v Z 66 3D:8] Tivoli Access Manager for WebSphere D~;
WebSphere Advanced Edition Single Server V4.0.6IBM WebSphere Application Server a)'V%~qwD Advanced Edition f>#Kf
>G*KCyZwzD2+TxGCb?C'"amKP WebSphere xhFD#
Kf>D WebSphere Application Server TZ*"&CLrM*&CLr("-MT0
]> WebSphere Application Server XwM\&G\PCD#;\S WebSphere XF
(^D53"am#
Tivoli Access Manager 'Vm`b?C'"am`M#1 Tivoli Access Manager k
WebSphere Advanced Edition Single Server ;p9C1,Tivoli Access Manager \m
1Xk*w\ WebSphere D53OD?v`XC'J'4(`1DC'"amn#bb
6EXkZC'"amPV$4(C'(e#
k"b,1C'SYw53u?5q= Tivoli Access Manager C'"am1,Tivoli
Access Manager C'j6(ID)XkkYw53DC'j6`%d#Z Windows 53
O,Kj6;|,r{#
9k"b,Tivoli Access Manager for WebSphere (F5CLrZk WebSphere Advanced
Edition Single Server ;p9C1,;aT/+C'mS=|4(DCJXFm#XkI
\m1V$mSC'#XZ|`E",kNDZ 46 3D:(F5CLrV^T;#
Zzz53P,(i;*+ Tivoli Access Manager for WebSphere k WebSphere
Advanced Edition Single Server ;p9C#
kNDZ 14 3D:C'"amHvu~;#
© Copyright IBM Corp. 2002, 2003 51
Tivoli Access Manager \m$_
;*9C WebSphere Application Server XF(^DC'rG+DtT#b)|D;a
43Z Tivoli Access Manager _T}]bP#
C'MG+dCE"DyP\mXk(} Tivoli Access Manager \m$_.;44P:
v pdadmin |nP5CLr
v Tivoli Access Manager Web Portal Manager <NC'gf
Tivoli Access Manager 9a)\m API,I9CK API PF.X4P\mNq#
PX Tivoli Access Manager \m$_D|`E",kNDTB8O:
v PX pdadmin M<NC'gfDE",kND6IBM Tivoli Access Manager Base
\m8O7#
v PX`L API DE",kND IBM Tivoli Access Manager for e-business Administration
C API Developer Reference r IBM Tivoli Access Manager for e-business Administration
Java Classes Developer Reference#
8(KP1tT
Tivoli Access Manager for WebSphere 9C|,dCN}D Java tTD~#tTD~
GZKP pdwascfg 5CLrZd4(D,ITfsCZ^DdCN}#
&CZTB;C4( Java tTD~:
v UNIX:WAS_HOME/etc/PDWAS.properties
v Windows:WAS_HOME\etc\PDWAS.properties
TB8ZhvgN^DtThC:
v :dC2,G+_Y:f;
v :(e2,G+;
v Z 53 3D:dC/,G+_Y:f;
v Z 54 3D:yZG+D_Tr\N};
dC2,G+_Y:f
hC2,G+_Y:f
com.tivoli.pd.as.cache.StaticRoleCache=com.tivoli.pd.as.cache.StaticRleCacheImpl
tC2,G+_Y:f
tCr{C2,G+_Y:f#1!ivB+tC2,G+_Y:f#
com.tivoli.pd.as.cache.EnableStaticRoleCaching=true
(e2,G+
(eZ WebSphere Application Server admin.ear r adminconsole.ear D~(!vZ
}ZKPD WebSphere Df>)P4(eD=S2,G+#
com.tivoli.pd.as.cache.StaticRoleCache.Roles=Administrator,Operator,Monitor,Deployer
52 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
" : I T ( } m S T B 2 , G + 4 a _ & C L r D T \ :
CosNamingRead"CosNamingWrite"CosNamingCreate M CosNamingDelete#
dC/,G+_Y:f
b;?VhvKTBhC:
v :hC/,G+_Y:f;
v :tC/,G+_Y:f;
v :8(C'Dns}?;
v :8(wezfZ;
v :8(G+zfZ;
v :8(_Y:fmD}?;
hC/,G+_Y:f
com.tivoli.pd.as.cache.DynamicRoleCache=com.tivoli.pd.as.cache.DynamicRoleCacheImpl
tC/,G+_Y:f
tCr{C/,G+_Y:f#1!ivB+tC/,G+_Y:f#
com.tivoli.pd.as.cache.EnableDynamicRoleCaching=true
8(C'Dns}?
Z4P_Y:fe}.0,K_Y:f'VDnsC'}?#KN}ZtC/,G+
_Y:f19C#1!C'}G 100000#
com.tivoli.pd.as.cache.DynamicRoleCache.MaxUsers=100000
8(wezfZ
weu?f"Z_Y:fD1dN(TVSF)#KN}ZtC/,G+_Y:f19
C#1!1dG 10 VS#
com.tivoli.pd.as.cache.DynamicRoleCache.PrincipalLifeTime=10
K&DuoweG8S(;D LDAP C'5XD Tivoli Access Manager >$#
8(G+zfZ
OzG+0,KG+ZC'DG+PmPf"D1dN(TkF)#KN}ZtC/,
G+_Y:f19C#1!5G 20 k#
com.tivoli.pd.as.cache.DynamicRoleCache.RoleLifetime=20
8(_Y:fmD}?
/,G+_Y:fZ?9CDmD}?#KN}ZtC/,G+_Y:f19C#1
!5G 20#
1Ps?D_L9C_Y:f1,vSC54wZ"E/_Y:fDT\#
com.tivoli.pd.as.cache.DynamicRoleCache.NumBuckets=20
Z 5 B \mNq 53
yZG+D_Tr\N}
yZ Tivoli Access Manager for WebSphere G+D_Tr\N}GI pdwascfg 5C
LrZ Tivoli Access Manager for WebSphere dC1T/hCD#z;+I\ah*
|Db)N}#TBPmhvK?vN}:
v com.tivoli.pd.as.rbpf.AmasSession.AMGroup=amgroup-admin
(eITZ;\CJG+DivBizb)G+D\m1Di{#4(KiC'G
*KozxPG+D\m#1!5* amgroup-admin#
v com.tivoli.pd.as.rbpf.AMAction=i
(F$_M Tivoli Access Manager for WebSphere KP19CKN}4m>C';
Z(CJG+#K5;mS= Tivoli Access Manager ACL P#|TC'MiDG+
4PwCCJ#
v com.tivoli.pd.as.rbpf.AMActionGroup=WebAppServer
KN}I(F$_M Tivoli Access Manager for WebSphere KP19C#|hC*
AMAction tT8(DYwd1]wD Tivoli Access Manager Ywi#
v com.tivoli.pd.as.rbpf.PosRoot=WebAppServer
KN}I(F$_M Tivoli Access Manager for WebSphere KP19C#|CZ7
(G+f"Z\#$TsUdPD;C#
v com.tivoli.pd.as.rbpf.ProductId=deployedResources
KN}I(F$_M Tivoli Access Manager for WebSphere KP19C#|CZ7
(G+f"Z\#$TsUdPD;C#1!5* deployedResources#
v com.tivoli.pd.as.rbpf.ResourceContainerName=Resources
KN};I Tivoli Access Manager for WebSphere 9C,+4G;vXkhCD5#
1!5* Resources#
v com.tivoli.pd.as.rbpf.RoleContainerName=
KN}I Tivoli Access Manager for WebSphere KP19C#|(;f"ZG+]
w{FPDG+#|CZ7(G+f"Z\#$TsUdPD;C#1!5GU
D,T'VTsUdDH0f>M(F$_D105V#TKN}mS5+|DT
sUd<V,"RyPQ(FD&CLr+^(;Z(#
v com.tivoli.pd.as.rbpf.GrantUnprotectedAccess=true
KN};I Tivoli Access Manager for WebSphere 9C,+T;h*hC#1!5
* true#
v com.tivoli.pd.as.rbpf.UseEntitlements=false
Jmr{9f WebSphere Application Server a)D Tivoli Access Manager for
WebSphere 9CZ(~q#hC* true,rXkdCZ(~q"9d&ZKP4,,
yP ACLD XkZdC URL PxPdC#1!5* false#
v com.tivoli.pd.as.rbpf.AmasSession.CfgURL=
KtTD5GyZ WebSphere D;CMKP pdwascfg 5CLr18(D -cfg_url4dCD#
v com.tivoli.pd.as.rbpf.AmasSession.LoggingURL=
file:/c:\WebSphere\AppServer\etc\jlog.properties
KtTD5GyZdC1 Tivoli Access Manager for WebSphere 20D;C4dC
D#
v com.tivoli.pd.as.rbpf.AmasSession.AMName=
54 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
K5GZ Tivoli Access Manager for WebSphere dCZdhCD#KP pdwascfg|n1,-remote_acl_user N}P8(DGC'#
dC=S authorization serverTivoli Access Manager 2+rITP!qX|,`v authorization server#dC`v
authorization server I\\PC,bPTB=v-r:
v JO*F\&,Z;v authorization server ;ICDivB
v a_T\,ZCJks?G#s1
ITdC Tivoli Access Manager for WebSphere TCJ`v authorization server#9C
Java ` com.tivoli.pd.jcfg.SvrSslCfg ImS=SD authorization server#|no(
G:
java com.tivoli.pd.jcfg.SvrSslCfg -action addsvr-authsvr host_name:port_number:rank -cfg_file cfg_file
":+TO|n,I;v|nPdk#
m 7. mS authorization server D|nN}
N} hv
–action addsvr +~qwE"mS=&CLr~qwdCD~P#
–authsvr Tivoli Access Manager authorization server#N}q=G:
v host_name
V{.#authorization server Dwz{F
v port_number
{}5#I*5 authorization server DKZ#
v rank
{}5#K authorization server `TZd| authorization server D
EH6#&CLr~qw"Tq!3;CJksDS\r\xv
_1,+WH*5E{O_D authorization server#JO*F4E{
3rxP#
–cfg_file cfg_file &CLr~qw(Tivoli Access Manager for WebSphere)dCD~#
dCD~G PdPerm.properties#k"b,bXkm>I3;J48>
w(URI)#Z1!;C20 WebSphere Application Server 1,+7
6G:
v Solaris"Linux M HP-UX
file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
v AIX
file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
v Windows
– WebSphere Application Server V4.0.6:
file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties
– WebSphere Application Server V5.0.2:
file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"
Z 5 B \mNq 55
rXF(mSTs`
WebSphere Application Server XF(ICZ8(Z WebSphere 73PKPD&CLr
D2+_T#WebSphere Application Server XF(9ITy]f"ZC'?<PD5e
8(d| Web J4D2+_T#
Tivoli Access Manager rC'"ammSTs` accessGroup#Tivoli Access Manager
\m1IT9C pdadmin |nr Web Portal Manager 44(Bi#b)Bi+_P
Ts` accessGroup#
1!ivB,;adC WebSphere Application Server XF(T+` accessGroup DT
s6p*C'"ami#ITdC WebSphere Application Server XF(T+KTs`
mS=zmC'"amiDTs`PmP#
jITB8>:
1. g{ WebSphere Application Server P4KP,rt/|#
2. S WebSphere XF(,CJCZdC2+TD_6hC#TZ WebSphere Application
Server V5.0.2,K%3rG:2+T → C'"am → LDAP → _6 LDAP hC#
3. ^Di}KwVN#mSTBu?:
(objectclass=accessGroup)
}g,i}KwVNDb[+*:
(&(cn=%w)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=accessGroup)))
4. ^DiI1j63dVN#mSTBu?:
accessGroup:member
}g,iI1j63dVNDb[+*:
groupOfNames:member;groupOfUniqueNames:uniqueMember;accessGroup:member
5. 4UXF(D8>,#9"XBt/ WebSphere Application Server#
GSO we3dhC
ITdC Tivoli Access Manager for WebSphere T\mT WebSphere Enterprise
Information Systems(EIS)(g;Z WebSphere Application Server 2+rPD}]b"
Bq&m53M{"SP53)DO$#TZ EIS 2+rDO$G(} Tivoli Access
Manager for WebSphere * J2C J49C GSO we3dw JAAS G<#i45VD#
(CDG<#i+>$ek JAAS we(JAAS Subject),;sJ4JdwIT9CC
wersK EIS O$#9CD JAAS G<#iyZ?v,S$'4dC#we3d#
iD1! WebSphere Application Server 5VS XML dCD~lwC'{M\kE"#
Tivoli Access Manager for WebSphere F}f"Z XML dCD~PD>$,D*9C
Tivoli Access Manager GSO }]b4a) EIS 2+rO$E"#
WebSphere Application Server a)+C'>$E"k EIS J4`X*D1!we3d
#i#1!3d#iGZ WebSphere Application Server \mXF(P(}2+T →
56 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
JAAS dC → &CLrG<(eD#3d#i{FG DefaultPrincipalMapping#EIS
2+rDC'j6M\kGI authDataAlias tTZ?v,S$'B(eD#authDataAlias
tT5JO;|,C'{M\k#authDataAlias tT|,;vp{,Kp{8DGZ2
+TdCD5P(eDC'{M\kT#
Tivoli Access Manager we3d#i&m authDataAlias 47(T Tivoli Access Manager
GSO }]b4PiRyhD GSO J4{FMC'{#|kS"amlw GSO }]D
Tivoli Access Manager Policy Server (E#
Tivoli Access Manager f"XZJ4/C'{TyT&D Tivoli Access Manager GSO
}]bDO$E"#
4(BD&CLrG<
*4(9C Tivoli Access Manager GSO }]b4f"G<>$DB&CLrG<:
1. !q2+T → JAAS dC → &CLrG<#%wB(4%4(BD JAAS G<d
C#
2. dkBD&CLrG<Dp{#%w&C#
3. Z=StT?V,%w JAAS G<#i4S4(e JAAS G<#i#
4. %wB("dk JAAS G<#i:
< 7. GSO we3de5a9.
Z 5 B \mNq 57
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy
%w&C#
5. Z=StT?V,%w(FtT4(eX(ZG<#iD5,b)5;1S+]=
WcG<#i#
6. %wB(#
Tivoli Access Manager we3d#i9CdCV{. authDataAlias S2+TdCP
lw}7DC'{M\k#
+]=#iD authDataAlias G* J2C ConnectionFactory dCD#r* authDataAlias
GZdC1dkDNbV{.,yTI\PTB&C!O:
v authDataAlias ,1|, GSO J4{FMC'{#KV{.Dq=G0J4/C'1
v authDataAlias v|, GSO J4{F#C'{G9C10a0D0wb147(
D#
*9CDV&C!OGI JAAS dC!n7(D#b)!nDj8E"G:
{F: com.tivoli.pd.as.gso.AliasContainsUserName
5:True(g{p{|,C'{),false(g{&CS2+OBDlwC'{)#
(} WebSphere Application Server XF(dk authDataAliases 1,Zc{;T/
$CZp{.0#JAAS dCu?CZ7(KZc{Gq&C>}r_w*J4{F
D;?V|,ZZ#
{F:com.tivoli.pd.as.gso.AliasContainsNodeName
5:True(g{p{|,Zc{)#
7. 9CBmw*<rdk?vBN}#
&C!O 1:
O$}]p{ BackendEIS/eisUser
J4 BackEndEIS
C' eisUser
we3dN}
{F: 5:
delegate com.tivoli.pd.as.gso.AMPrincipalMapper
com.tivoli.pd.as.gso.aliasContainsUserName true
com.tivoli.pd.as.gso.aliasContainsNodeName false
com.tivoli.pd.as.gso.AMLoggingURL file:///<jlog.props.path>
&C!O 2:
O$}]p{ BackendEIS
J4 BackEndEIS
C' 10QO$D WAS C'
we3dN}
{F: 5:
delegate com.tivoli.pd.as.gso.AMPrincipalMapper
com.tivoli.pd.as.gso.aliasContainsUserName false
com.tivoli.pd.as.gso.aliasContainsNodeName false
58 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
com.tivoli.pd.as.gso.AMLoggingURL file:///<jlog.props.path>
&C!O 3:
O$}]p{ nodename/BackendEIS/eisUser
J4 BackEndEIS
C' eisUser
we3dN}
{F: 5:
delegate com.tivoli.pd.as.gso.AMPrincipalMapdelegateper
com.tivoli.pd.as.gso.aliasContainsUserName true
com.tivoli.pd.as.gso.aliasContainsNodeName true
com.tivoli.pd.as.gso.AMLoggingURL file:///<jlog.props.path>
&C!O 4:
O$}]p{ nodename/BackendEIS/eisUser
J4 nodename/BackEndEIS("bZc{4}%)
C' eisUser
we3dN}
{F: 5:
delegate com.tivoli.pd.as.gso.AMPrincipalMapper
com.tivoli.pd.as.gso.aliasContainsUserName true
com.tivoli.pd.as.gso.aliasContainsNodeName false
com.tivoli.pd.as.gso.AMLoggingURL file:///<jlog.props.path>
&C!O 5:
O$}]p{ nodename/BackendEIS
J4 BackEndEIS
C' 10QO$D WAS C'
we3dN}
{F: 5:
delegate com.tivoli.pd.as.gso.AMPrincipalMapper
com.tivoli.pd.as.gso.aliasContainsUserName false
com.tivoli.pd.as.gso.aliasContainsNodeName true
com.tivoli.pd.as.gso.AMLoggingURL file:///<jlog.props.path>
&C!O 6:
O$}]p{ nodename/BackendEIS/eisUser
J4 nodename/BackendEIS/eisUser("bJ4kO$}]p{`
,)#
C' 10QO$D WAS C'
we3dN}
{F: 5:
delegate com.tivoli.pd.as.gso.AMPrincipalMapper
com.tivoli.pd.as.gso.aliasContainsUserName false
com.tivoli.pd.as.gso.aliasContainsNodeName false
com.tivoli.pd.as.gso.AMLoggingURL file:///<jlog.props.path>
Z 5 B \mNq 59
zVZh*4( J2C O$p{#Vdxb)p{u?DC'{M\kG;`XD,r*
Tivoli Access Manager :pa)C'{M\k#+G,h*fZVdx J2C O$p{
DC'{M\k,TcIT*XF(PD J2C ,S$'!q|G#
*4( J2C O$p{,kS WebSphere Application Server XF(!q2+T → J2CO$}],"*?vu?%wB(4%#XZ&C!ODdk,kN<Om#
Xk+h*9C GSO }]bD?vJ4JdwD,S$'dC*9C Tivoli Access
Manager we3d#i#*jIKYw:
1. S WebSphere Application Server XF(,!q&CLr → s5&CLr
2. %w&CLr{F#
3. S?|&CLrj8E"A;W?DJ4Jdw?V,%w,Sw#i4S#
4. %w .rar 4S#
5. Z?|A;W?D=StT?VP,%wJ4Jdw4S#
":J4Jdw;h*k&CLr;pr|#|ITG@"D#TZby;v&C
!O,J4JdwGSJ4 → J4JdwdCD#
6. Z?|A;W?D=StT?VP,%w J2C ,S$'4S#
7. %wB("dk,S$'tT#
GSO we3dw#i@"Zd| Tivoli Access Manager for WebSphere &\#+G,
|75h*Z4P pdwascfg Zd4(;)D~,b)D~G
JAVA_HOME/PdPerm.properties M PDWAS_HOME/etc/jlog.properties#*Z;dC Tivoli
Access Manager for WebSphere DivBdC GSO we3dw#i,h*(}V$w
C SvrSslCfg 44( PdPerm.properties D~,"Rh*+ jlog.properties.template
D~V$4F= jlog.properties#
Tivoli Access Manager for WebSphere U>G<
Tivoli Access Manager for WebSphere {"MzYU>G<D?jG WebSphere
Application Server SystemOut.log D~#CD~;Z $WAS_HOME/logs/cellname ?<
P#
Tivoli Access Manager for WebSphere U>G<k Access Manager Java Runtime
Environment ;y9C JLog U>G<r\#TZ;,D Tivoli Access Manager for
WebSphere i~,IT!qTXtCzYM{"+]#
b)i~DzYM{"G<G(}{* jlog.properties DQ20D~XFD,CD~
IZ $AMWAS_HOME/etc ?<PR=#
KD~DZ]JmC'XF:
v TZ?v Tivoli Access Manager for WebSphere i~,tC9G{CzY#
v TZ?v Tivoli Access Manager for WebSphere i~,tC9G{C{"G<#
jlog.properties D~(e8v0G<w1,?v0G<w1k;vw*D Tivoli Access
Manager for WebSphere i~`X*#b)G<w|(:
60 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
AmasRBPFTraceLogger
AmasRBPFMessageLogger
CZ*yZG+D_Tr\G<{"/zY#bG Tivoli
Access Manager for WebSphere CZwCJv(DWcr
\#
AmasCacheTraceLogger
AmasCacheMessageLogger
CZ*yZG+D_Tr\y9CD_T_Y:fG<
{"/zY#
AMWASWebTraceLogger
AMWASWebMessageLogger
CZ* WebSphere Application Server Z(e~G<{"
/zY#TZs`}Jb,&C;h*tCKi~Dz
Y#
b)G<wD5V+{"7I= WebSphere Application Server U>G<S53#yT,
gH0ya=D,yPD{"<;4= WebSphere Application Server ~qwD
SystemOut.log D~P#
TZ?vG<w,jlog.properties D~(e isLogging tT,KtTZ;hC* true
1tCC Tivoli Access Manager for WebSphere i~DU>G<#5* false 1r{
CCi~DU>G<#
jlog.properties (e;F* MessageLogger M TraceLogger D08z1G<w,
b)G<w2P isLogging tT#g{0S1G<w;8(K isLogging tT,r|
G+LPdwTD8zD5#20 Tivoli Access Manager for WebSphere 1,
MessageLogger D isLogging tT;hC* true,TraceLogger D isLogging t
T;hC* false#b5JOb6E*yPi~<tCK{"G<,"*yPi~<{C
KzY#
**t Tivoli Access Manager for WebSphere i~DzY,h*4P=vYw:
1. h*|B jlog.properties D~,"+Z{i~D isLogging tThC* true#
}g,*tC AMWASWeb i~DzY,&C+TBPmS= jlog.properties
P:
baseGroup.AMWASWebTraceLogger.isLogging=true
2. Z WebSphere Application Server XF(P,tC PDWAS i~DzY#*9C
WebSphere Application Server XF(jIbnYw,k4PTB=h:
TZ WebSphere V5
a. Zsr\P%w~qw → &CLr~qw#
b. %w?j~qw#
c. %wU>G<MzY → oOzY#
d. ZzYf6jbB,%w^D#
e. %wi~ → PDWAS "!qyhDzY6p#
f. %w&C#
TZ WebSphere V4
a. Zsr\P%w~qw → &CLr~qw#
b. %w?j~qw#
c. %wU>G<MzYtT → oOzY~q#
d. ZzYf6rP,dkTBZ]:
com.ibm.ws.security.PDWAS=all=enabled
Z 5 B \mNq 61
e. %w&C#
0zYf61VZ&C8wZyh6ptCzY##fdC,"XBt/~qwT9
|Dz'#
9C WebSEAL %;"a= WebSphere Application ServerTivoli Access Manager WebSEAL ITCwzm~qw,TT Tivoli Access Manager
for WebSphere #$D&CLra)CJ\mM%;"a\&#CbyDe5a9,
WebSEAL O$C'"+U/D>$T IV 7Dq=*"x WebSphere Application
Server#WebSphere ENX*9Xw(TAI)9X4T WebSEAL Dks"+nUC'
D{FS iv C' HTTP 7Pi!v4,"+d*"x Tivoli Access Manager for
WebSphere,Tivoli Access Manager for WebSphere 9CCE"9lM'z>$E""
Z(C'#kN< WebSphere Application Server D5qCXZ TAI DE"#
4PTB=h(ZSB4D8ZPPj85w),+ WebSEAL hC* WebSphere
Application Server DO$zm:
v :=h 1 - Z Tivoli Access Manager P4(IEDC'J';
v :=h 2 - 4(= WebSphere Application Server D WebSEAL *a;
v Z 63 3D:=h 3a - 9C TAI * WebSphere Application Server V4.0.6 dC
SSO;rZ 63 3D:=h 3b - 9C TAI * WebSphere Application Server V5.0.2
dC SSO;(!vZz}Z9CDWebSphere Application Serverf>)#
=h 1 - Z Tivoli Access Manager P4(IEDC'J'
TAI DWc2+hs.;GZ WebSphere Application Server ;dC9CD Tivoli Access
Manager C'"amP4(IEDC'J'#bG WebSEAL C4r WebSphere
Application Server j6T:Dj6M\k#*K@91ZD)4,k;*+ sec_master
CwIEDC'J'"7#z9CD\kG(;D#IEDC'J'&CvCZ TAI#
Z Tivoli Access Manager zwO,Z pdadmin |nPOdkTB|n:
pdadmin> user create webseal_userid webseal_userid_DN firstnamesurname passwordpdadmin> user modify webseal_userid account-valid yes
=h 2 - 4(= WebSphere Application Server D
WebSEAL *a
d;IT+ WebSEAL dC*Cd|==+]nUC'j6,+G iv C'7G TAI y
(;'VD#RG(i*aOD(E9C SSL Ta_2+T#gK*ahC SSL *s
zdC WebSphere Application Server y9CD HTTP Server M WebSphere Application
Server >m,TS\k> SSL w?"+|}77I= WebSphere Application Server#
b+|(+X*D)p$i<k WebSEAL $i keystore,9I\*<k HTTP Server
$i keystore#
9C -c iv_user !n4(= WebSphere Application Server D WebSEAL *a#}g
(T;Pdk):
server task webseald-server create -t ssl -c iv_user -B-U user -W password -h host_name junction_name -b supply
62 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
":
1. g{T>XZ$iM\?}]bDhC;}7D/f{",k>}C*a,|}\
?}]bDJb"XB4(*a#
2. y]zDhs,*aIT4(* -t tcp r -t ssl#
XZgNdC WebSEAL M WebSphere Application Server .dD*aD|`j8E"
M!n,|(8( WebSEAL ~qwm]Dd|!n,kN<6WebSEAL \m8O7
T0z}CZ WebSphere Application Server D HTTP Server DD5#
=h 3a - 9C TAI * WebSphere Application Server V4.0.6dC SSO
** TAI dC WebSEAL %;"a,k`- TAI dCD~
$WAS_HOME/properties/webseal.properties,"7#hCKTBN}:
v + com.ibm.websphere.security.webseal.loginId hC*Z=h 1 P4(D,;
C'{#
v hostnames M ports N}|, WebSEAL ~qwDwz{MKZ#
v com.ibm.websphere.security.webseal.id G* iv C'7dCD#4:
com.ibm.websphere.security.webseal.id=iv-user
v 7#TB trustedservers.properties }7:
– webseal PZ com.ibm.websphere.security.trustassociation.types P
– WebSeal 9Xw`QhC,4(T;Pdk):
com.ibm.websphere.security.trustassociation.webseal.interceptor=com.ibm.ws.securicty.web.WebSealTrustAssociationInterceptor
– tTD~G}7D,4:
com.ibm.websphere.security.trustassociation.webseal.config=webseal
1. S WebSphere \mXF(,CJO$ → 2+PD,"7#!qtC Web ENX
*#
2. SibwzD~PP,!q default_host ibwz#%wp{rPDmS#dkB
Dp{* *:443
3. XBt/ WebSphere#
=h 3b - 9C TAI * WebSphere Application ServerV5.0.2 dC SSO
WNhC2+T1,h*4PTB=h#
1. Zs_<=feP%w2+T → O$zF → LTPA#
2. %w=StTBDENX*#
3. !qtCENX*4!r#
4. %w=StTBD9Xw#
5. %w com.ibm.ws.security.web.WebSealTrustAssociationInterceptor T9C
WebSEAL 9Xw#K9XwG1!5#
6. %w=StTBD(FtT#
7. %wB(,dktT{M5T#k7#hCKTBN}:
v 7# webseal PZ com.ibm.websphere.security.trustassociation.types P
Z 5 B \mNq 63
v + com.ibm.websphere.security.webseal.loginId hC*Z=h 1 P4(D,
;C'{#
v com.ibm.websphere.security.webseal.id G* iv C'7dCD#4:
com.ibm.websphere.security.webseal.id=iv-user
v com.ibm.websphere.security.webseal.hostnames 8(ks7PyZ{Dwz
{(xVs!4)#}g:
com.ibm.websphere.security.webseal.hostnames=host1
}G com.ibm.websphere.security.webseal.ignoreProxy hC* true,qrb9&C
|(zmwz{(g{PD0)#9C server list pdadmin |nIq!~qw
Pm#
v com.ibm.websphere.security.webseal.ports 8(ks7PyZ{Dwz{yT
&DKZE#}G com.ibm.websphere.security.webseal.ignoreProxy hC* true,
qrb9&C|(zmKZ(g{PD0)#}g:
com.ibm.websphere.security.webseal.ports=80,443
v com.ibm.websphere.security.webseal.ignoreProxy GI!tT,g{hC*
true r yes,rvT IV 7PDzmwz{MKZ#1!ivB,KtThC*
false#
8. %w07(1##fdC""z#XBt/ WebSphere Application Server#
=h 4 - Z WebSEAL PhC SSO \k
`- WebSEAL dCD~ webseal_install_directory/etc/webseald-default.conf,
"(}hCTBN}*Z=h 1 P4(DC'hC SSO \k:
basicauth-dummy-passwd=webseal_userid_passwd
XBt/ WebSEAL#
=h 5 - bT WebSEAL ,S
*7#g WebSEAL *aCJ WebSphere Application Server DYw}7,kG<=
WebSEAL ;N""Tg*aCJ WebSphere Application Server OD\#$Ts#
JOoO<I
>Z|,TBwb:
v :WebSphere ~qwZdCM(Fs;t/ - vTZ WebSphere Application Server
V4.0.6;
v Z 65 3D:WebSphere ~qwZ!{dCs;t/ - vTZ WebSphere Application
Server V4.0.6;
WebSphere ~qwZdCM(Fs;t/ - vTZ WebSphereApplication Server V4.0.6
Jb:ZdC Tivoli Access Manager for WebSphere s,WebSphere Application Server
;at/#
5w:I\P=v-r:
64 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
v Z Tivoli Access Manager for WebSphere dCZd,BD\mi pdwas-admin ;P
mS=`&D ACL P#
v Z Tivoli Access Manager for WebSphere dCZd,BD\mi pdwas-admin mS
=K`&D ACL P,+;PTyP authorization server |B ACL#KJb;I\
Z_P`v authorization server D2+rP"z#
bv=8:
P=VI\Dbv=8:
v g{ pdwas-admin ;PmS=`&D ACL P,rVZmS|#kNDZ 31 3D:Z
5 ?V a:(F WebSphere 2+ThC - WebSphere V4.0.6;P+ pdwas-admin
imS=\m ACL D8>E"#
v g{ pdwas-admin Q-mS=K`&D ACL P,"R2+r|,`v authorization
server,R4|B authorization server,rVZ|B|G#kNDZ 31 3D:Z 5 ?
V a:(F WebSphere 2+ThC - WebSphere V4.0.6;P+ pdwas-admin im
S=\m ACL D8>E"#
WebSphere ~qwZ!{dCs;t/ - vTZ WebSphereApplication Server V4.0.6
Jb:Z!{dC Tivoli Access Manager for WebSphere M Access Manager Java
Runtime Environment s,WebSphere Application Server I\^(t/#KJba;1
"z#WebSphere Application Server 4\0k2+T-ww
com.ibm.ejs.security.EJSSecurityCollaborator#
d(=(:{C WebSphere Application Server 2+T"XBt/ WebSphere Application
Server#
1. *AKP DB2 D53#T20 DB2 yCDC'{G<#}g:
# su - db2inst1
+T>;uC({"
2. dkTVeVT>DTB|n,dP was40 G WebSphere V4 }]bD{F:
db2 => connect to was40 user db2inst1* db2inst1 dk10\k:
}]b,SE"}]b~qw = DB2/LINUX 7.2.0SQL Z(j6 = DB2INST1>X}]bp{ = WAS40
db2 => update ejsadmin.securitycfg_table set securityenabled = 0DB20000I SQL |nI&jI
db2 => commitDB20000I SQL |nI&jI
3. t/ WebSphere Application Server#
Z 5 B \mNq 65
8] Tivoli Access Manager for WebSphere D~
T Tivoli Access Manager for WebSphere D~9C8]_TG\CD\mv(,by
ITZt1JOivBV4X*E"#
X|D Tivoli Access Manager for WebSphere D~G:
v ;Z Tivoli Access Manager for WebSphere 20D /etc ?<PD PDWAS.properties
M jlog.properties#
v ;Z WebSphere Application Server 20D /config ?<PD PD_WAS.prop#
*V4 Tivoli Access Manager for WebSphere,&CXB20C&CLr"R+TOD
~4FX Tivoli Access Manager for WebSphere M WebSphere Application Server 2
0OD`&;C#
66 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
Z 6 B LL:gNtC2+T
>Ba)K;vLLhvgN*>}&CLrmS2+T#KLLT WebSphere LL*
y!,CLLozzKbPX WebSphere &CLrDc`"dCM?pDwv=f#f
WebSphere LLa)Kw* WebSphere z7D;?Vy|,D>}zk#
z;h*N< WebSphere LL4IT9CK Tivoli Access Manager LL#K Tivoli
Access Manager for WebSphere LLa)K;v&CLr EAR D~,CD~G4U
WebSphere LLD8>E"S WebSphere >}zk9(D#
WebSphere LLIZTBX7Z_iR:
http://www.ibm.com/software/webservers/appserv/infocenter.html
f Tivoli Access Manager for WebSphere ;pa)D>}LrGSTOPvD Web >
cODZ 6.7.1"6.7.2 M 6.7.3 ZPDLL8>E"9(D#>BPDZ]+zfTO
PvD Web >cODZ 6.7.4 ZPDLL#
>B|,TBwZ:
v :LL:CZ Tivoli Access Manager for WebSphere Application Server V4.0.6;
v Z 76 3D:LL:CZ Tivoli Access Manager for WebSphere Application Server
V5.0.2;
LL:CZ Tivoli Access Manager for WebSphere Application ServerV4.0.6
gN9C>LL
>LLrz]>KgNr&CLr EAR D~mS2+T"r LDAP C'"ammS
C'"tC WebSphere 2+T"?p"bTy>&CLr"+&CLr(F= Tivoli
Access Manager"tC Tivoli Access Manager for WebSphere Z(i~T0Z Tivoli
Access Manager BbT&CLr2+T#>LL9rz]>gNTG+xPr%D|
D,;sbTZCJliZdGq\6p|Da{#
b)8>E"Y(fZTBiv:
v Q-20MdCK WebSphere Application Server T9C IBM Directory LDAP ~
qw#
v 9;P* WebSphere tC2+T#
zITZjI Tivoli Access Manager for WebSphere Du<20MdC.0r.sK
PKLL#g{9;P20 Tivoli Access Manager for WebSphere,KLL+8>zN
120#
b)8>E"YhQ-20MdCK Tivoli Access Manager M WebSphere Application
Server,"R|G}Z9C`,D IBM Directory Server C'"am#
© Copyright IBM Corp. 2002, 2003 67
g{z9;P20"dC Tivoli Access Manager for WebSphere,rkjITBwZP
D8>:
v :Z 1 ?V:r LDAP C'"ammSC';
v Z 69 3D:Z 2 ?V:20 Tivoli Access Manager for WebSphere;
v Z 69 3D:Z 3 ?V:r WebSphere &CLrmS2+T;
v Z 71 3D:Z 4 ?V:* WebSphere Application Server 4( Tivoli Access Manager
\mC';
v Z 71 3D:Z 5 ?V:tC WebSphere 2+T;
v Z 72 3D:Z 6 ?V:?p&CLr;
v Z 73 3D:Z 7 ?V:bTQ?pD&CLrD2+T;
v Z 73 3D:Z 8 ?V:+&CLr(F= Tivoli Access Manager;
v Z 75 3D:Z 9 ?V:bTQ?pD&CLrD2+T;
v Z 75 3D:Z 10 ?V:|DG+;
v Z 76 3D:Z 11 ?V:bTQ?pD&CLrD2+T;
g{zQ-jIK Tivoli Access Manager for WebSphere Du<20MdC,r;h
*y]Z 25 3DZ 3 B, :dC}L;PD8>E"jITB?V:
v :Z 1 ?V:r LDAP C'"ammSC';
":z;h*4Pb;?VPD=h 2#KNqQZ Tivoli Access Manager for
WebSphere Du<dC}LPjI#
v Z 69 3D:Z 3 ?V:r WebSphere &CLrmS2+T;
v Z 72 3D:Z 6 ?V:?p&CLr;
v Z 73 3D:Z 7 ?V:bTQ?pD&CLrD2+T;
v Z 73 3D:Z 8 ?V:+&CLr(F= Tivoli Access Manager;
v Z 75 3D:Z 9 ?V:bTQ?pD&CLrD2+T;
v Z 75 3D:Z 10 ?V:|DG+;
v Z 76 3D:Z 11 ?V:bTQ?pD&CLrD2+T;
Z 1 ?V:r LDAP C'"ammSC'
9C Tivoli Access Manager pdadmin 5CLr4r LDAP C'"ammSzZ0;
?VPywDC'(user1"user2 M user3)#mkmS;v=SC' user4#
>Z]>C4mSC'D+2 pdadmin |n#PXyP pdadmin !nDj{E",
kND6IBM Tivoli Access Manager Base \m8O7#
1. T Tivoli Access Manager \m1G<:
C:> pdadmin -a sec_master -p myPassword
* Tivoli Access Manager 2+rD sec_master J'f;}7D\k#
2. g{Q-20K Tivoli Access Manager for WebSphere "RjIKu<dC,rx
}b;=#*AB;=#
g{z9;P20 Tivoli Access Manager for WebSphere,rk4(;v WebSphere
\mC'#+TB|n,I;v|nPdk:
68 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
pdadmin> user create wsadmin cn=wsadmin,o=organization,c=country wsadmin wsadmin myPassword
+ organization M country f;*T LDAP C'"amP'D5#
3. *?vBC'4(C'J'#Vd\k#TB>}T>K>}|n,dP organization
G ibm,country G au,"RyPC'SUD\kG myPassword#
pdadmin> user create user1 cn=user1,o=ibm,c=us user1user1 myPasswordpdadmin> user create user2 cn=user2,o=ibm,c=us user2user2 myPasswordpdadmin> user create user3 cn=user3,o=ibm,c=us user3user3 myPasswordpdadmin> user create user4 cn=user4,o=ibm,c=us user4user4 myPassword
4. tCyPDJ':
pdadmin> user modify wsadmin account-valid yespdadmin> user modify user1 account-valid yespdadmin> user modify user2 account-valid yespdadmin> user modify user3 account-valid yespdadmin> user modify user4 account-valid yes
5. Kv pdadmin 5CLr:
pdadmin> quit
6. 5X WebSphere XF(TtC2+T#Lx4PZ 71 3D:Z 5 ?V:tC
WebSphere 2+T;#
Z 2 ?V:20 Tivoli Access Manager for WebSphereg{zQ-20MdCK Tivoli Access Manager for WebSphere,rx}b;?V#*
AB;?VZ 73 3D:Z 8 ?V:+&CLr(F= Tivoli Access Manager;#
VZ<820MdC Tivoli Access Manager for WebSphere m~#
4Z 11 3DZ 2 B, :208>E";PD8>E"Yw#
Z20K Tivoli Access Manager for WebSphere D~s,jIZ 25 3D:dCu<2
0;PhvDu<dC,TBiv}b:
ZKLLP,zQ-ZZ 68 3D:Z 1 ?V:r LDAP C'"ammSC';P4
(K WebSphere \mC'(wsadmin)#by,Zu<dCZdz;h*4PKYw#r
K,kx}Z 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access
Manager \mC';PD=h 2#
Z 3 ?V:r WebSphere &CLrmS2+T
1. t/ WebSphere &CLrc`$_#%w*< → Lr → IBM WebSphere →Application Server V4.0 AE → &CLrc`$_,rKP
C:\WebSphere\AppServer\bin\assembly
Z06-1A;%w!{#
2. +y>&CLrD~ simpleSession.ear Sdb9uD?j?<4F=
C:\temp\assembly\simpleSession.ear
3. S WebSphere &CLrc`$_r*y>&CLr EAR D~#%wD~ → r*
C:\temp\assembly\simpleSession.ear
Z 6 B LL:gNtC2+T 69
4. R|%w2+TG+#%wB(#
5. !q#f!n(#mS:
{F:GoodGuys
6. !qs(!n(#%wmSC'#
{F:user1
%w7(#
7. X4H0D=h4mSTBC':
{F:user2{F:user3
1mSyPDC's%w7(#
8. 9* EJB #i#9* EBJ11#R|%w=(mI(#!qB(#mS:
{F:MyMethodPermissions
a. =(:%wmS#
v !q>X(*)
v !q6L(*)
%w7(#
b. G+:%wmS#!q GoodGuys#%w7(#
9. 9* Web #i#+w SimpleSessionWar#
a. %w_6!n(#
b. !PG<dCr#
c. 8(Z(=(:y>#
d. 8(r{F:Getting Started
e. %w&C#
10. 9* Web #i#9* SimpleSessionWar#R|%w SecurityConstraints#
!qB(#
a. Z2+T<x{P,dk GoodGuys#
b. G+:
v %wmS#
v !q GoodGuys#
v %w7(#
c. Z+M##P,!q^#
d. %w7(#
11. R|%w Web #i -> SimpleSessionWar -> SecurityConstraints ->GoodGuys -> Web J4/O#
a. !qB(#
b. TZ Web J4{,dk SecureMe#
c. Z HTTP =(P,%wmS#!q GET#%w7(#
d. Z HTTP =(P,%wmS#!q POST#%w7(#
e. Z URL P,%wmS#dk:0/SimpleSession1#%w7(#
f. %w7(#
70 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
12. #fbvBD EAR D~#!qD~ -> mf*"dk:
C:\temp\assembly\simpleSessionSecure.ear
13. !qD~ -> zI?pzk#
a. +$w?<hC* C:\temp#
b. %w"4zI#
c. ^}yPms#
14. Kv&CLrc`$_#Lx4PB;ZZ 68 3D:Z 1 ?V:r LDAP C'
"ammSC';#
Z 4 ?V:* WebSphere Application Server 4( TivoliAccess Manager \mC'
g{Z WebSphere Application Server PQ-tCK2+T,r&C+ WebSphere
Application Server \mC'<k Tivoli Access Manager TsUd#9C Tivoli Access
Manager |nP5CLr pdadmin r Tivoli Access Manager Web Portal Manager *
WebSphere Application Server <k Tivoli Access Manager \mC'#*S Tivoli Access
Manager |nP5CLr4PKYw:
1. S|nP,T\mC' sec_master m]t/ pdadmin:
pdadmin -a sec_master -p sec_master_password
2. <k WebSphere Application Server \mC'#}g:
pdadmin> user import was_admin_user dn_registry_identifier
9 WebSphere \mC'J'P':
pdadmin> user modify was_admin_user account-valid yes
g{Z WebSphere Application Server PP4tC2+T,rh*4( WebSphere
Application Server \mC'#9C Tivoli Access Manager |nP5CLr pdadminr Tivoli Access Manager Web Portal Manager * WebSphere Application Server 4(
Tivoli Access Manager \mC'#
TB8>E"hvgN9C pdadmin#
1. S|nP,T\mC' sec_master m]t/ pdadmin:
pdadmin -a sec_master -p sec_master_password
2. * WebSphere Application Server 4( Tivoli Access Manager \mC'#}g,T
B8>E"4(BC' wsadmin#TB|nXk,I;v|nPdk:
pdadmin> user create wsadmin cn=wsadmin,o=organization,c=countrywsadmin wsadmin myPassword
+ organization M country f;*T LDAP C'"amP'D5#
9 wsadmin J'P':
pdadmin> user modify wsadmin account-valid yes
Z 5 ?V:tC WebSphere 2+T
g{P4tC WebSphere 2+T,r9CZ 27 3D:Z WebSphere Application Server
V4.0.6 PtC2+T;PD8>E"4PKYw#
Z 6 B LL:gNtC2+T 71
Z 6 ?V:?p&CLr
1. i$ WebSphere \m~qwGq}ZKP#
2. t/ WebSphere t/M'z:
C:\websphere\appserver\bin\adminclient
3. TC' wsadmin M\k myPassword G<#
4. !q WebSphere \mr -> s5&CLr#
5. R|%w"!q20s5&CLr#
a. !P20&CLr4%#
b. hC76:
c:\temp\assembly\simpleSessionSecure.ear
c. %wB;=#+vVT0ra>z\xTyP4\#$D=(DCJ#%w
G#
d. %w!q#
e. i$GqQPvyPC'
user1 user2 user3
f. %w7(#
g. VZITZr*D;5PT0rPpv!qB;=#b)T0rDjbVp
G:
v 3dC'=G+
v 3d EJB RunAs G+=C'
v s(s5 Bean = JNDI {F
v 3d EJB }C=J4
v * EJB #i8(1!}]4
v *vp CMP Bean 8(}]4
v * Web #i!qibwz
v !q&CLr~qw
h. Zr*T0rjI&CLr20r<1,%wjI#
i. %wG4zIzk#%w7(#
j. %w7(KvT0r#
6. g{1!~qw}ZKP,rVZM#9|#g{1!~qw;PKP,rLx=
B;v=h#
*#91!~qw:
v !q WebSphere \mr -> Zc -> wz{ -> &CLr~qw -> 1!~q
w
v R|%w1!~qw#
v !q#9#
v %w7(TKvT0r#
7. t/01!~qw1#
v !q WebSphere \mr -> Zc -> wz{ -> &CLr~qw -> 1!~q
w
72 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
v R|%w1!~qw#
v !qt/#
v %w7(KvT0r#
8. Kv WebSphere _6\mXF(#
9. Lx4P:Z 7 ?V:bTQ?pD&CLrD2+T;#
Z 7 ?V:bTQ?pD&CLrD2+T
Servlet
1. t/ Web /@w#
2. *=TB URL#CzD53{F4f; hostname:
http://hostname:9080/gettingstarted3/SimpleSession?msg=Test
3. &Ca>zdkC'{M\k#dkTBP'C'{.;:user1 r user2 r
user3,"dk;v^'{F,g user4#dk}7D\k#
z&C4=a{3#Zdk^'{F user4 s,&14=JO3#
4. XBt/ Web /@w#
5. *=,; URL#1a>dkC'{M\k1,kdk^'DC'{r\k#
z&C4=JO3#
VM'z
1. 9C launchclient Lr4t/2+&CLr#Z;PPdkTB|n:
C:> c:\websphere\appserver\bin\launchclientc:\websphere\appserver\installedApps\simpleSessionSecure.ear
2. &1SU=G<a>,*szdkC'{M\k#
3. dkP'C'{M\k#}g,user1#
&C4=8>I&G<DD>#
4. XBt/ Web /@w#
5. 9C launchclient LrTt/2+&CLr,gTO=h 1 y>#1a>dkC
'{M\k1,kdk^'DC'{r\k#
&C4=8>G<vVJODD>#
6. LxxPB;Z#
Z 8 ?V:+&CLr(F= Tivoli Access Managerb)8>E"Y(zQ-jIK Tivoli Access Manager for WebSphere Du<20M
dC,gZ 25 3D:dCu<20;Pyv#u<20MdC|,K admin.ear D~
D(F#
":g{z9;PjI Tivoli Access Manager for WebSphere Du<20MdC,G
4VZjI|#kNDZ 25 3D:dCu<20;PD8>E"#
1. c/TBE",z+h*QCE"8(*(F5CLrDdkN}:
v *(FD EAR D~{F:
c:\temp\assembly\simpleSessionSecure.ear
Z 6 B LL:gNtC2+T 73
v PDPerm.properties D~D;C#KD~;Z WebSphere Application Server 2
0?<BD3v?<P#TBPmT>K?vYw53OD1!;C#
":D~;CXkm>*3;J48>w#
– Solaris"Linux M HP-UX
file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
– AIX
file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
– Windows
file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties
v Tivoli Access Manager \mJ'D{F#&C* sec_master#
v sec_master J'D\k#
v WebSphere \mC'J'D{F#b&1kzZ Tivoli Access Manager for
WebSphere u<dCWN4(DJ'`%d#}g:
wsadmin
v LDAP (P{F(DN)s:,Tivoli Access Manager policy server M WebSphere
Application Server yZCs:Bf"C'E"#b&1kz4( wsadmin C'1
9CD DN s:`%d#
ZZ 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access
Manager \mC';PT>D>}4(K_PTB DN D wsadmin:
cn=wsadmin,o=ibm,c=us
ZbVivB,DN s:G: o=ibm,c=us
K5&1w* migrateEAR4 5CLrD –d !nDN}xv#
":zIT9C pdadmin 4T>53O wsadmin D DN:
pdadmin> user show wsadmin
2. +?<|DA(F5CLryZD;C:
v (UNIX)/opt/pdwas/bin
v (Windows)C:\Program Files\Tivoli\pdwas\bin
74 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
3. KP(F5CLr4(F&CLr}]#
9CzZ0f=hPc/DN},Z|na>{P+TBD>,I;v|nPd
k:
m 8. (F5CLrD|nPwC
UNIX
migrateEAR4 -j /temp/assembly/simpleSessionSecure.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
k"b AIX OD PdPerm.properties D~D1!;CG:
/usr/WebSphere/AppServer/java/jre/PdPerm.properties
Windows
migrateEAR4 -j C:\temp\assembly\simpleSessionSecure.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties
( F 5 C L r + d v G < = U > D ~ P # T > U > D ~ { F # } g ,
pdwas_migrate.log#zITliU>D~DZ]Ti$Gq(FKyPG+#
g{;vVU>D~,r(F5CLrv=KJb#g{"zKbViv,ki$
zGq* -c !na)K}7D3;J48>w,"* -j !na)K}7DD~
{#
4. ZjIE>s,kLxB;Z:Z 9 ?V:bTQ?pD&CLrD2+T;#
Z 9 ?V:bTQ?pD&CLrD2+T
1. ki$&CLrD2+TGqZpwC#X4Z 73 3D:Z 7 ?V:bTQ?pD
&CLrD2+T;PCZ servlet MVM'zD=h#
2. Zi$K2+Ts,kLxxP:Z 10 ?V:|DG+;#
Z 10 ?V:|DG+
k9C Tivoli Access Manager pdadmin 5CLr,T(}mSC'4|DG+(e#
1. t/ pdadmin:
pdadmin -a sec_master -p myPassword
2. ^D SimpleSession &CLrD ACL TmS user4 D{F#,I;v|nPdk
TB acl modify |n:
pdadmin> acl modify _WebAppServer_deployedResources_GoodGuys_SimpleSessApp_ACLset user user4 T[WebAppServer]i
3. 4F=~qw"KvK5CLr:
pdadmin> server replicatepdadmin> quit
4. LxxPZ 76 3D:Z 11 ?V:bTQ?pD&CLrD2+T;#
Z 6 B LL:gNtC2+T 75
Z 11 ?V:bTQ?pD&CLrD2+T
1. ki$&CLrD2+TGqZpwC#X4Z 73 3D:Z 7 ?V:bTQ?pD
&CLrD2+T;PCZ servlet MVM'zD=h#
k"bZdkP'C'{1,4ITdk user1"user2"user3 r user4#
2. i$ user4 VZ\qG<#
zVZQ-jI>LL#
LL:CZ Tivoli Access Manager for WebSphere Application ServerV5.0.2
gN9C>LL
>LLrz]>KgN*&CLr EAR D~mS2+T"* LDAP C'"ammS
C'"tC WebSphere 2+T"?p"bTy>&CLr"+&CLr(F= Tivoli
Access Manager"tC Tivoli Access Manager for WebSphere Z(i~T0Z Tivoli
Access Manager BbT&CLr2+T#>LL9]>gNTG+xPr%D|D,;
sbTZCJliZdGq\6p|Da{#
b)8>E"Y(fZTBiv:
v Q-20MdCK WebSphere Application Server T9C IBM Directory Server#
v 9;P* WebSphere tC2+T#
zITZjI Tivoli Access Manager for WebSphere Du<20MdC.0r.sK
PKLL#g{9;P20 Tivoli Access Manager for WebSphere,KLL+8>zN
120#
b)8>E"YhQ-20MdCK Tivoli Access Manager M WebSphere Application
Server,"R|G}Z9C`,D IBM Directory Server C'"am#
g{z9;P20"dC Tivoli Access Manager for WebSphere,rkjITBwZP
D8>:
v Z 77 3D:Z 1 ?V:r LDAP C'"ammSC';
v Z 78 3D:Z 2 ?V:20 Tivoli Access Manager for WebSphere;
v Z 78 3D:Z 3 ?V:r WebSphere &CLrmS2+T;
v Z 80 3D:Z 4 ?V:* WebSphere Application Server 4( Tivoli Access Manager
\mC';
v Z 80 3D:Z 5 ?V:tC WebSphere 2+T;
v Z 80 3D:Z 6 ?V:?p&CLr;
v Z 81 3D:Z 7 ?V:bTQ?pD&CLrD2+T;
v Z 82 3D:Z 8 ?V:+&CLr(F= Tivoli Access Manager;
v Z 83 3D:Z 9 ?V:bTQ?pD&CLrD2+T;
v Z 83 3D:Z 10 ?V:|DG+;
v Z 84 3D:Z 11 ?V:bTQ?pD&CLrD2+T;
76 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
g{zQ-jIK Tivoli Access Manager for WebSphere Du<20MdC,r;h
*y]Z 25 3DZ 3 B, :dC}L;PD8>E"jITB?V:
v :Z 1 ?V:r LDAP C'"ammSC';
v Z 78 3D:Z 3 ?V:r WebSphere &CLrmS2+T;
":z;h*4Pb;?VPD=h 3#KNqQZ Tivoli Access Manager for
WebSphere Du<dC}LPjI#
v Z 80 3D:Z 6 ?V:?p&CLr;
v Z 81 3D:Z 7 ?V:bTQ?pD&CLrD2+T;
v Z 82 3D:Z 8 ?V:+&CLr(F= Tivoli Access Manager;
v Z 83 3D:Z 9 ?V:bTQ?pD&CLrD2+T;
v Z 83 3D:Z 10 ?V:|DG+;
v Z 84 3D:Z 11 ?V:bTQ?pD&CLrD2+T;
Z 1 ?V:r LDAP C'"ammSC'
9C Tivoli Access Manager pdadmin 5CLr4r LDAP C'"ammSzZ0;
?VPywDC'(user1"user2 M user3)#mkmS;v=SC' user4#
>Z]>C4mSC'D+2 pdadmin |n#PXyP pdadmin !nDj{E",
kND6IBM Tivoli Access Manager Base \m8O7#
1. T Tivoli Access Manager \m1G<:
C:> pdadmin -a sec_master -p myPassword
* Tivoli Access Manager 2+rD sec_master J'f;}7D\k#
2. g{zQ-20K Tivoli Access Manager for WebSphere "RjIKu<dC,r
x}b;=#*AB;=#
g{z9;P20 Tivoli Access Manager for WebSphere,rk4(;v WebSphere
\mC'#+TB|n,I;v|nPdk:
pdadmin> user create wsadmin cn=wsadmin,o=organization,c=country wsadmin wsadmin myPassword
+ organization M country f;*T LDAP C'"amP'D5#
3. *?vBC'4(C'J'#Vd\k#TB>}T>K>}|n,dP organization
G ibm,country G au,"RyPC'SUD\kG myPassword#
pdadmin> user create user1 cn=user1,o=ibm,c=us user1user1 myPasswordpdadmin> user create user2 cn=user2,o=ibm,c=us user2user2 myPasswordpdadmin> user create user3 cn=user3,o=ibm,c=us user3user3 myPasswordpdadmin> user create user4 cn=user4,o=ibm,c=us user4user4 myPassword
4. tCyPDJ':
pdadmin> user modify wsadmin account-valid yespdadmin> user modify user1 account-valid yespdadmin> user modify user2 account-valid yespdadmin> user modify user3 account-valid yespdadmin> user modify user4 account-valid yes
5. Kv pdadmin 5CLr:
Z 6 B LL:gNtC2+T 77
pdadmin> quit
6. 5X WebSphere XF(TtC2+T#LxxPZ 80 3D:Z 5 ?V:tC
WebSphere 2+T;#
Z 2 ?V:20 Tivoli Access Manager for WebSphereg{zQ-20MdCK Tivoli Access Manager for WebSphere,rx}b;?V#*
AB;?VZ 82 3D:Z 8 ?V:+&CLr(F= Tivoli Access Manager;#
VZ<820MdC Tivoli Access Manager for WebSphere m~#
4Z 11 3DZ 2 B, :208>E";PD8>E"Yw#
Z20K Tivoli Access Manager for WebSphere D~s,jIZ 25 3D:dCu<2
0;PhvDu<dC,TBiv}b:
ZKLLP,zQ-ZZ 77 3D:Z 1 ?V:r LDAP C'"ammSC';P4
(K WebSphere \mC'(wsadmin)#byZu<dCZdz;h*4PKYw#r
K,kx}Z 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access
Manager \mC';PD=h 2#
Z 3 ?V:r WebSphere &CLrmS2+T
1. +y>&CLrD~ simpleSession.ear S %PDWAS_HOME%\example ?<(CD~
;b9uD;C)4F= C:\temp\assembly\simpleSession.ear
2. t/ WebSphere &CLrc`$_#%w*< -> Lr -> IBM WebSphere ->Application Server V5.0 -> &CLrc`$_rKP
C:\WebSphere\AppServer\bin\assembly
Z06-1A;%w!{#
3. S WebSphere &CLrc`$_,r*y>&CLr EAR D~#%wD~ -> r
* C:\temp\assembly\simpleSession.ear
4. 9* EJB #i#9* EBJ11#R|%w2+TG+#%wB(#mS:
{F:GoodGuys
%w7(#
5. 9* Web #i#9* SimpleSessionWar#R|%w2+TG+#%wB(#m
S:
{F:GoodGuys
%w7(#
6. S%cR|%w2+TG+#!qs(!n(#SC'?V,%wmS#dk
user1#
%w7(#
7. X4H0D=h4mSTBC':
{F:user2{F:user3
1yPC'<QmSs,%w&C#
78 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
8. 9* EJB #i#9* EBJ11#R|%w=(mI(#!qB(#%wmS4%"
xk Method Permission_Name: VN:
{F:’MyMethodPermissions’
a . S = ( ? V , % w m S # 9 * S i m p l e s e s s i o n E J B I 0 . j a r M
com_ibm_websphere_gettingstarted_ejbs_SimpleSession_(*)#!qyP=
(#%w7(#
b. SG+?V,%wmS#!q GoodGuys#%w7(#
c. %w7(#
9. 9* Web #i#+w SimpleSessionWar#
a. %w_6!n(#
b. !PG<dCr#
c. 8(Z(=(:y>#
d. 8(r{F:Getting Started
e. %w&C#
10. 9* Web #i#9* SimpleSessionWar#R|%w SecurityConstraints#
%wG(b7OK=h 9)#
11. YN9* Web #i#9* SimpleSessionWar#R|%w SecurityConstraints#
%wG#!qB(#
a. Z2+T<x{P,dk GoodGuys#
b. G+:
v %wmS#
v !q GoodGuys#
c. Z+M##P,!q^#
d. %w7(#
12. R|%w Web #i -> SimpleSessionWar -> SecurityConstraints ->GoodGuys -> Web J4/O#
a. R|%w"!qB(#
b. TZ Web J4{,kdk SecureMe#
c. Z HTTP =(P,%wmS#!q GET#%w7(#
d. Z HTTP =(P,%wmS#!q POST#%w7(#
e. Z URL P,%wmS#dk:0/SimpleSession1#%w7(#
f. %w7(#
13. #fbvBD EAR D~#!qD~ -> mf*"dk:
C:\temp\assembly\simpleSessionSecure.ear
14. !qD~ -> zI?pzk#
a. +$w?<hC* C:\temp#
b. %w"4zI4%#
c. ^}yPms#
d. %wXU4%#
15. Kv&CLrc`$_#LxxPB;ZZ 68 3D:Z 1 ?V:r LDAP C'
"ammSC';#
Z 6 B LL:gNtC2+T 79
Z 4 ?V:* WebSphere Application Server 4( TivoliAccess Manager \mC'
g{Z WebSphere Application Server PQ-tCK2+T,r&C+ WebSphere
Application Server \mC'<k Tivoli Access Manager TsUd#9C Tivoli Access
Manager |nP5CLr pdadmin r Tivoli Access Manager Web Portal Manager *
WebSphere Application Server <k Tivoli Access Manager \mC'#*S Tivoli Access
Manager |nP5CLr4PKYw:
1. S|nP,T\mC' sec_master m]t/ pdadmin:
pdadmin -a sec_master -p sec_master_password
2. <k WebSphere Application Server \mC'#}g:
pdadmin> user import was_admin_user dn_registry_identifier
9 WebSphere \mC'J'P':
pdadmin> user modify was_admin_user account-valid yes
g{Z WebSphere Application Server PP4tC2+T,rh*4( WebSphere
Application Server \mC'#9C Tivoli Access Manager |nP5CLr pdadminr Tivoli Access Manager Web Portal Manager * WebSphere Application Server 4(
Tivoli Access Manager \mC'#
TB8>E"hvgN9C pdadmin#
1. S|nP,T\mC' sec_master m]t/ pdadmin:
pdadmin -a sec_master -p sec_master_password
2. * WebSphere Application Server 4( Tivoli Access Manager \mC'#}g,T
B8>E"4(BC' wsadmin#TB|nXk,I;v|nPdk:
pdadmin> user create wsadmin cn=wsadmin,o=organization,c=countrywsadmin wsadmin myPassword
+ organization M country f;*T LDAP C'"amP'D5#
9 wsadmin J'P':
pdadmin> user modify wsadmin account-valid yes
Z 5 ?V:tC WebSphere 2+T
g{P4tC WebSphere 2+T,r9CZ 27 3D:Z WebSphere Application Server
V5.0.2 PtC2+T;PD8>E"4PKYw#
Z 6 ?V:?p&CLr
1. 7# WebSphere \m~qw}ZKP#
2. r*\mXF(:http://localhost:9090/admin#
":;)tCK LTPA 2+T,rXk9C FQDN:
http://hostname.domain.com:9090/admin
3. T wsadmin G<#
4. !qs5&CLr,;s!q20BD&CLr
80 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
5. %w/@4iR&CLr,4 C:\temp\assembly\simpleSessionSecure.ear#%w
r*#
6. zVZITZT>D;5PA;O!qB;=#b)A;DjbG:
v <8&CLr20,
v Z 1 =:a)4P20D!n,
v Z 2 =:a)4P EJB ?pD!n,
v Z 3 =:a) bean D JNDI {F,
v Z 4 =:+ EJB }C3d= bean,
v Z 5 =:3d Web #iDibwz,
v Z 6 =:+#i3d=&CLr~qw,
v Z 7 =:+2+TG+3d=C'/i,
v Z 8 =:53m]D}79C,
v Z 9 =:**#
%wjIT*<20&CLr#
7. %w#fAwdC4S#
8. %w#f4%,7O#fAwdC#
9. (}!qs5&CLr"iR SimpleSessionApp"!PC4!r"!qt/4%
4t/&CLr#
10. %wt/#
Z 7 ?V:bTQ?pD&CLrD2+T
Servlet
1. t/ Web /@w#
2. *ATB URL#CzD53{F4f; hostname:
http://hostname:9080/gettingstarted3/SimpleSession?msg=Test
3. &Ca>zdkC'{M\k#dkTBP'C'{.;:user1 r user2 r
user3,"dk;v;P ACL mI(DP'C'{,g user4#dk}7D\k#
z&C4=|,D>0bT1Da{3#Zdk^'{F user4 s,z&C4=4
Z((403 {C)3f#
4. XBt/ Web /@w#
5. *A,; URL#Za>{&,dk;fZDC'{M\k#
&Ca>zYNG<#
VM'z
1. 9C launchclient Lr4t/2+&CLr#Z;PPdkTB|n:
C:> c:\program files\websphere\appserver\bin\launchclient"c:\program files\websphere\appserver\installedApps\<nodename>\simpleSessionSecure.ear"
2. &1SU=G<a>,*szdkC'{M\k#
3. dkP'C'{M\k#}g,user1#
&C4=8>I&G<DD>#
Z 6 B LL:gNtC2+T 81
4. XBt/ Web /@w#
5. 9C launchclient LrTt/2+&CLr,gTO=h 1 y>#1a>dkC
'{M\k1,kdk^'DC'{r\k#
&C4=8>G<vVJODD>#
6. LxxPB;Z#
Z 8 ?V:+&CLr(F= Tivoli Access Managerb)8>E"Y(zQ-jIK Tivoli Access Manager for WebSphere Du<20M
dC,gZ 25 3D:dCu<20;Pyv#u<20MdC|,K adminconsole.ear
D~D(F#
":g{z9;PjI Tivoli Access Manager for WebSphere Du<20MdC,G
4VZjI|#kNDZ 25 3D:dCu<20;PD8>E"#
1. c/TBE",z+h*QCE"8(*(F5CLrDdkN}:
v *(FD EAR D~{F:
c:\temp\assembly\simpleSessionSecure.ear
v PDPerm.properties D~D+76#KD~;Z WebSphere Application Server 2
0?<BD3v?<P#TBPmT>K?vYw53OD1!;C#
":D~;CXkm>*3;J48>w#
– Solaris"Linux M HP-UX
file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
– AIX
file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
– Windows
file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"
v Tivoli Access Manager \mJ'D{F#&C* sec_master#
v sec_master J'D\k#
v WebSphere \mC'J'D{F#b&1kzZ Tivoli Access Manager for
WebSphere u<dCWN4(DJ'`%d#}g:
wsadmin
v LDAP (P{F(DN)s:,Tivoli Access Manager policy server M WebSphere
Application Server yZCs:Bf"C'E"#b&1kz4( wsadmin C'1
9CD DN s:`%d#
ZZ 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access
Manager \mC';PT>D>}4(K_PTB DN D wsadmin:
cn=wsadmin,o=ibm,c=us
ZbVivB,DN s:G: o=ibm,c=us
K5&1w* migrateEAR5 5CLrD –d !nDN}xv#
":zIT9C pdadmin 4T>53O wsadmin D DN:
pdadmin> user show wsadmin
2. +?<|DA(F5CLryZD;C:
82 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
v (UNIX)/opt/amwas/bin
v (Windows)C:\Program Files\Tivoli\amwas\bin
3. KP(F5CLr4(F&CLr}]#
9CzZ0f=hPc/DN},Z|na>{P+TBD>,I;v|nPd
k:
m 9. (F5CLrD|nPwC
UNIX
migrateEAR5 -j /temp/assembly/simpleSessionSecure.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
k"b AIX O PdPerm.properties D~D1!;CG:
/usr/WebSphere/AppServer/java/jre/PdPerm.properties
Windows
migrateEAR5.bat -j C:\temp\assembly\simpleSessionSecure.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"
( F 5 C L r + d v G < = U > D ~ P # T > U > D ~ { F # } g ,
pdwas_migrate.log#zITliU>D~DZ]Ti$Gq(FKyPG+#
g{;vVU>D~,r(F5CLrv=KJb#g{"zKbViv,ki$
zGq* -c !na)K}7D3;J48>w,"* -j !na)K}7DD~
{#
4. ZjIE>s,kLxB;Z:Z 9 ?V:bTQ?pD&CLrD2+T;#
Z 9 ?V:bTQ?pD&CLrD2+T
1. ki$&CLrD2+TGqZpwC#X4Z 81 3D:Z 7 ?V:bTQ?pD
&CLrD2+T;PCZ servlet MVM'zD=h#
2. Zi$K2+Ts,kLxxP:Z 10 ?V:|DG+;#
Z 10 ?V:|DG+
k9C Tivoli Access Manager pdadmin 5CLr,T(}mSC'4|DG+(e#
1. t/ pdadmin:
pdadmin -a sec_master -p myPassword
2. ^D SimpleSession &CLrD ACL TmS user4 D{F#,I;v|nPdk
TB acl modify |n:
pdadmin> acl modify _WebAppServer_deployedResources_GoodGuys_SimpleSessApp_ACLset user user4 T[WebAppServer]i
3. 4F=~qw"KvK5CLr:
pdadmin> server replicatepdadmin> quit
4. LxxPZ 84 3D:Z 11 ?V:bTQ?pD&CLrD2+T;#
Z 6 B LL:gNtC2+T 83
Z 11 ?V:bTQ?pD&CLrD2+T
1. ki$&CLrD2+TGqZpwC#X4Z 81 3D:Z 7 ?V:bTQ?pD
&CLrD2+T;PCZ servlet MVM'zD=h#
k"bZdkP'C'{1,4ITdk user1"user2"user3 r user4#
2. g{z;\T user4 CJC3f,kH}_Y:f,1r_XBt/ WebSphere
Application Server#
zVZQ-jI>LL#
84 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
Z 7 B >}Yw8>E"
(}|DXhDdCD~">}Z(i~4>} Tivoli Access Manager for WebSphere#
(}!{dC Tivoli Access Manager for WebSphere Z(i~*<:
1. TBPC'G<:
v (UNIX)root
v (Windows)_P\m1X(D Windows C'#
2. #9 WebSphere Application Server#
3. y]z}ZKPD WebSphere Application Server Df>,9C -actionunconfigWAS4 r unconfigWAS5 N}KP pdwascfg 5CLrT!{dC
Tivoli Access Manager for WebSphere Z(i~:
# pdwascfg -action unconfigversion_number-remote_acl_user user_CN-sec_master_pwd password-was_home home_directory_of_WebSphere_Application_Server-pdmgrd_host policy_server_host_name
-pdacld_host authorization_server_host_hame
PX|nP!nD|`E",kNDZ 89 3D=< A, :|nN<;PD|nN<
3#
*jI>}Yw,k*AzDYw53T&DBZ:
v :S Solaris >};
v Z 86 3D:S Windows >};
v Z 86 3D:S AIX >};
v Z 86 3D:S HP-UX >};
v Z 87 3D:S Linux >};
S Solaris >}
jITB8>:
1. *>} Tivoli Access Manager for WebSphere,kdkTB|n:
# pkgrm PDWAS
vVa>,*sz7O>}y!Dm~|#
2. dkV8 y#
4,{"Pv?v;>}DD~#1 postremove E>KPs,vV;u4,{"8
>I&>}Km~|#Kv pkgrm 5CLr#
3. g{*VZM>}'VD Tivoli Access Manager i~,r9CYw53D>}5C
Lr4>} Tivoli Access Manager authorization server(g{Q-20)"Access
Manager Base Runtime Environment M Access Manager Java Runtime Environment#
PXj{D>}8>E",kND6IBM Tivoli Access Manager Base 208O7#
>} Tivoli Access Manager for WebSphere m~|QjI#
© Copyright IBM Corp. 2002, 2003 85
S Windows >}
jITB8>:
1. #9"XBt/ WebSphere Application Server#%wmS/>}Lr<j#
2. !q Access Manager for WebSphere#
3. %w|D/>}#
r*0!q20oT1T0r#
4. !q3VoT"%w7(#
5. !q>}%!4%#%wB;=#
r*07OD~>}1T0r#
6. %w7(#
Tivoli Access Manager for WebSphere D~Q>}#
r*,$jIT0r#
7. %wjI#
8. g{*VZM>}'VD Tivoli Access Manager i~,r9CYw53D>}5C
Lr4>} Tivoli Access Manager authorization server(g{Q-20)"Access
Manager Base Runtime Environment M Access Manager Java Runtime Environment#
PXj{D>}8>E",kND6IBM Tivoli Access Manager Base 208O7#
>} Tivoli Access Manager for WebSphere QjI#
S AIX >}
9C installp 5CLr4>} Tivoli Access Manager for WebSphere Application Server
AIX m~|#
g{*VZM>}'VD Tivoli Access Manager i~,r9CYw53D>}5CL
r4>} Tivoli Access Manager authorization server(g{Q-20)"Access Manager
Base Runtime Environment M Access Manager Java Runtime Environment#PXj{
D>}8>E",kND6IBM Tivoli Access Manager Base 208O7#
S HP-UX >}
jITB8>:
1. *>} Tivoli Access Manager for WebSphere,kdkTB|n:
# swremove PDWAS
vV;5P4,{"#vV4,{",8>VvWNQ-I&#swremove 5CL
rS2L>} Tivoli Access Manager for WebSphere D~#
1>}jI1,swremove 5CLrKv#
2. g{*VZM>}'VD Tivoli Access Manager i~,r9CYw53D>}5C
Lr4>} Tivoli Access Manager authorization server(g{Q-20)"Access
Manager Base Runtime Environment M Access Manager Java Runtime Environment#
PXj{D>}8>E",kND6IBM Tivoli Access Manager Base 208O7#
86 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
Z HP-UX O>} Tivoli Access Manager for WebSphere VZQ-jI#
S Linux >}
jITB8>:
1. *>} Tivoli Access Manager for WebSphere,kdkTB|n:
# rpm -e PDWAS-PD
D~Q->}#rpm 5CLrKv#
2. g{*VZM>}'VD Tivoli Access Manager i~,r9CYw53D>}5C
Lr4>} Tivoli Access Manager authorization server(g{Q-20)"Access
Manager Base Runtime Environment M Access Manager Java Runtime Environment#
PXj{D>}8>E",kND6IBM Tivoli Access Manager Base 208O7#
>} Tivoli Access Manager for WebSphere m~|QjI#
Z 7 B >}Yw8>E" 87
pdwascfgdCr!{dC Tivoli Access Manager for WebSphere Application Server#
o(
pdwascfg –action {configWAS4|configWAS5} –remote_acl_user user
–sec_master_pwd password –was_home was_home_dir –pdmgrd_hostpolicy_server_hostname –pdacld_host authorization_server_hostname[–amwas_homeamwas_install_path] [–pdmgrd_port policy_server_port] [–pdacld_portauthorization_server_port] [–embedded {true|false}] [–action_type {all|local|remote}][–am_domain was_domain] [–cfg_url pdjrte_config_file_URL] [–key_urlpdjrte_keystore_URL ] [–verbose {true|false}]
pdwascfg –action {unconfigWAS4|unconfigWAS5} –remote_acl_user user
–sec_master_pwd password –was_home was_install path –pdmgrd_hostpolicy_server_hostname –pdacld_host authorization_server_hostname
pdwascfg –help [ options]
N}
–action {configWAS4|configWAS5}8(K|n4PDYw#dC Tivoli Access Manager for WebSphere Application
Server#
–action {unconfigWAS4|unconfigWAS5}8(K|n4PDYw#!{dC Tivoli Access Manager for WebSphere Application
Server#
–action_type {all|local|remote}8(yhDdC6p#I\D5P:all"local r remote#local !nv4P>
XzwOyhDdC|D(b6E;P SvrSslCfg)#remote !nv4P6LzwO
yhDdC|D(b6E SvrSslCfg)#C|n1!* all#
–am_domain was_domain
8( Tivoli Access Manager for WebSphere D Tivoli Access Manager r#Tivoli
Access Manager O$~qw(pdacld)XkZCrP,"RCrXkfZZ Tivoli
Access Manager \#$TsUdP#
–amwas_home amwas_install_path
1 Tivoli Access Manager for WebSphere ;Z1!;C201,8( Tivoli Access
M a n a g e r f o r W e b S p h e r e 2 0 D ; C # + K N } k – a c t i o n{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n
;p9C#
":1 Tivoli Access Manager for WebSphere 20Z1!;C1,–amwas_home!n^h;8(* pdwascfg |nD;?V#
–cfg_url pdjrte_config_file_url
8( PDJrte tTD~D;C#g{98(K!n -action_type remote r
-action_type all,rKD~+ZdCZd4("Z!{dCZd>}#
90 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
–embedded {true|false}1hC* true 1,8(Kz7k WebSphere ;pr|#1!5* false#
–help [options]Pv|n!n{FMrLDhv#g{8(K;vr`v!n,r|Pv?v!n
MrLDhv#
–key_url pdjrte_keystore_url
8( PDJrte keystore D~D;C#g{98(K!n -action_type remote r
-action_type all,rKD~+ZdCZd4("Z!{dCZd>}#
–pdacld_host authorization_server_hostname
|, Tivoli Access Manager authorization server Dwz{#+KN}k –action{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n
;p9C#
–pdacld_port authorization_server_port
v1 Tivoli Access Manager authorization server DKZEQ-dC*;,Zj<K
Z1,E8(CKZE#+KN}k –action {configWAS4|configWAS5} r
–action {unconfigWAS4|unconfigWAS5} !n;p9C#k"b,g{9CK!
n,r9Xk8( pdmgrd_port#
–pdmgrd_host policy_server_hostname
|, Tivoli Access Manager policy server Dwz{#+KN}k –action{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n
;p9C#
–pdmgrd_port policy_server_port
v1 Tivoli Access Manager policy server DKZEQ-dC*;,Zj<KZ1,
E8(CKZE#+KN}k –action {configWAS4|configWAS5} r –action{unconfigWAS4|unconfigWAS5} !n;p9C#
–remote_acl_user user
8(6L acl C'DC'{#KN}C4k Tivoli Access Manager authorization
server xP SSL ,S#CC';&CfZZ"amP#+KN}k –action{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n
;p9C#
}g:-remote_acl_user pdpermadmin
–sec_master_pwd password
8 ( \ m C ' ( ( # G s e c _ m a s t e r) D \ k # + K N } k – a c t i o n{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n
;p9C#
–verbose {true|false}1hC* true 1tCj8dv;qr{Cj8dv#1!5* false#
–was_home was_home_dir
8( WebSphere Application Server 20Dw?<D+^(76#+KN}k
–action {configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5}!n;p9C#
}g,c:\WebSphere\AppServer
=< A. |nN< 91
"M
Z UNIX 53O,pdwascfg 5CLrw* shell E>5V;Z Windows 53O,w
*z&mD~5V#1CYw config wC1,C5CLrjITBNq:
v dC WebSphere 9C Tivoli Access Manager for WebSphere#
v wC Java ` com.tivoli.mts.SvrSslCfg 4dC Tivoli Access Manager for WebSphere
Z(i~k policy server M authorization server =_.dD SSL (E#
v Zwz53O* Tivoli Access Manager for WebSphere `4(C'm]#
KE>@5Z*X8m~D;CiR}7D73d?#+73d? %WAS_HOME% h
C* WebSphere Application Server 20?<#+ %PDWAS_HOME% hC* Tivoli
Access Manager for WebSphere 20?<D?<;C#pdwascfg |nD~CTB!n
wC Java:
v –Dpdwas.lang.home
|,f Tivoli Access Manager for WebSphere a)D>zoT'VbD?<#b)
b;Z Tivoli Access Manager for WebSphere 20?<BD3vS?<P#}g:
-Dpdwas.lang.home=%PDWAS_HOME%\java\nls
v –Dpdwas.home
Tivoli Access Manager for WebSphere Dw(20)?<#}g:
-Dpdwas.home=%PDWAS_HOME%
":;PZ20 Tivoli Access Manager for WebSphere sr*KBD|n0Z1E
hCK73d?#
v –Dwas.home
WebSphere Application Server Dw(20)?<#}g:
-Dwas.home=%WAS_HOME%
y> Java |n,I pdwascfg 9(:
java -Dpdwas.lang.home=%PDWAS_HOME%\java\nls-Dpdwas.home=%PDWAS_HOME%-Dwas.home=%WAS_HOME%PDWAScfg -action configWAS5-remote_acl_user pdpermadmin-sec_master_pwd myPassword-was_home c:\WebSphere\AppServer-pdmgrd_host pdmgrserver.mysubnet.ibm.com -pdacld_hostpdacldserver.mysubnet.ibm.com
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/amwas/sbin/
v Z Windows 53O:
C:\Program Files\Tivoli\amwas\sbin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD sbin ?<(}
g,install_dir\sbin\)P#
92 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#kN< IBM Tivoli Access Manager Error Message
Reference qCXZJbD|j8hv#
=< A. |nN< 93
migrateEAR4+2+_TE"S?phv{(s5i5D~)(F= Tivoli Access Manager for
WebSphere Application Server V4.0.6#
o(
migrateEAR4 –j absolute_pathname_to_application_EAR_file –c URI –a admin_ID –padmin_pwd –w Websphere_admin_ID –d user_registry_domain_suff ix [–rroot_objectspace_name] [–t ssl_timeout] [–eenterprise_application_name]
N}
–a admin_ID
8( Tivoli Access Manager \mC'#K\m1Xk_P4(C'"TsM ACL
yhDX(#}g,-a sec_master#
KN}GI!D#g{;P8(CN},+a>C'ZKP1a)\mC'{#
–c URI
8( pdwascfg 5CLrdCD PdPerm.properties D~D3;J48>w
(URI);C#1 WebSphere Application Server 20Z1!;C1,C URI G:
v Solaris"Linux M HP-UX
file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
v AIX
file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
v Windows
– WebSphere Application Server 4:
file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties
– WebSphere Application Server 5:
file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"
–d user_registry_domain_suffix
8(C'"am*9CDrs:#}g,TZ LDAP C'"amDrs:gB:
"o=ibm,c=us"
":Windows *srs:(Z}EZ#
–e enterprise_application_name
8(&CLr{F,Tc}7(FdT>{Fkd20{F;,DQ20&CL
r#g{;8(K!n,r5CLr+"T(}9C .ear D~r .xml D~4R
v&CLr{F#
ITZ&CLr?p1|D&CLr{F,2ITZTs(} WebSphere XF(x
P|D#K|D;a43Z EAR D~P#g{;P^D EAR D~T43B{F,
+4(msD\#$Ts#9C –e !n8(Z WebSphere Application Server X
F(OT>D&CLrD{F#
–j absolute_pathname_to_application_EAR_file
8( Java 2 Enterprise Edition &CLri5D~#K!n2IT!w EAR ?<#
}g,-j /tmp/test_application.EAR
94 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
–p admin_pwd
8( Tivoli Access Manager \mC'D\k#\mC'Xk_P4(C'"Ts
M ACL yhDX(#}g,zIT+ -a sec_master \mC'D\k8(* -p
myPassword#
KN}GI!D#g{;P8(CN},+a>C'a)\mC'{D\k#
–r root_objectspace_name
8( root TsUd{F,|G+* WebSphere Application Server 4(D\#$T
s{FUdcNa9D root {F#KN}GI!D#root TsUdD1!5G
WebAppServer#
g{9C1!{FTbD{F,r+h*|D PDWAS.properties D~TCJ}7
DTsUd#
Ywi{k root TsUd{F`%d#rK,g{8(K root TsUd{Fr+
T/hCYwi{#
–t ssl_timeout
8( SSL ,1DVS}#KN}CZZ1!,S,1.0O*,S"XB,S
Tivoli Access Manager authorization server k policy server .dD SSL OBDX
5#
1!5G 60 VS#nY* 10 VS#ns5;&1,} Tivoli Access Manager
ssl-v3-timeout 5#ssl-v3-timeout D1!5G 120 VS#
KN}GI!D#g{;l$TC5D\m,zIT2+X9C1!5#
–w WebSphere_admin_ID
+Z WebSphere Application Server 2+TC'"amVNPdCD\mC'{F
8(*\m1#4(r|B Tivoli Access Manager \#$TsUd1h*TKC
'xPCJ#
1\#$TsUdPP4fZ WebSphere \mC'1,+4(r<k|#ZbVi
vB,+*KC'zIfz\k,"R+J'hC* invalid#h*+K\k|D*
Q*D\k"+J'hC* valid#
4(K\#$TsM ACL#+\mC'mS=_PTB ACL tTDi
pdwas-admin P:
v T - izmI(
v i - wCmI(
v WebAppServer - Ywi{F#WebAppServer G1!{F#
k"b,1C –r !nKP(F5CLr1,IT2GKYwi{(M%dD root
TsUd)#
g{}Z(F admin.ear D~,h*+i pdwas-admin mSx admin G+#
"M
K5CLr+2+_TE"S?phv{(s5i5D~)(F= Tivoli Access Manager
for WebSphere#Z UNIX 53O,K5CLrw* shell E>5V;Z Windows 5
3O,w*z&mD~5V#KE>wC Java ` com.tivoli.pdas.migrate.Migrate#
KE>@5Z*X8m~D;CiR}7D73d?#KE>CTB!nwC Java:
=< A. |nN< 95
v –Dpdwas.lang.home
|,f Tivoli Access Manager for WebSphere a)D>zoT'VbD?<#b)
b;Z Tivoli Access Manager for WebSphere 20?<BD3vS?<P#}g:
-Dpdwas.lang.home=%PDWAS_HOME%\java\nls
v –cp %CLASSPATH% com.tivoli.pdwas.migrate.Migrate
Xk* Java 20}7hC CLASSPATH#
Kb,Z Windows O,–j !nM –c !n<IT}Cd? %WAS_HOME% T7(ZN&
20 WebSphere Application Server#KE"CZ:
v 9(s5i5D~D+76{#
v 9( PdPerm.properties D~;CD URI +76{#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/amwas/bin/
v Z Windows 53O:
C:\Program Files\Tivoli\amwas\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)P#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#kN< IBM Tivoli Access Manager Error Message
Reference qCXZJbD|j8hv#
96 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
migrateEAR5+2+_TE"S?phv{(s5i5D~)(F= Tivoli Access Manager for
WebSphere Application Server V5.0.2#
o(
migrateEAR5 –j path –c URI –a admin_ID –p admin_pwd –w Websphere_admin_user
–d user_registry_domain_suffix [–r root_objectspace_name] [–t ssl_timeout] [–eenterprise_application_name]
N}
–a admin_ID
8(\mC'j6#\mC'Xk_P4(C'"TsM ACL yhDX(#}
g,-a sec_master#
KN}GI!D#g{;P8(CN},+a>C'ZKP1a)\mC'{#
–c URI
8( pdwascfg 5CLrdCD PdPerm.properties D~D3;J48>w
(URI);C#1 WebSphere Application Server 20Z1!;C1,C URI G:
v Solaris"Linux M HP-UX
file:/opt/WebSphere/AppServer/java/jre/PDPerm.properties
v AIX
file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
v Windows
– WebSphere Application Server 4:
file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties
– WebSphere Application Server 5:
file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"
–d user_registry_domain_suffix
8(C'"am*9CDrs:#}g,TZ LDAP C'"amDrs:gB:
"o=ibm,c=us"
":Windows *srs:(Z}EZ#
–e enterprise_application_name
8(&CLr{F,Tc}7(FdT>{Fkd20{F;,DQ20&CL
r#g{;8(K!n,r5CLr+"T(}9C .ear D~r .xml D~4R
v&CLr{F#
ITZ&CLr?p1|D&CLr{F,2ITZTs(} WebSphere XF(x
P|D#K|D;a43Z EAR D~P#g{;P^D EAR D~T43B{F,
+4(msD\#$Ts#9C –e !n8(Z WebSphere Application Server X
F(OT>D&CLrD{F#
–j path
8( Java 2 Enterprise Edition &CLri5D~D+^(76MD~{F#K7
62IT!wQ)9Ds5&CLrD?<#
=< A. |nN< 97
}g,-j /tmp/test_application.EAR
–p admin_pwd
8( Tivoli Access Manager \mC'D\k#\mC'Xk_P4(C'"Ts
M ACL yhDX(#}g,zIT+ -a sec_master \mC'D\k8(* -p
myPassword#
KN}GI!D#g{;P8(CN},+a>C'a)\mC'{D\k#
–r root_objectspace_name
8( root TsUd{F,|G+* WebSphere Application Server 4(D\#$T
s{FUdcNa9D root {F#KN}GI!D#
root TsUdD1!5G WebAppServer#g{9C1!{FTbD{F,r+h*
|D PDWAS.properties D~TCJ}7DTsUd#
Ywi{k root TsUd{F`%d#rK,g{8(K root TsUd{Fr+
T/hCYwi{#
–t ssl_timeout
8( SSL ,1DVS}#KN}CZZ1!,S,1.0O*,S"XB,S
Tivoli Access Manager authorization server k policy server .dD SSL OBDX
5#
1!5G 60 VS#nY* 10 VS#ns5;&1,} Tivoli Access Manager
ssl-v3-timeout 5#ssl-v3-timeout D1!5G 120 VS#
KN}GI!D#g{;l$TC5D\m,zIT2+X9C1!5#
–w WebSphere_admin_user
+Z WebSphere Application Server 2+TC'"amVNPdCDC'{F8(
*\m1#4(r|B Tivoli Access Manager \#$TsUdh*KC'DCJ
mI(#
1\#$TsUdPP4fZ WebSphere \mC'1,+4(r<k|#ZbVi
vB,+*KC'zIfz\k,"R+J'hC* invalid#h*+K\k|D*
Q*D\k"+J'hC* valid#
4(K\#$TsM ACL#+\mC'mS=_PTB ACL tTDi
pdwas-admin P:
v T - izmI(
v i - wCmI(
v WebAppServer - Ywi{F#WebAppServer G1!{F#
k"b,1C –r !nKP(F5CLr1,IT2GKYwi{(M%dD root
TsUd)#
g{}Z(F adminconsole.ear D~,k+i pdwas-admin mSx\m1G+#
"M
K5CLr+2+_TE"S?phv{(s5i5D~)(F= Tivoli Access Manager
for WebSphere#Z UNIX 53O,K5CLrw* shell E>5V;Z Windows 5
3O,w*z&mD~5V#KE>wC Java ` com.tivoli.pdas.migrate.Migrate#
KE>@5Z*X8m~D;CiR}7D73d?#KE>CTB!nwC Java:
98 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
v –Dpdwas.lang.home
|,f Tivoli Access Manager for WebSphere a)D>zoT'VbD?<#b)
b;Z Tivoli Access Manager for WebSphere 20?<BD3vS?<P#}g:
-Dpdwas.lang.home=%PDWAS_HOME%\java\nls
v –cp %CLASSPATH% com.tivoli.pdwas.migrate.Migrate
Xk* Java 20}7hC CLASSPATH#
Kb,Z Windows O,–j !nM –c !n<IT}Cd? %WAS_HOME% T7(ZN&
20 WebSphere Application Server#KE"CZ:
v 9(s5i5D~D+76{#
v 9( PdPerm.properties D~;CD URI +76{#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/amwas/bin/
v Z Windows 53O:
C:\Program Files\Tivoli\amwas\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)P#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#kN< IBM Tivoli Access Manager Error Message
Reference qCXZJbD|j8hv#
=< A. |nN< 99
=< B. yw
>E"G*Z@za)Dz7M~q`4D#IBM I\Zd{zRrXx;a)Z>D
5PV[Dz7"~qr&\XT#PXz10yZxrDz7M~qDE",kr
z1XD IBM zmI/#NNT IBM z7"Lrr~qD}C"GbZw>r5>
;\9C IBM Dz7"Lrr~q#;*;V8 IBM D*6z(,NN,H&\D
z7"Lrr~q,<ITzf IBM z7"Lrr~q#+G,@@Mi$NNG
IBM z7"Lrr~q,rIC'TP:p#
IBM +>I\Q5Pr}Zjkk>D5yhvZ]PXDwn({#a)>D5"4
ZhC'9Cb)({DNNmI#zITCif==+mIi/Dy:
IBM Director of Licensing
IBM Corporation
500 Columbus Avenue
Thornwood, NY 10594
U.S.A
PX+VZ(DBCS)E"DmIi/,kkzyZzRrXxD IBM *6z(?E*
5,rCif==+i/Dy:
IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106, Japan
> u n ; J C " z r N N b y D u n k 1 X ( I ; ; B D z R r X x :
INTERNATIONAL BUSINESS MACHINES CORPORATION 04V41a)>vfo,
;=PNNV`D(^[Gw>D9G5,D)#$,|(+;^Z5,DPXGV
("JzMJCZ3VX(C>D#$#3)zRrXxZ3);WP;Jmb}w
>r5,D#$#rK>unI\;JCZz#
>E"PI\|,<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b
)|D+`k>vfoDBf>P#IBM ITf1T>vfoPhvDz7M/rLr
xPDxM/r|D,x;mP(*#
>E"PTG IBM Web >cDNN}C<;G*K=cp{Ea)D,;TNN==
d1TG) Web >cD#$#G) Web >cPDJO;G IBM z7JOD;?V,
9CG) Web >cx4DgU+IzTPP##
IBM IT4|O*J1DNN==9CrV"zya)DNNE"x^kTzP#NN
pN#
>LrD;mI=g{*KbPXLrDE"To=gB?D:(i)JmZ@"4(
DLrMd{Lr(|(>Lr).dxPE";;,T0(ii)JmTQ-;;DE
"xP`%9C,kkBPX7*5:
© Copyright IBM Corp. 2002, 2003 101
IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX 78758
USA
;*qXJ1Du~Mun,|(3)iNBD;(}?D6Q,<IqCb=fD
E"#
>JOPhvDmILr0dyPICDmIJOyI IBM @] IBM M'-i"IBM
zJm~mI-irNN,H-iPDuna)#
K&|,DNNT\}]<GZ\X73PbCD#rK,Zd{Yw73PqCD
}]I\aPwTD;,#P)b?I\GZ*"6D53OxPD,rK;#$k
;cIC53OxPDb?a{`,#Kb,P)b?G(}Fcx@FD,5Ja
{I\aPnl#>D5DC'&1i$dX(73DJC}]#
f0G IBM z7DE"ISb)z7D)&L"dvf5wrd{I+*qCDJO
Pq!#IBM ;PTb)z7xPbT,2^(7OdT\D+7T"f]TrNNd
{XZG IBM z7Dyw#PXG IBM z7T\DJb&1rb)z7D)&La
v#
yPXZ IBM 44=rrbrDyw<If1|DrUX,x;mP(*,|Gvv
m>K?jMb8xQ#
>E"P|,ZU#L5YwP9CD}]M(m>}#*K!I\j{X5w|
G,b)>}P|,vK"+>"7FMz7D{F#yPb){F<Gi9D,g
{M5JDL5s59CD{FMX7`F,r?tIO#
f(mI:
>E"|,4oTN=Dy>&CLr,b)y>5w;,Yw=(OD`L=(#
g{G*4UZ`4y>LrDYw=(OD&CLr`-SZ(API)xP&CLr
D*""9C"-zrV"*?D,zITNNN=Tb)y>LrxP4F"^
D"V",x^kr IBM 6Q#b)>}"4ZyPu~Bw+fbT#rK,IBM
;\##r5>b)LrDI?T"I,$Tr&\#C'g{G*K4U IBM &C
Lr`-SZ*""9C"-zrV"&CLr,rITNNN=4F"^DMV"
b)y>Lr,x^kr IBM 6Q#
2b)y>LrD?]=4rdNN?VrNN\zz7,<Xk|(gBf(y
w:
©(s+>D{F)(j)#K?VzkGy] IBM +>Dy>Lr\zv4D#©
Copyright IBM Corp.(dkj])#All rights reserved.
g{z}Tm=4q=i4>E",<,MU+<}I\^(T>#
Lj
TBuoG International Business Machines Corporation Z@zM/rd{zRrXx
DLjr"aLj:
102 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
AIX
DB2
IBM
IBM Uj
SecureWay
Tivoli
Tivoli Uj
Microsoft"Windows"Windows NT M Windows UjG Microsoft Corporation Z@z
M/rd{zRrXxDLj#
Java MyPyZ Java DLjMUjG Sun Microsystems, Inc. Z@zMd{zRrX
xDLjr"aLj#
UNIX G The Open Group Z@zMd{zRrXxD"aLj#
d{+>"z7M~q{FI\Gd{+>DLjr~qjG#
=< B. yw 103
Jcm
A
CJXF(access control): ZFcz2+T=f,7
#Fcz53DJ4;\IZ(DC'TZ(D==xP
CJD}L#
CJXFm(access control list,ACL): ZFcz2
+T=f,k3;Ts`X*DPm,|j6yPITC
JCTsDwe0dCJ(#}g,CJXFmGk;v
D~`X*DPm,|j6ITCJD~DC'"j6C
'TCD~DCJ(#
CJmI((access permission): JCZ{vTsD
CJX(#
Yw(action): ;VCJXFm(ACL)mI(tT#
m{CJXFm(access control list,ACL)#
ACL: kNDCJXFm(access control list)#
\m~q(administration service): ;VZ( API K
P1e~,IC4Z Tivoli Access Manager J4\mw&
CLrO4P\mks#\m~q+l& pdadmin |n"
vD6Lks,T4PngZ\#$TswPPvX(Z
c B D T s . ` D N q # M ' I T 9 C Z (
ADK(Authorization ADK)*"b)~q#
tTPm(attribute list): |,CZxPZ(v_D)
9E"D4m#tTPmGI;i{F = 5TiID#
O$(authentication): (1) ZFcz2+T=f,TC
'm]rC'CJTsDJqxPi$# (2) ZFcz2+
T=f,i${";P;|DrY5# (3) ZFcz2+T
=f,CZi$E"53r\#$J4DC'D}L#m
{`rSO$(multi-factor authentication)"yZxgDO
$(network-based authentication)T0]}=O$(step-up
authentication)#
Z(,(^(authorization): (1) ZFcz2+T=f,
ZhC'kFcz53(Er9CFcz53D(^# (2)
Z(C'j+r\^CJ3vTs"J4r&\D}L#
Z(fr(authorization rule): kNDfr(rule)#
Z(~qe~(authorization service plug-in): ;V
/,I0kb(DLL r2mb),ITI Tivoli Access
Manager Z( API KP1M'zZu</WN0k,T4
PZZ( API P)9~qSZDYw#10ICD~qS
Z|(\m"b?Z(">$^D"Z(M PAC YwS
Z#M'IT9CZ( ADK *"b)~q#
B
BA: kNDy>O$(basic authentication)#
y>O$(basic authentication): ;VO$=(,*
sC'dkP'C'{M\ksEZ(CJ2+*zJ
4#
s((bind): +3vj6kLrPDm;vTs`X
*;}g,+j6k5"X7rm;vj6`X*,rX
*N=N}M5JN}#
blade: ;vi~,|a)X(Z&CLrD~qMi~#
5qZ((business entitlement): C'>$D9dt
T,CtThvICZTJ4DksZ(D+8u~#
C
CA: kNDO$PD(certificate authority)#
C D A S : k N D g r O $ ~ q ( C r o s s D o m a i n
Authentication Service)#
CDMF: kNDgr3dr\(Cross Domain Mapping
Framework)#
$i(certificate): ZFcz2+T=f,++C\?k
$iyP_Dm]s(,Sx9$iyP_IC=O$D
;V}VD5#IO$PD)"D;V$i#
O$PD(certificate authority,CA): )"$iDi
/#O$PDO$$iyP_Dm]0Z(CyP_9C
D~q,)"BD$i,x)VPD$i,"7z;Yq
Z(9CDC'ytD$i#
CGI: kND+2xXSZ(common gateway interface)#
\k(cipher): ZC\?*;*wD}](Qb\).
0;IA!DS\}]#
+2xXSZ(common gateway interface,CGI): (
eE>DrXxj<,KE>(} HTTP ksS Web ~
qwr&CLr+ME",4.`;#CGI E>G;VC
ng PERL .`DE>`FoT`4D CGI Lr#
dC(configuration): (1) E"&m53D2~Mm~
Di/M%,==# (2) iI53"S53rxgDzw"
h8MLr#
© Copyright IBM Corp. 2002, 2003 105
,S(connection): (1) Z}](EP,*+dE"x
Z&\%*.d("DX*# (2) Z TCP/IP P,=v-
i&CLr.dD76,C76a)I?D}]w+d~
q#ZrXxP,I;v53OD TCP &CLr)9=m
;v53OD TCP &CLrD,S# (3) Z53(EP,
IC4Z=v53.dr53kh8.d+]}]D_
7#
]wTs(container object): ;V+TsUdi/*
wv&\xrDa9m>#
cookie: ~qwf"ZM'zO"Zsxa0ZdCJD
E"#Cookie 9~qw\G!PXM'zDX(E"#
>$(credentials): ZO$WNq!Dj8E",CE
"hvC'"NNiX*Md|PX2+TDm]tT#
IT9C>$44P`V~q,}gZ("sFM/P#
>$^)~q(credentials modification service): ;
VIC4^D Tivoli Access Manager >$DZ( API K
P1e~#IM'b?*"D>$^)~qy\4PDY
w^ZT>$tTPmxPmSM>},"R;\TG)
;O*I^DDtTxPYw#
grO$~q(cross domain authent ica t ionservice,CDAS): a)2mbzFD WebSEAL ~q,
C~qJmzC;vr WebSEAL 5X Tivoli Access
Manager m]D(F}Lf;1!D WebSEAL O$z
F#m{ WebSEAL#
gr3dr\(cross domain mappingframework,CDMF): ;V`LSZ,Jm*"_Z9
C WebSEAL gSgE SSO &\1(FC'm]D3d
T0C'tTD&m#
D
X$Lr(daemon): ^KU\KPDLr,|4P,
xDr\ZD536Nq,gxgXF#3)X$LrT
/%"T4PdNq;d|X$Lrr(ZKw#
?<#=(directory schema): IZ?<PT>DP'
tT`MMTs`#tT`MMTs`(etT5Do
(,D)tTXkfZT0D)tTXkTC?<fZ#
(P{F(distinguished name,DN): (;j6?<
P3vu?D{F#(P{FI attribute:value TiI,C
:EVt#
}V){(digital signature): ZgSLqP,mS=
}]%*rw*}]%*DS\*;D}],|Jm}]
%*SU=i$%*D4Mj{T,"6pI\D1l)
{#
DN: kND(P{F(distinguished name)#
r(domain): (1) 2m+2~qR(#p=+2wCD
C'"53MJ4D_-Vi# (2) +2XF}]&mJ4
DFczxgD;?V#m{r{(domain name)#
r{(domain name): rXx-i/ZDwz53D{
F#r{I;5PT(gV{VtDS{FiI#}g,
g { w z 5 3 D + ^ ( r { ( F Q D N ) G
as400.rchland.vnet.ibm.com,rTB?v{F<Gr{:
as400.rchland.vnet.ibm.com"vnet.ibm.com"ibm.com#
E
EAS: kNDb?Z(~q(External Authorization
Service)#
S\(encryption): ZFcz2+T=f,+}]*;
*;I6pN=D}L,-}bV*;s,*4^(qC
-<}],*4;P9Cb\}LE\qC-<}]#
Z((entitlement): |,_e/D2+_TE"D}]
a9#Z(|,TX(&CLry\mbD=(xPq=
/D_T}]r\&#
Z(~q(entitlement service): ;VICZSwer
u~/Db?45XZ(DZ( API KP1e~#Z((
#GX(Z&CLrD}],|+IJ4\mw&CLr
T3V==9C,rmSxweD>$TZZ(}LPx
;=9C#M'IT9CZ( ADK *"b)~q#
b?Z(~q(external authorization service): ;V
Z( API KP1e~,IC49X(Z&CLrr73D
Z(v_I* Tivoli Access Manager Z(v_4D;?
V#M'IT9CZ( ADK *"b)~q#
F
D~+M-i(file transfer protocol,FTP): ZrX
x-i/Z,9C+dXF-i(TCP)M Telnet ~qZ
zwrwzd+dz?}]D~D&Cc-i#
G
+V"a(global signon,GSO): ;VinD%;"
abv=8,9C'\rsK Web &CLr~qwa)8
CC'{M\k#+V"a+Z(C'CJ(}%NG<
yZ({G9CDFcJ4#GSO G*Il9"V<=F
c73Z`v53M&CLriIDss5xhFD,|
^hC'\m`vC'{M\k#m{%;"a(single
signon)#
GSO: kND+V"a(global signon)#
106 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
H
wz(host): ,S=3vxg(}grXxr SNA x
g)"rCxga)CJcDFcz#y]73D;,,
wz2I\a)xgD/P=XF#wzITGM'z"
~qwr,1d1M'zM~qw#
HTTP: kND,D>+d-i(Hypertext Transfer
Protocol)#
, D > + d - i ( h y p e r t e x t t r a n s f e rprotocol,HTTP): ZrXx-i/Z,CZ+dMT>
,D>D5D-i#
I
xJ-i(Internet protocol,IP): ZrXx-i/
Z,(}xgr%,xg7I}]D^,S-i,|d1
O_-icMomxg.dDPi#
rXx-i/(Internet suite of protocols): *Zr
XxO9Cx*"D-i/,K-i/GIrXx$LN
q i / ( I E T F ) w * k s @ [ ( R e q u e s t s f o r
Comments,RFC)"<D#
xLd(E(interprocess communication,IPC): (1)
Lrd%`+M}]",=dn/yhzDxL#Ej"
EEMZ?{"SPGxLd(ED#{=(# (2) ;VY
w53zF,JmwxLZ,;FczZ?rZxgO%
`(E#
IP: kNDxJ-i(Internet Protocol)#
IPC: kNDxLd(E(Interprocess Communication)#
J
*a(junction): 0K WebSEAL ~qwMsK Web
&CLr~qw.dD HTTP r HTTPS ,S#WebSEAL
9C*a4zmsK~qwa)#$~q#
K
\?(key): ZFcz2+T=f,k\kc(;pC4
S\rb\}]D{ErP#kND(C\?(private
key)M+C\?(public key)#
\?}]bD~(key database file): kND\?7
(key ring)#
\?D~(key file): kND\?7(key ring)#
\?T(key pair): ZFcz2+T=f,8;v+C
\?M;v(C\?#Z9C\?TxPS\1,"M=
9C+C\?S\{",xSU=9C(C\?b\{
"#Z9C\?TxP){1,)p_9C(C\?S\
{"Dmo,SU=9C+C\?4b\{"DmoTx
P){i$#
\?7(key ring): ZFcz2+T=f,|,+C\
?"(C\?"IEyM$iDD~#
L
LDAP: kNDa?6?<CJ-i(Lightweight Directory
Access Protocol)#
a?6?<CJ-i(lightweight directory accessprotocol,LDAP): ;V*E-i,C-i(a)9C
TCP/IP 4a)T'V X.500 #MD?<DCJ,T0
(b);a}"T|4SD X.500 ?<CJ-i(DAP)D
J4*s#9C LDAP D&CLr(F*tC?<D&C
Lr)IT9C?<w*+2}]f"w"C4lwPX
vKr~qDE",}ggSJ~X7"+C\?rX(
Z~qDdCN}#LDAP nuZ RFC 1777 P8(#
LDAP V3 Z RFC 2251 P8(,IETF LxB&Zd|j
<&\#ITZ RFC 2256 PR=;) IETF (eD
LDAP j<#=#
a?6Z}=O$(lightweight third partyauthentication,LTPA): ;VO$r\,JmZtZ3
vrXxrD;i Web ~qwZxP%;"a#
LTPA: kNDa?6Z}=O$(lightweight third party
authentication)#
M
\mr(management domain): 1!r,dP Tivoli
Access Manager ?F4PO$"Z(MCJXFD2+_
T#Cr4(ZdC policy server 1#m{r(domain)#
\m~qw(management server): QOz#kND
policy server#
*}](metadata): hvf"}]DXwD}]#
(F(migration): LrDBf>r"PfD20,Tz
fOgDf>r"Pf#
`rSO$(multi-factor authentication): ?FC'
9 C ~ 6 r ` 6 O $ x P O $ D \ # $ T s _ T
(POP)#}g,T\#$J4DCJXFIT*sC'
TC'{/\kMC'{/nF(Pzkb=_xPO
$#m{\#$Ts_T(protected object policy)#
Jcm 107
`74CzmLr(multiplexing proxy agent,MPA):
Jm`M'zCJD;VxX#b)xXP1F*^_C
J-i(WAP)xX,K1M'z9C WAP CJ2+
r#xX("(r4~qwD%vO$(@,"(}K(
@dMyPM'zksMl&#
N
yZxgDO$(network-based authentication): y
]C'DxJ-i(IP)X7XFCJTsD\#$Ts
_T(POP)#m{\#$Ts_T(protected object
policy)#
P
PAC: kNDX(tT$i(pr i v i l ege a t t r i bu t e
certificate)#
mI((permission): CJ\#$Ts(}gD~r?
<)D\&#TsmI(D}?M,eGICJXFm
(ACL)(eD#m{CJXFm(access control list)#
_T(policy): &CZ\\J4Dfr/#
policy server: ,$PX2+rPd|~qwD;CE"
D Tivoli Access Manager ~qw#
V/(polling): ;vxL,(}KxLI(Z/J}]
b,T7(Gqh*+M}]#
POP: kND\#$Ts_T(protected object policy)#
E'x>(portal): y]X(C'DCJmI(,/,
zIX(C'ICD Web J4(}g4S"Z]r~q)
D(FPmD[O Web >c#
X(tT$i(privilege attribute certificate): |,
weDO$MZ(tTT0we\&D}VD5#
X(tT$i~q(privilege attribute certificateservice): +$(q=D PAC *;* Tivoli Access
Manager >$(4.`;)D;VZ( API KP1M'z
e~#b)~q2ITCZ*+d=2+rDd|I1x
T Tivoli Access Manager >$xPb0r}]`k#M'
IT9CZ( ADK *"b)~q#m{X(tT$i
(privilege attribute certificate)#
\#$Ts(protected object): 5J53J4D_-
m>,CJ4CZ&C ACL M POP,T0Z(C'C
J#m{\#$Ts_T(protected object policy)M\#
$TsUd(protected object space)#
\#$Ts_T(protected object policy,POP): ;
V2+_T,+=Su~?SZ ACL _TJmDYw,T
CJ\#$DTs#J4\mw:p?F4P POP u~#
m{CJXFm(access control list) "\#$Ts
(protected object)M\#$TsUd(protected object
space)#
\#$TsUd(protected object space): 5J53
J4DibTsm>,b)J4CZ&C ACL M POP,
T0Z(C'CJ#m{\#$Ts(protected object)M
\#$Ts_T(protected object policy)#
(C\?(private key): ZFcz2+T=f,;*y
P_y*D\?#k+C\?(public key)`TU#
+C\?(public key): ZFcz2+T=f,TyP
KICD\?#k(C\?(private key)`TU#
Q
#$6p(quality of protection): IO$"j{TM
~=u~*O7(D}]2+6p#
R
"am(registry): |,C'"53Mm~DCJ0dC
E"D}]f"#
1>~qw(replica): ;v~qw,||,m;~qw
D;vr`v?<D1>#1>~qwT~qwxP8]
TDFT\rl&1d"7#}]j{T#
J4Ts(resource object): 5JxgJ4Dm>,}
g~q"D~MLr#
l&D~(response file): ;VD~,||,3vLr
yaJbD;i$(ep8,9CCD~G*K;C;N
;vXdkG)5#
G+$n(role activation): +CJmI(&CZG+
D}L#
G+Vd(role assignment): *C'VdG+,Sx
9C'T*CG+(eDTs_P`&CJmI(D}
L#
7ID~(routing file): |,XF{"dCD|nD;
V ASCII D~#
RSA S\(RSA encryption): CZS\MO$D+C
\?\kuD53#|GI Ron Rivest"Adi Shamir M
Leonard Adleman Z 1977 j"wD#53D2+T!vZ
T=vsX}DK}xPrSVbDQH#
fr(rule): ;ur`u_-od,b)od9B~~
qw\;6pB~.dDX5(B~`X),rx4PT
/l&#
108 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
KP1(run time): 4PFczLrD1dN#KP1
73G;V4P73#
S
IluT(scalability): xg53TCJJ4DC'}
vSwvl&D\&#
#=(schema): C}](eoTmoD"j{Xhv}
]ba9DodD/O#ZX5}]bP,#=(eK
m"?vmPDVNT0VNkm.dDX5#
2+WSVc(secure sockets layer,SSL): a)(
E~=TD2+-i#SSL 9M'z/~qw&CLr\
;T;V*@9T}"[DM{"1lxhFD==xP
(E#SSL GI Netscape Communications Corp. M RSA
Data Security, Inc *"D#
2+\m(security management): EXZ3vi/X
FCJBXdI\D&CLrM}]D\&D\mfL#
T"a(self-registration): C'IdkXhD}]"I
*Q"aD Tivoli Access Manager C'(^h\m1i
k)D}L#
~q(service): ~qw4PD$w#~qITGr%D
"MMf"}]Dks(g,9CD~~qw"HTTP ~q
w"gSJ~~qwM finger ~qw),r_ITG|4
SD$w,}gr!~qwrxL~qwD~q#
2,20(silent installation): ;V20,C20;r
XF("M{",xGZU>D~Pf"{"Mms#2
,202IT9Cl&D~xP}]dk#m{l&D~
(response file)#
%;"a(single signon,SSO): C';NG<"C
J`v&CLrx^kVpG<=?v&CLrD\&#
m{+V"a(global signon)#
SSL: kND2+WSVc(Secure Sockets Layer)#
SSO: kND%;"a(Single Signon)#
]}=O$(step-up authentication): ;V\#$T
s_T(POP),|@5Z$dCDO$6pcNa9,
"y]3;J4OD_T/?F4PX(6pDO$#]
}=O$ POP ;?FC'9C`6O$xPO$TCJN
Nx(DJ4,+*sC'TAYk#$3;J4D_T
yh6p,y_D6pxPO$#
s:(suffix): Z>XVPD?<cNa9Pj6%cu
?D(P{F#IZZa?6?<CJ-i(LDAP)P
9CD`T|{#=,Ks:+JCZC?<cNa9P
DN;d|u?#?<~qwITP`vs:,?vs:
j6;v>XVPD?<cNa9#
T
jG,nF(token): (1) ZVrxP,I&XS;v}
]>+]=m;v}]>T8>]1XF+diJD>D
(^{E#?v}]><Pzaq!"9CnF4XFi
J#nFG;VXbD{"r;#=,|m>+dDmI
(# (2) ZVrx(LAN)P,fE+diJS;vh8+
]=m;vh8D;rP#ZrjG=S}]1,|MI
*;v!#
IEy(trusted root): Z2+WSVc(SSL)P,O
$PD(CA)D+C\?0`X*D(P{F#
U
3;J4j6(uniform resource identifier,URI): C
ZZrXxOj6Z]DV{.,|(J4{F(?<{
MD~{)"J4;C(?<{MD~{yZDFcz)
T0gN\CJJ4(-i,}g HTTP)#URI D>}G
3;J4(;w,r URL#
3;J4(;w(uniform resource locator,URL):
zmFczOrxg(}grXx)PE"J4DV{r
P#KV{rP|((a)C4CJE"J4D-iDu
4{FT0(b)-iC4(;E"J4DE"#}g,
ZrXxOBD73P,b)GCZCJwVE"J4D
;)-iDu4{F:HTTP"FTP"Gopher"Telnet M
News;bG IBM w3D URL:http://www.ibm.com#
URI: kND3;J4j6(uniform resource identifier)#
URL: kND3;J4(;w(uni form resource
locator)#
C'(user): 9C{Ka)D~qDNNvK"i/"
xL"h8"Lr"-ir53#
C ' " a m ( u s e r r e g i s t r y ) : k N D " a m
(registry)#
V
ibw\(virtual hosting): Web ~qwD\&,C\
&JmdZrXxOmV*`vwz#
W
Web Portal Manager(WPM): CZ\m2+rP
Tivoli Access Manager Base M WebSEAL 2+_TDy
Z Web D<N&CLr#K GUI ITzf pdadmin |
nPgf,|96L\m1ITxPCJ,"9\m1I
T4(/IDC'r"rb)rVd/I\m1#
Jcm 109
WebSEAL: Tivoli Access Manager blade#WebSEAL G
;VT\#$TsUd&C2+_TD_T\"`_LD
Web ~qw#WebSEAL ITa)%;"abv=8,"
+sK Web &CLr~qwJ4"kd2+_TP#
WPM: kND Web Portal Manager#
110 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
w}
[A]2+T
`LD 2
ywD 2
20m~| 11
20 Tivoli Access Manager
AIX 19
HP-UX 20
Linux 21
Solaris 18
Windows 22
[B]8] 66
X8m~
Tivoli Access Manager Base 13
`L2+T 2
?phv{ 3, 5, 43, 46
[C]Yw53
'VDf> 11
_T\m
/P 8
4(
WebSphere \mC' 26
EL*s 12
[D]<kC' 15
/,G+_Y:f
dC 53
[F]CJXFm 5
CJhC
2G 7
LP 7
[G]_Y:fm
8( 53
zY 60
JOoO<I 47, 64
\m$_
pdadmin 52
Web Portal Manager 52
\mC'
WebSphere
4( 26
\m API 8, 52
[J]yZG+D2+T 4
yZG+D_Tr\N}
8( 54
yZwzD2+T 15, 51
LL
bT2+T
VM'z 73, 81
Servlet 73, 81
Ev 67, 76
|DG+ 75, 83
tC2+T 67, 76
tC2+TG+ 66
9C(F5CLr 73, 82
mS2+T 69, 78
r LDAP mSC' 68, 77
G+ 4
G+zfZ
8( 53
G+3d 45
i\ 1
2,G+
(e 52
2,G+_Y:f
tC 52
[N]Zf*s 12
[P]dC
u<53 25
/,G+_Y:f 53
d|53 25, 38
Tivoli Access Manager 25
dCN}
8( 52
z?0kC' 15
© Copyright IBM Corp. 2002, 2003 111
[Q](F2+ThC
WebSphere V4.0.6 31
WebSphere V5.0.2 33
(F5CLr
Ev 43
LL 73, 82
V^T 46
U>G< 33, 46, 75, 83
9C 43
WN9C 33, 46, 75, 83
[R]U>G< 60
m~Z] 11
[S]>}
AIX 86
HP-UX 86
Linux 87
Solaris 85
Windows 86
>} Tivoli Access Manager 85
}6
S Access Manager 3.9 15
S Policy Director 3.8 15
ywD2+T 2
5CLr
migrateEAR4 94
migrateEAR5 97
pdwascfg 90
Z(v_ 3
[W]Jb7( 47, 64
[X]`Xvfo x
[Y]*s
ELUd 12
Zf 12
3d
C'=G+ 45
we=G+ 4
i=G+ 4
C'
3d=G+ 45
C'Dns}?
8( 53
C'"am
2m 3, 12
Hvu~ 14
LDAP 14
C WebSEAL %;"a 62
r,Sk 30
[Z]'VD=( 11
we 4
wezfZ
8( 53
i 4
Aadmin.ear 32, 34, 43, 73, 82
Advanced Edition 3
amwas_migrate.log 46, 75, 83
authorization server
dC=S 55
CCLASSPATH
hC 31
com.tivoli.mts.SvrSslCfg 31
configWAS4 30
configWAS5 30
DDirectory 14
DTD 43
EEAR D~ 46
GGSO we3d 56
Iinstallp 19
InstallShield 22
112 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O
JJ2EE 2+T 4
Java tTD~ 52
Java Runtime Environment
X8m~f> 14
MmigrateEAR4 5CLr 94
migrateEAR5 5CLr 97
Ppdadmin
4(\mC' 26
<kC' 15
|DG+ 75, 83
mSC' 68, 77
** 8
PDPerm.properties 32, 34, 43, 73, 82
pdwascfg
9C 30, 40
pdwascfg 5CLr 90
pdwas-admin i
mS= ACL 33
PDWAS.properties 52
PDWAS_HOME,hC 30
pdwas_migrate.log 33
pkgadd 18
Rrpm 21, 87
SsetupCmdLine 30
Single Server
yZwzD2+T 51
mSC'= ACL 46
ssl ,15 47
SvrSslCfg
mS authorization server 55
swinstall 20
swremove 86
TTivoli Access Manager
2+#M 1
2+r 13
_T}]b
4F 9
\m API 8, 52
Tivoli Access Manager (x)
dC 25
>} 85
Z(r\ 1
k WebSphere /I 2
authorization server 9
policy server 5, 13
WWAS_HOME
hC 31, 34
Web Portal Manager 8, 52
WebSphere
2+TG+ 70
2+T<x 70, 79
s( 70
\m`v~qw 8
\m~qw 27
\mM'z 72, 80
LL
?p&CLr 72, 80
D5 URL 12
Advanced Edition
Single Server 12, 51
EJB #i 70
Single Server
yZwzD2+T 15
(F=h 46
Web #i 70, 79
WebSphere 2+T
Z V4.0.6 PtC 27
Z V5.0.2 PtC 27
WebSphere XF(
dC Tivoli Access Manager i 56
WebSphere Advanced Edition 3
WebSphere V5.1
dC 36
w} 113