ibm websphere application server...

IBM Tivoli Access Manager for e-business

IBM WebSphere ApplicationServer /I8Of> 5.1

S152-0810-00

��

"b

Z9C>JO0d'VDz7.0,kDAZ 101 3D=< B, :yw;PDE"#

Z;f(2003 j 11 B)

>f>JCZ IBM Tivoli Access Manager V5.1.0(z7E 5724-C08)T0yPsx"PfM^)f,1=ZBf>P

mPyw*9#

© Copyright International Business Machines Corporation 2002, 2003. All rights reserved.

?<

0T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii>iDA_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii>iDZ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viivfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

"PE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiBase E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiWeb 2+TE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix*"_N< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix<u9d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x`Xvfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xZ_CJvfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

(z!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii*5m~'V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii>iP9CD<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Ve<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xivYw53Dnp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Z 1 B i\MEv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1+ Tivoli Access Manager k WebSphere Application Server /I . . . . . . . . . . . . . . . . . . 2Java 2 Enterprise Edition yZG+D2+T . . . . . . . . . . . . . . . . . . . . . . . . . 4+weMi3d=G+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4`v WebSphere ~qwD/P_T\m . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Z 2 B 208>E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11m~Z] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11'VD=( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

WebSphere Application Server V5.1 D'V . . . . . . . . . . . . . . . . . . . . . . . . 12ELMZf*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12X8m~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Tivoli Access Manager Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Java Runtime Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

C'"amHvu~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14ST0D"Pf}6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159C20r<xP20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169C>z5CLr20 Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . 18

Z Solaris O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Z AIX O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Z HP-UX O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Z Linux O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Z Windows O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Z 3 B dC}L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25dCu<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Z 1 ?V:* WebSphere Application Server 4( Tivoli Access Manager \mC' . . . . . . . . . . 26Z 2 ?V:tC WebSphere 2+T . . . . . . . . . . . . . . . . . . . . . . . . . . 27Z 3 ?V:dC Access Manager Java Runtime Environment . . . . . . . . . . . . . . . . . . 29Z 4 ?V:Sk2+r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Z 5 ?V a:(F WebSphere 2+ThC - WebSphere V4.0.6 . . . . . . . . . . . . . . . . 31Z 5 ?V b:(F WebSphere 2+ThC - WebSphere V5.0.2 . . . . . . . . . . . . . . . . 33

© Copyright IBM Corp. 2002, 2003 iii

Z WebSphere Application Server V5.1 73PdC Tivoli Access Manager for WebSphere . . . . . . . . . 36Z 1 ?V:* WebSphere Application Server 4( Tivoli Access Manager \mC' . . . . . . . . . . 36Z 2 ?V:Z WebSphere Application Server V5.1 PtC2+T . . . . . . . . . . . . . . . . 37Z 3 ?V:dC Access Manager Java Runtime Environment . . . . . . . . . . . . . . . . . . 37Z 4 ?V:dC Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . 37Z 5 ?V:(F\m_T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

dC=S20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Z A-1 ?V:dC Access Manager Java Runtime Environment . . . . . . . . . . . . . . . . . 39Z A-2 ?V:Sk2+r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Z 4 B (F2+TG+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43gN(F2+TG+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43(F5CLrV^T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46JOoO<I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

9CU>D~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484,S=Q4(D ACL DC' . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48(FLD~{D Windows D~'\ . . . . . . . . . . . . . . . . . . . . . . . . . . 48Web Portal Manager ^(+ ACL ,S=Ts . . . . . . . . . . . . . . . . . . . . . . . 48/fC' [...] G pdwas-admin DI1 . . . . . . . . . . . . . . . . . . . . . . . . . . 48M'zO$ra0=Zx*' . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49(F5CLrD{";PC}7DoTT> . . . . . . . . . . . . . . . . . . . . . . . . 49

Z 5 B \mNq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51WebSphere Advanced Edition Single Server V4.0.6 . . . . . . . . . . . . . . . . . . . . . . . 51Tivoli Access Manager \m$_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528(KP1tT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

dC2,G+_Y:f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52dC/,G+_Y:f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53yZG+D_Tr\N} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

dC=S authorization server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55rXF(mSTs` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56GSO we3dhC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

4(BD&CLrG< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Tivoli Access Manager for WebSphere U>G< . . . . . . . . . . . . . . . . . . . . . . . 609C WebSEAL %;"a= WebSphere Application Server . . . . . . . . . . . . . . . . . . . . 62

=h 1 - Z Tivoli Access Manager P4(IEDC'J' . . . . . . . . . . . . . . . . . . 62=h 2 - 4(= WebSphere Application Server D WebSEAL *a . . . . . . . . . . . . . . . 62=h 3a - 9C TAI * WebSphere Application Server V4.0.6 dC SSO . . . . . . . . . . . . . . 63=h 3b - 9C TAI * WebSphere Application Server V5.0.2 dC SSO . . . . . . . . . . . . . . 63=h 4 - Z WebSEAL PhC SSO \k . . . . . . . . . . . . . . . . . . . . . . . . 64=h 5 - bT WebSEAL ,S . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

JOoO<I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64WebSphere ~qwZdCM(Fs;t/ - vTZ WebSphere Application Server V4.0.6 . . . . . . . . 64WebSphere ~qwZ!{dCs;t/ - vTZ WebSphere Application Server V4.0.6 . . . . . . . . . 65

8] Tivoli Access Manager for WebSphere D~ . . . . . . . . . . . . . . . . . . . . . . . 66

Z 6 B LL:gNtC2+T . . . . . . . . . . . . . . . . . . . . . . . . . . 67LL:CZ Tivoli Access Manager for WebSphere Application Server V4.0.6 . . . . . . . . . . . . . . 67

gN9C>LL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Z 1 ?V:r LDAP C'"ammSC' . . . . . . . . . . . . . . . . . . . . . . . . 68Z 2 ?V:20 Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . 69Z 3 ?V:r WebSphere &CLrmS2+T . . . . . . . . . . . . . . . . . . . . . . 69Z 4 ?V:* WebSphere Application Server 4( Tivoli Access Manager \mC' . . . . . . . . . . 71Z 5 ?V:tC WebSphere 2+T . . . . . . . . . . . . . . . . . . . . . . . . . . 71Z 6 ?V:?p&CLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Z 7 ?V:bTQ?pD&CLrD2+T . . . . . . . . . . . . . . . . . . . . . . . . 73

iv IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O

Z 8 ?V:+&CLr(F= Tivoli Access Manager . . . . . . . . . . . . . . . . . . . . 73Z 9 ?V:bTQ?pD&CLrD2+T . . . . . . . . . . . . . . . . . . . . . . . . 75Z 10 ?V:|DG+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75Z 11 ?V:bTQ?pD&CLrD2+T . . . . . . . . . . . . . . . . . . . . . . . 76

LL:CZ Tivoli Access Manager for WebSphere Application Server V5.0.2 . . . . . . . . . . . . . . 76gN9C>LL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Z 1 ?V:r LDAP C'"ammSC' . . . . . . . . . . . . . . . . . . . . . . . . 77Z 2 ?V:20 Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . 78Z 3 ?V:r WebSphere &CLrmS2+T . . . . . . . . . . . . . . . . . . . . . . 78Z 4 ?V:* WebSphere Application Server 4( Tivoli Access Manager \mC' . . . . . . . . . . 80Z 5 ?V:tC WebSphere 2+T . . . . . . . . . . . . . . . . . . . . . . . . . . 80Z 6 ?V:?p&CLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Z 7 ?V:bTQ?pD&CLrD2+T . . . . . . . . . . . . . . . . . . . . . . . . 81Z 8 ?V:+&CLr(F= Tivoli Access Manager . . . . . . . . . . . . . . . . . . . . 82Z 9 ?V:bTQ?pD&CLrD2+T . . . . . . . . . . . . . . . . . . . . . . . . 83Z 10 ?V:|DG+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Z 11 ?V:bTQ?pD&CLrD2+T . . . . . . . . . . . . . . . . . . . . . . . 84

Z 7 B >}Yw8>E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85S Solaris >} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85S Windows >} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86S AIX >} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86S HP-UX >} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86S Linux >} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

=< A. |nN< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89pdwascfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90migrateEAR4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94migrateEAR5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

=< B. yw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Lj . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Jcm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

w} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

?< v

vi IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O

0T

6-9C IBM® Tivoli® Access Manager for WebSphere Application Server(Tivoli Access

Manager for WebSphere)#Kz7)9K Tivoli Access Manager T'V* IBM®

WebSphere™ Application Server x`4D&CLr#

IBM® Tivoli® Access Manager(Tivoli Access Manager)GKP IBM Tivoli Access

Manager z75PPD&CLryhDy!m~#|'V IBM Tivoli Access Manager

&CLrD/I,bya)Ks6'DZ(M\mbv=8#b)z7w*/Ibv

=8v[,|Ga)K;VCJXF\mbv=8,bV=8*gSLq&CLr/

PKxgM&CLr2+_T#

":IBM Tivoli Access Manager GH0"PDF* Tivoli SecureWay® Policy Director

m~DB{F#,y,TZl$ Tivoli SecureWay Policy Director m~MD5DC

',\m~qwVZF* policy server#

6IBM Tivoli Access Manager for WebSphere Application Server /I8O7a)K2

0"dCM\m8>E"#>D59a)KPX* WebSphere &CLrdC/P=2+

_TDLL#

>iDA_

>\m8OD?jC'|(:

v 2+\m1

v xg53\m1

v IT hF&

A_&1l$:

v rXx-i,|( HTTP"TCP/IP"D~+d-i(FTP)M telnet

v ?pM\m WebSphere Application Server 53M&CLr

v 2+\m,|,O$MZ(

g{Z9C2+WSVc(SSL)(E,z9&Cl$ SSL -i"\?;;(+CM(

C)"}V){"\kc(MO$PD#

>iDZ]

>D5|,TBBZ:

v Z 1 B,:i\MEv;

i\K* WebSphere Application Server a)Z(~qD Tivoli Access Manager i

~DEv#

v Z 2 B,:208>E";

hvKgN20 Tivoli Access Manager for WebSphere#

v Z 3 B,:dC}L;

© Copyright IBM Corp. 2002, 2003 vii

hvKgNdC Tivoli Access Manager for WebSphere#

v Z 4 B,:(F2+TG+;

hvKgN9C Tivoli Access Manager for WebSphere (F5CLrT+ Java 2

Enterprise Edition 2+TG+(F= Tivoli Access Manager C'Mi#

v Z 5 B,:\mNq;

hvKgN4P\m Tivoli Access Manager for WebSphere D\mNq#

v Z 6 B,:LL:gNtC2+T;

hvKgN* WebSphere Application Server &CLrmS2+T#2hvKg{+

2+E"(F= Tivoli Access Manager T0gNbTGqQI&tC2+T#

v Z 7 B,:>}Yw8>E";

hvKgN>} Tivoli Access Manager for WebSphere#

vfo

4iT Tivoli Access Manager JOb"X8vfoT0`XvfoDhv47(zI

\O*D)vfoPyoz#Z7(zh*Dvfo.s,kN<PXZ_CJvf

oD8>E"#

XZ IBM Tivoli Access Manager for e-business z7>mD=SE"IZTBX7R

=:

http://www.ibm.com/software/tivoli/products/access-mgr-e-bus/

Tivoli Access Manager JObITV*TB`p:

v :"PE";

v :Base E";

v Z ix 3D:Web 2+TE";

v Z ix 3D:*"_N<;

v Z x 3D:<u9d;

"PE"

v 6IBM Tivoli Access Manager for e-business kHDA7(G152-0804-00)

a)9C Tivoli Access Manager 20Mt/DE"#

v 6IBM Tivoli Access Manager for e-business "P5w7(G152-0805-00)

a)nBE",}gm~V^"d(=(,T0D5|B#

Base E"

v 6IBM Tivoli Access Manager Base 208O7(S152-0806-00)

5wgN20MdC Tivoli Access Manager Base m~,|( Web Portal Manager

SZ#CiG IBM Tivoli Access Manager for e-business Web Security Installation Guide

D;vS/,<Zkd| Tivoli Access Manager z7(g IBM Tivoli Access Manager

for Business Integration M IBM Tivoli Access Manager for Operating Systems);

p9C#

v 6IBM Tivoli Access Manager Base \m8O7(S152-0807-00)

viii IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O

http://www.ibm.com/software/tivoli/products/access-mgr-e-bus/

hv9C Tivoli Access Manager ~qDEnM}L#a)S Web Portal Manager g

fM(}9C pdadmin |n4PNqD8>E"#

Web 2+TE"

v IBM Tivol i Access Manager for e-business Web Securi ty Instal lat ion

Guide(S152-0808-00)

a)PX Tivoli Access Manager Base m~T0 Web Security i~D20"dCM

>}D8>E"#CiG6IBM Tivoli Access Manager Base 208O7D,/#

v IBM Tivoli Access Manager Upgrade Guide(SC32-1369-00)

5wgNS Tivoli SecureWay Policy Director V3.8 r Tivoli Access Manager DH

0f>}6= Tivoli Access Manager V5.1#

v 6IBM Tivoli Access Manager for e-business WebSEAL \m8O7(S152-0809-00)

a)9C WebSEAL \m2+ Web rDJ4D30JO"\mLr,T0<uN<

E"#

v 6IBM Tivoli Access Manager for e-business IBM WebSphere Application Server /

I8O7(S152-0810-00)

a)CZ+ Tivoli Access Manager k IBM WebSphere® Application Server xP/

ID20">}M\mD8>E"#

v IBM Tivoli Access Manager for e-business IBM WebSphere Edge Server Integration

Guide(SC32-1367-00)

a)CZ+ Tivoli Access Manager k IBM WebSphere Edge Server &CLrxP

/ID20">}M\mD8>E"#

v 6IBM Tivoli Access Manager for e-business Plug-in for Web Servers /I8O7

(S152-0813-00)

a)9C Web ~qwDe~#$ Web r2+D208>E""\mLr,T0<

uN<E"#

v 6IBM Tivoli Access Manager for e-business BEA WebLogic Server /I8O7

(S152-0811-00)

a)CZ+ Tivoli Access Manager k BEA WebLogic Server xP/ID20">

}M\mD8>E"#

v IBM Tivoli Access Manager for e-business IBM Tivoli Identity Manager Provisioning

Fast Start Guide(SC32-1364-00)

a)k+ Tivoli Access Manager M Tivoli Identity Manager /I`XDNqDEv,

"5wgN9CM20 Provisioning Fast Start /O#

*"_N<

v IBM Tivoli Access Manager for e-business Authorization C API Developer

Reference(SC32-1355-00)

a)hvgN9C Tivoli Access Manager Z( C API k Tivoli Access Manager ~

qe~SZ+ Tivoli Access Manager 2+TmS=&CLrPDN<JO#

v IBM Tivoli Access Manager for e-business Authorization Java Classes Developer


0T ix

a)9CZ( API D Java™ oT5V'V&CLr9C Tivoli Access Manager 2

+TDN<E"#

v IBM Tivoli Access Manager for e-business Administration C API Developer


a)XZ9C\m API 'V&CLr4P Tivoli Access Manager \mNqDN<

E"#>D5hv\m API D C 5V#

v IBM Tivoli Access Manager for e-business Administration Java Classes Developer


a)9C\m API D Java oT5V'V&CLr4P Tivoli Access Manager \m

NqDN<E"#

v IBM Tivol i Access Manager for e-bus iness Web Secur i ty Deve loper


a)PXgrO$~q(CDAS)"gr3dr\(CDMF)T0\kS?#iD\

mM`LE"#

<u9d

v IBM Tivoli Access Manager for e-business Command Reference(SC32-1354-00)

a)XZf Tivoli Access Manager a)D|nP5CLrME>DE"#

v IBM Tivoli Access Manager Error Message Reference(SC32-1353-00)

a) Tivoli Access Manager yzz{"D5wMFvDYw#

v IBM Tivo l i Acces s Manager for e -bus ines s Prob lem Determina t ion

Guide(SC32-1352-00)

a) Tivoli Access Manager DJb7(DE"#

v 6IBM Tivoli Access Manager for e-business T\w{8O7(S152-0812-00)

a)IxP IBM Tivoli Directory Server(w*C'"am)D Tivoli Access Manager

y9ID73DT\w{E"#

`Xvfo

b;?VPvKk Tivoli Access Manager JOb`XDvfo#

Tivoli Software Library a)K`V Tivoli vfo,}gW$i"}]m"]>"

Redbooks M(f/#Tivoli Software Library ISTB Web >cOq!:

http://www.ibm.com/software/tivoli/library/

Tivoli Software Glossary |,m`k Tivoli m~`XD<uuoD(e#Tivoli Software

Glossary(v"of)ISTB Tivoli Software Library Web 3fOs_D Glossary4Sq!:http://www.ibm.com/software/tivoli/library/

IBM Global Security KitTivoli Access Manager (}9C IBM Global Security Kit(GSKit)V7.0 a)}]S

\#GSKit |,ZT&ZzX(=(D IBM Tivoli Access Manager Base CD T0 IBM

Tivoli Access Manager Web Security CD"IBM Tivoli Access Manager Web Administration

Interfaces CD M IBM Tivoli Access Manager Directory Server CD O#

x IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O



GSKit m~|a) iKeyman \?\m5CLr gsk7ikm,|CZ4(\?}]b"+

C-(C\?TT0$iks#TBD5IS Tivoli Information Center Web >cOk

IBM Tivoli Access Manager z7D5`,D?VPR=:

v IBM Global Secur i ty Ki t Secure Sockets Layer and iKeyman User’s

Guide(SC32-1363-00)

*F.Zd Tivoli Access Manager 73PtC SSL (EDxgr532+\m1

a)K`XE"#

IBM Tivoli Directory ServerIBM Tivoli Directory Server V5.2 |,ZT&ZZ{Yw53D IBM Tivoli Access

Manager Directory Server CD O#

":IBM Tivoli Directory Server GH0"PDTB{Fm~DB{F:

v IBM Directory Server(V4.1 M V5.1)

v IBM SecureWay Directory Server(V3.2.2)

IBM Directory Server V4.1"IBM Directory Server V5.1 M IBM Tivoli Directory Server

V5.2 <\= IBM Tivoli Access Manager V5.1 D'V#

XZ IBM Tivoli Directory Server D=SE"IZTBX7R=:

http://www.ibm.com/software/network/directory/library/

IBM DB2 (C}]bIBM DB2® (C}]b™s5~qwf,f> 8.1 Z IBM Tivoli Access Manager

Directory Server CD Oa),"k IBM Tivoli Directory Server m~;p20#Z+

IBM Tivoli Directory Server"z/OS™ r OS/390® LDAP ~qwCw Tivoli Access

Manager DC'"am1,DB2 GXhD#

XZ DB2 D=SE"IZTBX7R=:

http://www.ibm.com/software/data/db2/

IBM WebSphere Application ServerIBM WebSphere Application Server Advanced Single Server Edition 5.0 |,ZT&Z

Z{Yw53D IBM Tivoli Access Manager Web Administration Interfaces CD O#

WebSphere Application Server tCT Web Portal Manager SZ(CZ\m Tivoli Access

Manager)M Web \m$_(CZ\m IBM Tivoli Directory Server)b=_D'V#

IBM WebSphere Application Server Fix Pack 2 2G Tivoli Access Manager yXhD,

"Z IBM Tivoli Access Manager WebSphere Fix Pack CD Oa)#

XZ IBM WebSphere Application Server D=SE"IZTBX7R=:

http://www.ibm.com/software/webservers/appserv/infocenter.html

IBM Tivoli Access Manager for Business IntegrationIBM Tivoli Access Manager for Business Integration w*I%@):Dz7a),* IBM

MQSeries® V5.2 M IBM WebSphere® MQ V5.3 D{"a)K2+Tbv=8#IBM

Tivoli Access Manager for Business Integration Jm WebSphere MQSeries &CLr(

}9Ck"MMSU&CLrX*D\?=\X"Rj{X"M}]#s WebSEAL M

0T xi

http://www.ibm.com/software/network/directory/library/

http://www.ibm.com/software/data/db2/


IBM Tivoli Access Manager for Operating Systems ;y,IBM Tivoli Access Manager

for Business Integration G9C IBM Tivoli Access Manager ~qDJ4\mw.;#

XZ IBM Tivoli Access Manager for Business Integration D=SE"IZTBX7R

=:

http://www.ibm.com/software/tivoli/products/access-mgr-bus-integration/

TBk IBM Tivoli Access Manager for Business Integration V5.1 `X*DD5IZ

Tivoli Information Center Web >cOqC:

v 6IBM Tivoli Access Manager for Business Integration \m8O7(S152-0085-01)

v 6IBM Tivoli Access Manager for Business Integration Jb7(8O7(G152-0676-00)

v 6IBM Tivoli Access Manager for Business Integration "P5w7(G152-0518-00)

v 6IBM Tivoli Access Manager for Business Integration kHDA7(G152-0675-00)

IBM Tivoli Access Manager for WebSphere BusinessIntegration BrokersIBM Tivoli Access Manager for WebSphere Business Integration Brokers w* IBM Tivoli

Access Manager for Business Integration D;?Vxa),* WebSphere Business

Integration Message Broker V5.0 M WebSphere Business Integration Event Broker V5.0

a)K2+bv=8#IBM Tivoli Access Manager for WebSphere Business Integration

Brokers (}a)yZ\kM>$DO$"/P(eDZ(MsF~q4k Tivoli Access

Manager -,KPT#$ JMS "</$)&CLr#

XZ IBM Tivoli Access Manager for WebSphere Integration Brokers D=SE"IZ

TBX7R=:


TBk IBM Tivoli Access Manager for WebSphere Integration Brokers V5.1 `X*D

D5IZ Tivoli Information Center Web >cOqC:

v 6IBM Tivoli Access Manager for WebSphere Business Integration Brokers \m8O7

(S152-0793-00)

v 6IBM Tivoli Access Manager for WebSphere Business Integration Brokers "P5w7

(G152-0794-00)

v 6IBM Tivoli Access Manager for Business Integration kHDA7(G152-0675-00)

IBM Tivoli Access Manager for Operating SystemsIBM Tivoli Access Manager for Operating Systems w*I%@):Dz7qC,}K

a)>zYw53ya)D&\Tb,9a)Z UNIX 53ODZ(_T5)c#IBM

Tivoli Access Manager for Operating Systems s WebSEAL M IBM Tivoli Access Manager

for Business Integration ;y,G9C IBM Tivoli Access Manager ~qDJ4\mw

.;#

XZ IBM Tivoli Access Manager for Operating Systems D=SE"IZTBX7R=:

http://www.ibm.com/software/tivoli/products/access-mgr-operating-sys/

xii IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O



http://www.ibm.com/software/tivoli/products/access-mgr-operating-sys/

TBk IBM Tivoli Access Manager for Operating Systems V5.1 `X*DD5IZ Tivoli

Information Center Web >cOqC:

v 6IBM Tivoli Access Manager for Operating Systems 208O7(S152-0190-00)

v 6IBM Tivoli Access Manager for Operating Systems \m8O7(S152-0571-00)

v 6IBM Tivoli Access Manager for Operating Systems Jb7(8O7(S152-0179-00)

v 6IBM Tivoli Access Manager for Operating Systems "P5w7(G152-0185-00)

v 6IBM Tivoli Access Manager for Operating Systems kHDA7(G152-0186-00)

IBM Tivoli Identity ManagerIBM Tivoli Identity Manager V4.5 w*I%@):Dz7xa),9zIT/P\mC

'(gC'j6M\k)M)&(a)r7zT&CLr"J4rYw53DCJ)#

Tivoli Identity Manager IT(}9C Tivoli Access Manager zmLrxk Tivoli Access

Manager /IZ;p#k*5zD IBM M'zmTq!XZ:rCzmLrD|`E

"#

XZ IBM Tivoli Identity Manager D=SE"IZTBX7R=:

http://www.ibm.com/software/tivoli/products/identity-mgr/

Z_CJvfo

TB Tivoli Software Library PZ_a)>z7DIF2D5q=(PDF)M/r,D

>jGoT(HTML)q=Dvfo:http://www.ibm.com/software/tivoli/library

*ZbPiRz7vfo,k%wb3fs`D Product manuals 4S#;sZ Tivoli

Software Information Center 3fOR="%wz7{F#

z7vfo|("P5w"208O"C'8O"\m18OT0*"_N<s+#

":*7#}7r! PDF vfo,kZ Adobe Acrobat0r!10Z(I(}%wD

~ → r!4T>C0Z)P!qJO3f4!r#

(z!n

(z!n&\ozmePP2(gP*\^FrPSuO-)DC'3{X9CwV

m~z7#TZCz7,zIT9C(z<u4c}"/@gf#2I9C|L!z

sj4Yw<NC'gfDyP&\#

*5m~'V

ZM3;Jb*5 IBM Tivoli m~'V.0,k%w;ZTB Web >cD Tivolisupport 4STCJ IBM Tivoli m~'V>c: http://www.ibm.com/software/support/

g{h*d|oz,rk(}9CTB Web >cD IBM Software Support Guide Py

hvD=(4*5m~'V: http://techsupport.services.ibm.com/guides/handbook.html

C8Oa)KTBE":

v SU'VyhD"aMJqhs

v g0Ek(!vZzyZDzRrXx)

0T xiii

http://www.ibm.com/software/tivoli/products/identity-mgr/


http://www.ibm.com/software/support/

http://techsupport.services.ibm.com/guides/handbook.html

v *5M''V.0&U/D;5PE"

>iP9CD<(

>N<iTX(uoMYwT0@5ZYw53D|nM769CKtI<(#

Ve<(

>N<iP9CKTBVe<(:

Ve QTk\'D>"X|V"N}"!n"Java `{T0TsxVD!4|nr

s!4lO|nyTVeT>#

1e d?"vfojbM&C?wDXb%JrLoyT1eT>#

HmVM

QTk\'D>"53{""C'XkdkDD>T0N}5r|n!n5x

V*4Dzk>}"|nP"A;dv"D~M?<{CHmVM#

Yw53Dnp

>iTZ8(73d?M?<{E9CK UNIX <(#9C Windows |nP1,TZ

73d?kC %variable% f; $variable,"C41f;?<76PD?v}1

\(/)#g{Z Windows 53O9C bash shell,rIT9C UNIX <(#

xiv IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O

Z 1 B i\MEv

IBM Tivoli Access Manager for WebSphere Application Server(Tivoli Access Manager

for WebSphere)G IBM Tivoli Access Manager(Tivoli Access Manager)D)9,|

* IBM WebSphere Application Server &CLra)KyZ]wDZ(M/P=_T\

m#

Tivoli Access Manager for WebSphere 9 Tivoli Access Manager WZ9C,,1*

WebSphere Application Server J4Mk WebSphere Application Server ^XDJ4a

)/P=2+_T\m#

Tivoli Access Manager a)KT+2m]"C'E*D~MZ(zFD\m#Tivoli

Access Manager 2a)K<NC'gf5CLr - Tivoli Access Manager Web Portal

Manager,|IT,1CwJCZ Java™ 2 Enterprise Edition(J2EE)DJ4M;JC

Z J2EE DJ4D%v2+\mc#

WebSphere Application Server 'V J2EE 2+T`M API#Tivoli Access Manager for

WebSphere 'V9C J2EE 2+T`D WebSphere &CLr#;h*T&CLrxP

NN`kr?p|D,Tivoli Access Manager for WebSphere M\a)K'V#

Tivoli Access Manager for WebSphere ITk WebSphere ]w/IZ;p,9|G\

9C Tivoli Access Manager 2+rya)D2+~q#Z20 Tivoli Access Manager

for WebSphere .0,XkH?p2+r#

Tivoli Access Manager DBC'Z?p Tivoli Access Manager 2+r.0,&14i

Tivoli Access Manager 2+#M#K&a)KrLD**#

Tivoli Access Manager G;vj{DZ(Mxg2+_T\mbv=8,|a)KTX

mOV"ZZ?xMb?xODJ4DKTK#$#

Tivoli Access Manager _PnBD2+_T\mDXw#Kb,Tivoli Access Manager

9'VO$"Z("}]2+TMJ4\m\&#+ Tivoli Access Manager kyZr

XxDj<&CLraO9C,I9(_H2+M\m<CDZ?xMb?x#

Tivoli Access Manager ZdKD&a):

v O$r\

Tivoli Access Manager 'V6'c:DO$zF#+Gk"b,Z9C Tivoli Access

Manager for WebSphere .0,WebSphere *4PdTmDO$=h#

v Z(r\

(}j< J2EE Z(`CJD Tivoli Access Manager Z(~qa)KT>z Tivoli

Access Manager ~qwMZ}=&CLrDCJksDJmM\xv_#

(}4iz7D5,zITKbPX Tivoli Access Manager D|`E"(|(xP?

pv_yXhDE")#kSTB8O*<:

v 6IBM Tivoli Access Manager Base 208O7

© Copyright IBM Corp. 2002, 2003 1

K8OhvKgNf."20MdC Tivoli Access Manager 2+r#;5PrW2

0E>9z\lY?p&\j+D2+r#*?p2+r("-M1,b)E>+

G.VPCD#

v 6IBM Tivoli Access Manager Base \m8O7

KD5a)KCZ\m\#$J4D Tivoli Access Manager 2+#MDEv#K8

OhvKgNdCxPCJXFv_D Tivoli Access Manager ~qw#mb,9P

hvgN4PX*Nq,gyw2+_T"(e\#$Ts{FUdM\mC'M

iE*D~Dj88>E"#

+ Tivoli Access Manager k WebSphere Application Server /I

Tivoli Access Manager for WebSphere )9K Tivoli Access Manager 2+#MTcC

Z* IBM WebSphere Application Server 9(D&CLr#2+#MCZTB==:

1C'(we)T<CJ\#$J41,WebSphere 4PTBNq:

v O$we#

v 1Z&CLrD?phv{P8(2+T(ywD2+T)1,WebSphere ]w7(

h*CJJ4DG+,"9C Tivoli Access Manager for WebSphere 47(GqQ

-*10weZ(yhDNNG+#

v 1&CLr*"_Q+2+Tzk1SmS=&CLrP(`L2+T)1,

WebSphere ]w9C Tivoli Access Manager 44PXhDG+I1Jqli#

2 IBM Tivoli Access Manager for e-business: IBM WebSphere Application Server /I8O

m 1 {vKTBB~rP:

1. ZKPxP J2EE 2+TD WebSphere &CLr,"RC'T<CJ\#$J41,

WebSphere 9CC'"am4O$C'#}g,Z< 1 P,WebSphere Advanced

Edition(`~qwf>)TU IBM Directory C'"am4xPO$#k Tivoli

Access Manager 2mC'"am#(TZ WebSphere Advanced Edition Single Server,

rTUyZwzD2+TxPO$#)

2. 1C'ksCJ\#$D=(rJ41,WebSphere ]w9C4T J2EE &CLr

?phv{DE"47(yhDG+I1Jq#

3. WebSphere ]w9C/ID Tivoli Access Manager #i4S Tivoli Access Manager

authorization server ksZ(v_(0QZ(1r0Q\x1)#

g{fZ=SDOBDE",r WebSphere ]w2+|+]x authorization server#

I!DOBDE"|,%*{"wz{M~qw{#g{ Tivoli Access Manager _

T}]b*NNOBDE"8(K_T,r authorization server ITZxPZ(v

_19CKE"#

4. authorization server N<2mDC'"amPD Tivoli Access Manager C'(e#

(}G9C WebSphere Advanced Edition Single Server,qr+k WebSphere ;

p2mC'"am)#authorization server SEN<Z Tivoli Access Manager \#

$Ts{FUdP*8(C'(eDmI(#\#$Ts{FUd|,Z< 1 Py

>D_T}]bP#

< 1. Tivoli Access Manager k WebSphere Application Server ;p?p

Z 1 B i\MEv 3

5. Tivoli Access Manager authorization server +CJv_5X= WebSphere ]w#

6. WebSphere Application Server ITZ(r\xT\#$=(rJ4DCJ#

Java 2 Enterprise Edition yZG+D2+T

Java 2 Enterprise Edition(J2EE)2+T9CweDEn4zm4Pn/D5eDm]#

5eITGK(C')rxL#mb,J2EE 9CgBhvDG+En#

=(3dIG+#Bm4TxP&CLrDy>,C4(eG+M3d=G+D=

(#BmPDu?QZ(m>G+ITCJ8(D=(#

m 1. +=(3d=G+

G+

=(

getBalance deposit closeAccount

Teller QZ( QZ(

Cashier QZ(

Supervisor QZ(

SB4,TO(eDG+IT3d=weM/ri#Bm%*qPDu?wCm>w

eriITwCQZ(xCG+DNN=(#

m 2. weriD=(wCmI(

we/i

G+

Teller Cashier Supervisor

TellerGroup wC

CashierGroup wC

SupervisorGroup

Frank(;vwe,;GT

ONNiDI1)

wC wC

ZOmP,we Frank \wC getBalance M closeAccount =(,+;\wC

deposit =(,r*;P+K=(Z(x Cashier r Supervisor G+#

+weMi3d=G+

Z&CLrKP1.0,KP Tivoli Access Manager for WebSphere (F5CLrT

2k Tivoli Access Manager \#$Ts{FUd#(F5CLrS J2EE &CLr?

phv{qCG+M=(D`XE"#

Z&CLrKP1&,1C'ksCJ\#$DJ41,+r WebSphere ]w+]TB

E":

v Principal

C'QO$Dm]#

v RoleName

G+{F#

v AppName


&CLr{F#

v CellName

xgOwz53ViD{F#

v HostName

|,Z CellName PDwz53D{F#

v ServerName

HostName w\D~qwD{F#

G+{FGS?phv{P=(=G+D3dPIzx4D#1!ivB,Tivoli Access

Manager DCJliGyZ RoleName M AppName 4PD#IT=cX)9CJ

liT<G CellName"HostName M ServerName#b)5<GI!D,"R;P

(eK|G1ETdxP@@#

Tivoli Access Manager CJXFm(ACL)7(QVdxweD) J2EE &CLrG+#

(F5CLr+ ACL =S=\#$Ts{FUdPD AppName O#

B< 2 {vKTBB~rP:

1. Z&CLrKP1.0,Tivoli Access Manager for WebSphere (F5CLrCJ

J2EE &CLr?phv{4i!PXG+M0G+=we1r0G+=i13dD

E"#

2. (F5CLr+E"*;* Tivoli Access Manager q=,"+|+]x Tivoli Access

Manager policy server#

3. policy server +u?mS=\#$Ts{FUdTm>*&CLr(eDG+#1Z

?phv{P(eK0G+=we1r0G+=i13d1,`&Dweri+m

S=kBTs,SD ACL P#

Z 1 B i\MEv 5

Tivoli Access Manager 2+#M9Cf"Z\#$Ts{FUdPD(e49( ACL

IT,SDJ4cNa9#b) ACL (eKG+=C'riD3d#

B< 3 {vgNIT+ ACL &CZhvG+D\#$Ts{FUd#yP WebSphere

&CLrD\#$Ts{FUdGIF* WebAppServer D%c\#$TsyiID#

WebAppServer TsP;vF* deployedResources DSTs#b=vTs{F;p

d1Z WebSphere &CLrP(eDyP J2EE G+D%c0:#

< 2. +G+3d= Tivoli Access Manager \#$TsUd


G+ZcNa9DB;6P(e*TG+ RoleName 8(DJ4#CTs}B=Gzm

&CLr AppName DJ4#Z AppName \#$TsBG`vI!DJ4,(eb)

J4IT|+7XFTG+DCJ#I!J4G CellName"HostName M ServerName#

ZOfD< 3 P,ACL 1 Z( user1 ZxgDNN;CDNb&CLrPCJ8(D

RoleName#User2 M group1 Gb=\xDCJ#

Z Tivoli Access Manager 2+#MP,b)CJhCGS\#$TsUdcNa9P

D RoleName B(eDTsLPD#1!ivB+"zKLP#rK,Z< 3 P,C

JhCGSm> AppName/CellName/HostName/ServerName DTsLPD#

P1,2+_T*s;Z ACL ,ScBDTsDCJhCXkkLPDCJhC;,#

ZbVivB,Tivoli Access Manager \m1(e;v|,yhCJhCDB ACL#

SE\m1+B ACL =S=8(XFc&DTs#bvB ACL 2GLPDCJhC#

}g,1&CLrZX(wzDX(~qwODX(%*PKP1,2+_TITf

(;&CZh user1 RoleName mI(#*5)K_T,\m1(e;v^FT|?D

ACL,g< 3 D ACL 2 y>#K ACL \xT user1"user2 M grp1 DCJ#SE

\m1=SK ACL = ServerName Ts,CTsm>CJXk\^FD~qw#

< 3 T>S ACL 2 = ServerName D,S#k"b ACL 2 ;&CZ8(D~qw#

1Z HostName B(eK`v ServerName Ts1,ACL 2 ;&CZ|y,S=D

ServerName Ts#cNa9Db;cPyPd| ServerName TsTILPZ ACL 1P(eDCJhC",S= RoleName#

PXZ\#$Ts{FUdP9C ACL D|`E",kND6IBM Tivoli Access

Manager Base \m8O7#

< 3. + ACL ,S=\#$Ts{FUdPDTs#

Z 1 B i\MEv 7

`v WebSphere ~qwD/P_T\m

Tivoli Access Manager a)K2+_TD/P\m#Tivoli Access Manager IT\m

g`v WebSphere Application Server D2+_T#Kb,Tivoli Access Manager 99

C`,D#M4\mgG WebSphere &CLrD2+T#

Z+ J2EE &CLrD?phv{PhvDG+Mweri3d(F= Tivoli Access

Manager "RQ-r Tivoli Access Manager "aKC'Mi.s,zIT9C Tivoli

Access Manager \m$_\mT2+T(eDx;=|D#9C Tivoli Access Manager

Web Portal Manager 4\mkG+=we/iD3d`XD2+T(ePD|D#9C

WebSphere XF(4xPd|k2+T`XD|D#k"b,(} WebSphere XF(

TG+3dyxPD|D+T Tivoli Access Manager 2+#M;I{#

9CTB Tivoli Access Manager $_4\m2+_T:

v Tivoli Access Manager Web Portal Manager

Web Portal Manager G Tivoli Access Manager \mXF(#KXF(a)K\mZ

Tivoli Access Manager \#$Ts{FUdP(eD Tivoli Access Manager C'"

YwMJ4D<NC'gf#IT9CCXF(44(M\m ACL#XF(2ITC

4\mC'"amPDC'MiD(e#

v pdadmin

pdadmin 5CLrG;vyZ|nPD5CLr,CZ\m Tivoli Access Manager

2+#M#bv&\?sD5CLrITCZ\m Tivoli Access Manager \#$T

s{FUdDwv=f,|(C'"Ts"J4M ACL#,1,pdadmin 9IT\

mC'"amPDC'Miu?#\m1ITZE>rLrP9Cbv5CLr4

T/4P\mNq#

PX|`E",kND6IBM Tivoli Access Manager Base \m8O7#

v Tivoli Access Manager \m API

Tivoli Access Manager * pdadmin M Web Portal Manager 5VD\mNqa)

K`LSZ#&CLr*"_IT9C C r Java API 44PX(Z&CLrD\

mNq#

PX|`E",kND IBM Tivoli Access Manager for e-business Administration C

API Developer Reference r IBM Tivoli Access Manager for e-business Administration

Java Classes Developer Reference#


O< 4 {vK Tivoli Access Manager g`v WebSphere ~qwD2+T\m#Q-

Zzw A Of WebSphere Application Server 20K Web Portal Manager#pdadmin5CLrT>ZG WebSphere 53zw B O#

Web Portal Manager M pdadmin <9Czw D OD policy server 4\m2+_T#

Tivoli Access Manager authorization server IT20Z@"Z WebSphere 53D53

O#Z< 4 P,zw E w\ WebSphere Application Server#K~qwP;vQ/I

=:pZ(v_D WebSphere ]wD Tivoli Access Manager for WebSphere #i#K

WebSphere ]wSzw F OD Tivoli Access Manager authorization server q!Z(v

_#

authorization server 2IT20Zk WebSphere Application Server `,D53O,g

zw G Oy>#Tivoli Access Manager D&\kZ%@53OD~qwya)D&\

(gzw E Mzw F Oy>)G`,D#ZxPZ(v_1,+ authorization server

k WebSphere Application Server ;p(;+E/T\#(i9CKdC#

< 4. Tivoli Access Manager a)KT`v~qwD/P=\m#

Z 1 B i\MEv 9

k"b,Tivoli Access Manager _T}]bGSzw D 4F=zw F Mzw G D#

K4F+a_T\"a)JO*F\&#

< 4 2T>K Tivoli Access Manager ~qwM WebSphere ~qw2mzw C OD

LDAP C'"am#< 4 Y(9CDG WebSphere Advanced Edition(`~qw)#1

9C WebSphere Advanced Edition Single Server 1,;2mC'"am#


Z 2 B 208>E"

>B|,TBwb:

v :m~Z];

v :'VD=(;

v Z 12 3D:ELMZf*s;

v Z 12 3D:X8m~;

v Z 14 3D:C'"amHvu~;

v Z 15 3D:ST0D"Pf}6;

v Z 18 3D:9C>z5CLr20 Tivoli Access Manager for WebSphere;

m~Z]

Tivoli Access Manager for WebSphere a)K;vIk WebSphere Application Server

/IDi~,":pG+=we/iDyP3d#

Tivoli Access Manager for WebSphere 9a)K;v(F5CLr,C5CLrIC4

S Java 2 Enterprise Edition(J2EE)?phv{+0G+=we1r0G+=i1D3

d<k Tivoli Access Manager 2+#=#K5CLrITS9ur)9D WebSphere

s5i5(EAR)D~(F}]#

Tivoli Access Manager for WebSphere V"|,TBm~:

v Tivoli Access Manager for WebSphere Java `

v CZ Java `DdCE>,F* pdwascfg

v (F5CLr migrateEAR4 M migrateEAR5

v ]>(F5CLrM Java `DC>Dy>LLzk

'VD=(

PvD WebSphere Application Server Df>ZTB=(O'V Tivoli Access Manager

for WebSphere:

v WebSphere Application Server V4.0.6

– IBM AIX 5.1 M 5.2

– Sun Solaris 8

– HP-UX 11i

– Microsoft Windows 2000 Server M Advanced Server(Service Pack 3)

– IA32 OD SuSE SLES8

v WebSphere Application Server V5.0.2

– IBM AIX 5.1 M 5.2

– Sun Solaris 8 M 9

– HP-UX 11i


– Microsoft Windows 2000 Server M Advanced Servers(Service Pack 3)

– Windows 2003 Standard Server M Enterprise Server

– IA32 M zSeries OD SuSE SLES8

WebSphere Application Server V5.1 D'V

WebSphere Application Server V5.1 k Tivoli Access Manager for WebSphere ;pr

|a)#TZ9C WebSphere Application Server V5.1 DM',^h20 Tivoli Access

Manager for WebSphere#

9C WebSphere Application Server V5.1 DM'&CvTZ 11 3DZ 2 B, :20

8>E";PD8>E",x4Z 36 3D:Z WebSphere Application Server V5.1 7

3PdC Tivoli Access Manager for WebSphere;PD8>E"Yw#

ELMZf*s

Tivoli Access Manager for WebSphere PTBELMZf*s:

v 64 MB RAM,(i 128 MB#

bG} WebSphere Application Server MNNd| Tivoli Access Manager i~y8

(DZf*sTbmhDZf?#d| Tivoli Access Manager i~yhDZf?+

!vZwz53O20D) Tivoli Access Manager i~#PX|`E",kND

6IBM Tivoli Access Manager Base 208O7#

v 2 MB ELUd,(i 4 MB#

K*s,vK WebSphere Application Server MNNd| Tivoli Access Manager i

~yhDELUd#

v 5 MB ELUd,CZU>D~#

KUd;|(Zm~i~yhDUdZ#

X8m~

TB8Z[v Tivoli Access Manager for WebSphere k WebSphere Application Server

73/IDHvu~#

v :WebSphere Application Server;

v Z 13 3D:Tivoli Access Manager Base;

v Z 14 3D:Java Runtime Environment;

WebSphere Application ServerXkZwz53O20K WebSphere Application Server DTBf>.;,E\20

Tivoli Access Manager for WebSphere:

v IBM WebSphere Application Server Advanced Edition V4.0.6

r

IBM WebSphere Application Server Advanced Edition Single Server V4.0.6

v IBM WebSphere Application Server V5.0.2

v IBM WebSphere Application Server V5.1


Xk+ WebSphere Application Server Advanced Edition V4.0.6 M 5.0.2 T0 WebSphere

Application Server V5.1 dC*9C+k Tivoli Access Manager 2mDC'"am#

Xk+ WebSphere C'Mi<k Tivoli Access Manager P#

":2mC'"amD*s;JCZ WebSphere Application Server Advanced Edition

Single Server V4.0.6#Cf>9CyZwzD2+T#XZ|`j8E",kND

Z 51 3D:WebSphere Advanced Edition Single Server V4.0.6;#

XZ20 IBM WebSphere Application Server DD5ZTBX7a):

http://www-4.ibm.com/software/webservers/appserv/doc/v40/ae/infocenter/was/nav_pdf.html

g{zG IBM WebSphere Application Server DBC',kN< Getting Started with

IBM WebSphere Application Server 8O#K8OZTO Web >cPa)#

Tivoli Access Manager BaseTivoli Access Manager for WebSphere *sZ>XwzOAY20;v Tivoli Access

Manager i~,"*s(" Tivoli Access Manager 2+r#(#,2+rGg`v5

3V<D#

>XwzODXhi~

Tivoli Access Manager for WebSphere *sZw\ WebSphere Application Server D>

XFczO20 Access Manager Java Runtime Environment i~#bG'V Tivoli

Access Manager for WebSphere D Tivoli Access Manager Base X8m~DnM*s#

Tivoli Access Manager for WebSphere ;*sZw\ WebSphere Application Server D

>XFczO20NN=SD Tivoli Access Manager i~#

>XwzODI!i~

d;;h*Z>XwzOmSNN=SD Tivoli Access Manager i~,+IT(}Z

WebSphere Application Server yZD,;wzO20 Tivoli Access Manager authorization

server 4E/T\#Tivoli Access Manager KP173G authorization server DHv

u~#g{Z WebSphere wzO20 authorization server,r9XkZKzwO20

Tivoli Access Manager KP173#b=vi~<Gw* Tivoli Access Manager Base

z7D;?V4V"D#

Tivoli Access Manager 2+r

Tivoli Access Manager for WebSphere Xk\;CJ Tivoli Access Manager 2+r#

(F$_Xk\*5 Tivoli Access Manager policy server#*K5VnQT\,(iZ

2+rP220;vr`v Tivoli Access Manager authorization server#by,20K

IBM WebSphere Application Server .s,XkZ20 Tivoli Access Manager for

WebSphere 0(";v2+r#

*("2+r,Xk20MdC policy server#(#,|k WebSphere Application Server

;Z,;wzOKP#ITZ WebSphere Application Server wzOrd|53O20

MdC authorization server#

PX20MdC Tivoli Access Manager 2+r(|( Access Manager Java Rntime

Environment)D|`E",kND6IBM Tivoli Access Manager Base 208O7#

Z 2 B 208>E" 13

Java Runtime Environmentw\ Tivoli Access Manager for WebSphere DFcz53Xk20 Java Runtime

Environment V1.3.1:

Java Runtime Environment Gw* IBM WebSphere Application Server 20D;?V2

0MdCD#Tivoli Access Manager for WebSphere 9C`,D Java Runtime

Environment#

":Tivoli Access Manager for WebSphere 29C Access Manager Java Runtime

Environment#Access Manager Java Runtime Environment )9K V1.3.1 D Java

runtime#

C'"amHvu~

Tivoli Access Manager for WebSphere w* Tivoli Access Manager 2+rD;?VK

w#2+rD policy server 9CC'"am4\mC'MiE"#

Tivoli Access Manager for WebSphere 'V Tivoli Access Manager Base y'VDy

PC'"am`M:

v IBM Directory Server

v Sun ONE Directory Server

v IBM Lotus Domino Server

v Microsoft Active Directory,|(G&CLrf>#

v Novell eDirectory

PX?;C'"am`MD'Vf>Dj{Pm,kND6IBM Tivoli Access Manager

Base 208O7#

Sun ONE Directory Server V5.1 M 5.2 \ Tivoli Access Manager Base 'V+G;\

WebSphere Application Server 4.0.6 r 5.0.2 'V#kND WebSphere Application Server

DX8m~3fT7Of>:

WebSphere Application Server V4.0.6

http://www.ibm.com/software/webservers/appserv/ doc/v40/prereqs/ae_v406.htm

WebSphere Application Server V5.0.2

http://www.ibm.com/software/webservers/appserv/ doc/v50/prereqs/was_v502.htm

?v20DC'"amHvu~2yZk Tivoli Access Manager for WebSphere ;p

9CD WebSphere Application Server f>#

v WebSphere Application Server Advanced Edition V4.0.6 T0 WebSphere Application

Server V5.0.2 M 5.1#

Z20 Tivoli Access Manager for WebSphere 09CC'"amXkzc=vHv

u~:

– Xk+ Tivoli Access Manager policy server M WebSphere Application Server d

C*9C,;C'"am#


http://www.ibm.com/software/webservers/appserv/doc/v40/prereqs/ae_v406.htm

http://www.ibm.com/software/webservers/appserv/doc/v50/prereqs/was_v502.htm

– Xk+* WebSphere Application Server (eDNNVPC'Mi<k Tivoli Access

Manager C'?<,TI* Tivoli Access Manager C'Mi#K&D<kb6E

+)9D Tivoli Access Manager tT,,VPDC'Mi(e;pmS= Tivoli

Access Manager 2+#=P#

IT9C pdadmin |nV$+C'<k Tivoli Access Manager C'"amP#

9C IBM Directory LDAP D Tivoli Access Manager 2+rIT9C Directory

z?0k&\#

PX9C pdadmin |nV$<kC'D|`E",kND6IBM Tivoli Access

Manager Base \m8O7#

PXz?0k IBM Directory C'D|`E",kND6IBM Tivoli Access Manager

for e-business T\w{8O7#

v WebSphere Application Server Advanced Edition Single Server V4.0.6

WebSphere Advanced Edition Single Server ;9CNNb?C'"am#`4,|9

CyZwzD2+T4$w#wz53OD?vC'J'XkZ Tivoli Access

Manager 9CDC'"amPP;v,HDu?#

":TyZwzD2+Txf1dFFyvDNN|D2Xk|D= Tivoli Access

Manager 9CDC'"amP#

ST0D"Pf}6

Tivoli Access Manager for WebSphere ITSBfD0"Pf}6:

v IBM Tivoli Access Manager for WebSphere Application Server V3.9

v IBM Tivoli Access Manager for WebSphere Application Server V4.1

}6}L|(!{dC0"Pf">}0"Pf,;s20 Tivoli Access Manager for

WebSphere V5.1 "dC|#

*}6 Tivoli Access Manager for WebSphere,kjITB=h:

1. !{dC">}0"Pf#k4`XC'8OPT&ZYw53D>}8>E"Y

w:

v 6IBM Tivoli Access Manager for WebSphere Application Server C'8O,V3.97

v IBM Tivoli Access Manager for e-business WebSphere Application Server User’s

Guide, Version 4.1

2. +X8D Tivoli Access Manager y!|M2+rS V3.9 r V4.1 }6= V5.1#

7(Zw\ Tivoli Access Manager for WebSphere DFczO20D) Tivoli Access

Manager y!|#?N?pAY|( Access Manager Java Runtime Environment#

y] Tivoli Access Manager 2+rDXKa9,wzI\9|(:

v Tivoli Access Manager KP173

v Tivoli Access Manager policy server

v Tivoli Access Manager authorization server

1>XFcz53;|( policy server r authorization server 1,zXkWH}6

w\G)~qwDFcz53OD2+r#1 policy server M authorization server

}6= V5.1 1,zMITZ>XFczO}6 Access Manager Java Runtime

Environment m~|K#

Z 2 B 208>E" 15

1>XFcz|, policy server M authorization server 1,zIT;N}6yPD

Tivoli Access Manager y!|#

PX}6 Tivoli Access Manager y!|M2+rD8>E",kND6IBM Tivoli

Access Manager Base 208O7#kZjICD5PD8>E"sLx4PB;

=#

3. 20 Tivoli Access Manager for WebSphere D10f>#k4:9C20r<xP

20;rZ 18 3D:9C>z5CLr20 Tivoli Access Manager for WebSphere;

PD=hYw#

20skdCm~#

9C20r<xP20

install_amwas 20r<(}TJ13r20MdCTBi~xr/K Tivoli Access

Manager for WebSphere 53D20#

v Access Manager Java Runtime Environment

v Tivoli Access Manager for WebSphere Application Server

Z4P20r<.0,+h*hC UNIX M Windows OD WAS_HOME 73d?T0

UNIX OD PDWAS_HOME 73d?#

*+ WAS_HOME 73d?hC* WebSphere Application Server 20?<,k+?<|

D* WebSphere_install_directory/bin "KPTB|n:

UNIX

setupCmdLine.sh

Windows

setupCmdLine.bat

Z UNIX =(O,+ PDWAS_HOME 73d?hC*+20 Tivoli Access Manager for

WebSphere D;C:

PDWAS_HOME=/opt/amwasexport PDWAS_HOME

7# WebSphere Application Server f=D Java Runtime PD java /bin ?<;Z5

376DZ;;#

*9C install_amwas r<20MdC Tivoli Access Manager for WebSphere

Application Server,k4TB=hYw:

1. 7#rPQ-20K Tivoli Access Manager "am~qw"policy server M

authorization server#

2. 7#20KyPX*DYw539!#`XE"kNDZ 12 3D:X8m~;#

3. *9C}"o(1!oT)TbDoTi44,M{",zXkZKP20r<.

020oT'Vm~|#

4. 7#ZKzwO20MdCK WebSphere Application Server#

5. 4PTB?VPEvDdC=h:

v Z 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access

Manager \mC';


v Z 27 3D:Z 2 ?V:tC WebSphere 2+T;

v Z 31 3D:Z 5 ?V a:(F WebSphere 2+ThC - WebSphere V4.0.6;

rZ 33 3D:Z 5 ?V b:(F WebSphere 2+ThC - WebSphere V5.0.2;

(!vZz}ZKPD WebSphere Application Server Df>)#

6. Z Windows 53O,Zt/20r<.0KvyP}ZKPDLr#

7. #9 WebSphere Application Server#

8. KP install_amwas Lr,CLr;Z AIX"HP-UX"Linux"Solaris M Windows

=(9CD Tivoli Access Manager Web Security CD ODy?<P#

":g{4Z1!;C20 WebSphere Application Server,rZKP install_amwas|n1(}9C -is javahome !n48(d;C#}g:

install_amwas -is:javahome websphere_install_dir/AppServer/java/jre

20r<*<#

a. T>!q20oTT0r#!qJ1DoT"%w7(#

b. T>6-T0r#%wB;=#

c. ZmI$-iT0rP,g{S\mI$unMu~,r%wR,b#

d. g{P420 Tivoli Access Manager Base i~,rVZ+a>z20|G#%

wB;=TLx AMJRTE 20#g{ AMJRTE Q-20,r20r<Lx4

P=h e#qr,+T> AMJRTE 73dC0Z#9CBmw*8OdkdC

5#

dC!n hv 1!5

Policy server wz{* policy server D+^(wz{#}g:pdmgr.tivoli.com n/a

Policy server SSL KZ* policy server l} SSL ksDKZE# 7135

JRE ?<* Q20Df WebSphere Application Server a)D JRE

D76#g{9C -is:javahome !n20,rT>D

76G javahome !n8(DGv76#

n/a

* m>XhD!n

e. a>zdk Tivoli Access Manager for WebSphere Application Server 20?<#

S\1!5"%wB;=#

f. a>zdkdCn#9CBmw*8Odkb)5#

m 3. install_amwas 20r<dC!n#

dC!n hv 1!5

6L ACL C' *

C44( Access Manager &CLrj

6D{F,Cj6I Tivoli Access

Manager for WebSphere C44P(^

li#}g:pdpermadmin

n/a

sec_master \k *Tivoli Access Manager sec_master \m

1J'D\k#n/a

Policy server wz{ *policy server D+^(wz{#}g:

pdmgr.tivoli.com

Policy server KZE * policy server l}ksDKZE# 7135

Z 2 B 208>E" 17

m 3. install_amwas 20r<dC!n# (x)

Authorization server wz{ *

Tivoli Access Manager for WebSphere

9CD authorization server Dwz{#

(iKwz{k WebSphere wz{`

,#}g:pdacld.tivoli.com

Authorization server KZE *authorization server l} SSL ksDK

ZE#7136

*4PDdC`M# all"local r remote# all

g{Kz7f WebSphere r|,rhC

* true#

9C20r<201,b&C<Uh

C* false#false

Q20D WebSphere Application Server

Df>#*

Q20D WebSphere Application Server

Df>#!nP:WAS5 r WAS4#WAS5

Tivoli Access Manager for WebSphere

Application Server 20?<#

k*20 Tivoli Access Manager for

WebSphere D?<#K?<1!*ZH

0D200ZPdkD5#

n/a

WebSphere Application Server 20?<#

*

20K WebSphere Application Server

D ? < # K ? < & C h C * k

WAS_HOME 73d?`,D5#

n/a

+*dCD JRTE tTD~D URL#= AMJRTE PdPerm.properties D

URL 76n/a

AMJRTE keystore D~D URL#

= AMJRTE keystore D URL 76,

Z?CZk policy M authorization

server (E#

n/a

* m>XhD!n

":TZ Windows 20,1a> Access Manager Runtime Environment DdC!

n1,k7#z*k WebSphere Application Server ;pa)M20D JRE 8

( JRE ?<#}g:

websphere_install_dir\AppServer\java\jre

9C>z5CLr20 Tivoli Access Manager for WebSphere>ZhvgN20 Tivoli Access Manager for WebSphere,|(Z(i~M(F5CL

r#

jIJCZzDYw53D8>E":

v :Z Solaris O20;

v Z 19 3D:Z AIX O20;

v Z 20 3D:Z HP-UX O20;

v Z 21 3D:Z Linux O20;

v Z 22 3D:Z Windows O20;

Z Solaris O20

Tivoli Access Manager for WebSphere 20+m~|dCkD~b9uV*&m#9C

pkgadd Z Solaris O20m~|#


":g{zQ-20MdCK Tivoli Access Manager for WebSphere "Rh*XB2

0|,rXkWH!{dC">}|#kNDZ 85 3D:S Solaris >};#

*Z Solaris O20 Tivoli Access Manager for WebSphere,kjITB8>:

1. T root C'G<#

2. i$GqQzc20 Tivoli Access Manager for WebSphere DHvu~#

*4im~`XT,kNDZ 12 3D:X8m~;#

3. i$GqQdC Tivoli Access Manager policy server M WebSphere Application Server

9C,;C'"am#

":b;=;JCZ WebSphere Advanced Edition Single Server#

*4iC'"am`XT,kNDZ 14 3D:C'"amHvu~;#

4. i$GqQ+ WebSphere Application Server C'MiSC'"am<k= Tivoli

Access Manager C'"am#=P#

IT9C Tivoli Access Manager pdadmin |nV$<kC'#}g,CZ<k

LDAP C'Do(*:

pdadmin> user import UserID Distinguished_Name_of_the_user_in_LDAP

PX pdadmin D|`E",kND6IBM Tivoli Access Manager Base \m8O7#

TZ IBM Directory LDAP 73PDs?C',k<G9C LDAP z?<k&\#

PX|`E",kND6IBM Tivoli Access Manager for e-business T\w{8O7#

5. ek IBM Tivoli Access Manager Web Security for Solaris CD#

6. 20TBm~|(;N;v):

pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages

dP:

v -d /cdrom/cdrom0/solaris - 8(m~|D;C#

v -a /cdrom/cdrom0/solaris/pddefault - 8(20\mE>D;C#

packages gB:

v PDJrte - Access Manager Java Runtime Environment m~|#

v PDWAS - Tivoli Access Manager WebSphere Application Server m~|#

":b)m~|Xk20Zk WebSphere Application Server `,D53O#

7. SB4dC Tivoli Access Manager for WebSphere#PX8>E"k*AZ 25 3D

Z 3 B, :dC}L;#

Z AIX O20

Tivoli Access Manager for WebSphere 20+m~|dCkD~b9uV*&m#


0|,rXkWH!{dC">} Tivoli Access Manager for WebSphere m~|#

kNDZ 86 3D:S AIX >};#

*Z AIX O20 Tivoli Access Manager for WebSphere,kjITB8>:

Z 2 B 208>E" 19

1. T root C'G<#




9C,;C'"am#






LDAP C'Do(*:





5. + IBM Tivoli Access Manager Web Security for AIX CD ek CD }/w#

6. 20TBm~|:

installp -acgXd cd_mount_point/usr/sys/inst.images packages

dP cd_mount_point/usr/sys/inst.images G20 CD D?<,packages gB:

PDJ.rte 8( Access Manager Java Runtime Environment m~|#

PDWAS 8( Access Manager for WebLogic Application Server m~|#



Z 3 B, :dC}L;#

Z HP-UX O20


swinstall Z HP-UX O20m~|#

*Z HP-UX O20 Tivoli Access Manager for WebSphere,kjITB=h:

1. T root C'G<#




9C,;C'"am#







LDAP C'Do(*:





5. g{ pfs_mountd M pfsd 4ZKP,rZs(Hst/|G#C pfs_mount |

n20 CD#}g,dkTB|n:

/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom

dP /dev/dsk/c0t0d0 G CD h8,/cd-rom G20c#

6. dkTB|n20 Tivoli Access Manager for WebSphere m~|:

# swinstall -s /cd-rom/hp packages

dP packages gB:

PDJ.rte 8( Access Manager Java Runtime Environment m~|#

PDWAS 8( Access Manager for WebSphere Application Server m~|#


vV;u{",8>VvWNQ-!CI&#m;u{"8>4PWN}**<#

S CD Ob9uD~"20=2LO#vV;u{",8>4PWNQ-!CI&#

Kv swinstall 5CLr#


Z 3 B, :dC}L;#

Z Linux O20


rpm Z Linux O20m~|#

g{zQ-20MdCK Tivoli Access Manager for WebSphere "Rh*XB20|,

rXkWH!{dC">}|#kNDZ 87 3D:S Linux >};#

":0zSeries OD Linux1C':zXkWHS IBM Tivoli Access Manager for Linux

on zSeries CD qCT Linux rpm D~DCJ(#

*Z Linux O20 Tivoli Access Manager for WebSphere,kjITB8>:

1. T root C'G<#




9C,;C'"am#

Z 2 B 208>E" 21






LDAP C'Do(*:





5. 20CZ xSeries r zSeries D IBM Tivoli Access Manager Web Security CD#

6. |DA /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20c,series 8(

xSeries"zSeries"iSeries r pSeries#

7. 20TBm~|:

rpm -ihv packages

dP packages 8(TBZ].;:

Access Manager Java RuntimeEnvironment m~|

Access Manager for WebSphereApplication Server

xSeries OD Linux PDJrte-PD-5.1.0–0.i386.rpm PDWAS-PD-5.1.0–0.i386.rpm

zSeries OD Linux PDJrte-PD-5.1.0–0.i390.rpm PDWAS-PD-5.1.0–0.i390.rpm



Z 3 B, :dC}L;#

Z Windows O20


InstallShield setup.exe 20 Tivoli Access Manager for WebSphere D~#


0|,rXkWH!{dC">}|#kNDZ 86 3D:S Windows >};#

*Z Windows O20MdC Tivoli Access Manager for WebSphere,kjITB8>:

1. T_P Windows \m1X(DC'G<= Windows r#




9C,;C'"am#







LDAP C'Do(*:


PX pdadmin D|`E",kND6IBM Tivoli Access Manager Base \m8

O7#


PX|`E",kND6IBM Tivoli Access Manager for e-business T\w{8

O7#

5. + IBM Tivoli Access Manager Web Security for Windows CD ek CD }/w#

6. 20 Access Manager Java Runtime Environment M Access Manager for WebSphere

Application Server m~|#*jIbnYw,kKP;ZTB?<D setup.exe D

~:

\windows\PolicyDirector\Disk Images\Disk1\setup.exe

T>0!q20oT1T0r#

7. !qk*CZ20DoT,"%w7(#

8. T>06-1T0r#%wB;=TLx#

9. DAmI$-i,g{z,bb)un,r%wG#

10. !qTBm~|"%wB;=:

v Access Manager Java Runtime Environment

v Access Manager for WebSphere Application Server

11. S\1!?DX?<,r%w/@TZ>X53O!qm;v?<D76#g{

C?<;fZ,rzXk7Ok*4(C?<r_8(QfZD?<#

12. %wjIKv20Lr#

13. SB4dC Tivoli Access Manager for WebSphere#PX8>E"k*AZ 25 3

DZ 3 B, :dC}L;#

Z 2 B 208>E" 23

Z 3 B dC}L

Tivoli Access Manager for WebSphere DdC=hy]zGdCZ;v Tivoli Access

Manager for WebSphere 53= Tivoli Access Manager 2+r9GmS=SD Tivoli

Access Manager for WebSphere 53xd/#

?v Tivoli Access Manager for WebSphere 53<G(}9C pdwascfg 5CLrd

C=2+rPD#J2EE &CLrD2+TE"Xk(F= Tivoli Access Manager _T

}]bP#Tivoli Access Manager for WebSphere a)5VKYwD(F5CLr#k

"bb;h*Z_P8(2+_TD EAR D~D J2EE &CLryZD53O4P#

Kb,P;)dC=h;ZdCZ;v Tivoli Access Manager for WebSphere 53=

x(D Tivoli Access Manager 2+r1EGXhD#

LxjITB3;Z:

v :dCu<20;

v Z 36 3D:Z WebSphere Application Server V5.1 73PdC Tivoli Access Manager

for WebSphere;

v Z 38 3D:dC=S20;

dCu<20

>ZhvgNdC Tivoli Access Manager for WebSphere DZ;N20#

Tivoli Access Manager for WebSphere a)KSYdC}LD5CLr#dC=h9C

b)5CLrT0 Tivoli Access Manager \m5CLr pdadmin M WebSphere X

F(#m`=hvZZ;NdC Tivoli Access Manager for WebSphere =X(D Tivoli

Access Manager 2+r1Eh*4P#

dC8>E"ZTB8ZPhv:

v Z 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access Manager

\mC';


v Z 29 3D:Z 3 ?V:dC Access Manager Java Runtime Environment;

v Z 30 3D:Z 4 ?V:Sk2+r;

v Z 31 3D:Z 5 ?V a:(F WebSphere 2+ThC - WebSphere V4.0.6;

v Z 33 3D:Z 5 ?V b:(F WebSphere 2+ThC - WebSphere V5.0.2;

u<dC=2+rPDdC=h\agB<#


kjI>Z|(D?;?VPD8>#

Z 1 ?V:* WebSphere Application Server 4( TivoliAccess Manager \mC'

g{Z WebSphere Application Server PQ-tCK2+T,r&C+ WebSphere

Application Server \mC'<k Tivoli Access Manager TsUd#9C Tivoli Access

Manager |nP5CLr pdadmin r Tivoli Access Manager Web Portal Manager *

WebSphere Application Server <k Tivoli Access Manager \mC'#*S Tivoli Access

Manager |nP5CLr4PKYw:

1. S|nP,T\mC' sec_master m]t/ pdadmin:

pdadmin -a sec_master -p sec_master_password

2. <k WebSphere Application Server \mC'#}g:

pdadmin> user import was_admin_user dn_registry_identifier

9 WebSphere \mC'J'P':

pdadmin> user modify was_admin_user account-valid yes

g{Z WebSphere Application Server PP4tC2+T,rh*4( WebSphere

Application Server \mC'#9C Tivoli Access Manager |nP5CLr pdadminr Tivoli Access Manager Web Portal Manager * WebSphere Application Server 4(

Tivoli Access Manager \mC'#

TB8>E"hvgN9C pdadmin#



2. * WebSphere Application Server 4( Tivoli Access Manager \mC'#}g,T

B8>E"4(BC' wsadmin#TB|nXk,I;v|nPdk:

pdadmin> user create wsadmin cn=wsadmin,o=organization,c=countrywsadmin wsadmin myPassword

+ organization M country D5f;*T LDAP C'"amP'D5#

< 5. Tivoli Access Manager for WebSphere u<20DdCNq#


9C wsadmin J'P':

pdadmin> user modify wsadmin account-valid yes

Z 2 ?V:tC WebSphere 2+T

y]z}Z9CD WebSphere Application Server Df>,jITB3;ZPD=h:

v :Z WebSphere Application Server V4.0.6 PtC2+T;

v :Z WebSphere Application Server V5.0.2 PtC2+T;

tC WebSphere V5.1 2+TD8>E"|,ZZ 36 3D:Z WebSphere Application

Server V5.1 73PdC Tivoli Access Manager for WebSphere;P#

Z WebSphere Application Server V4.0.6 PtC2+T

*Z WebSphere Application Server V4.0.6 PtC2+T:

1. t/ WebSphere \m~qw#

2. Zt/~qws,t/ WebSphere \mM'z#

3. !qXF( → 2+PD#

4. !q#f!n(#!PtC2+Tr#

5. !qO$!n(#

a. !q LTPA#hCTB LTPA hC:

v nF=Z:120

v r:zDr{#}g:

mydomain.ibm.com

b. !P LDAP 4!r#8( LDAP hC:

m 4. LDAP hC

LDAP hC >}5

Security Server ID cn=wsadmin,o=ibm,c=us

Security Server Password myPassword

Host ldapserver.mydomain.ibm.com

Directory Type SecureWay

Base DN o=ibm,c=us

Bind DN cn=root

Bind Password myPassword

c. %w7(#

6. R|%w WebSphere \mr → Zc → wz{

7. !qXBt/#

Z WebSphere Application Server V5.0.2 PtC2+T

*Z WebSphere Application Server V5.0.2 PtC2+T:

1. t/ WebSphere \m~qw:

2. t/~qws,r*\mXF( - http://localhost:9090/admin/

3. TNNC'G<#

4. dC LDAP:

Z 3 B dC}L 27

a. !q2+T → C'"am → LDAP

b. dCTB5:

m 5. LDAP hC

LDAP hC >}5

Server User ID cn=wsadmin,o=ibm,c=us

Server User Password myPassword

Type IBM_Directory_Server

Host ldapserver.mydomain.ibm.com

Port 389

Base DN o=ibm,c=us

Bind DN cn=root

Bind Password myPassword

Search Timeout 120

Reuse connection true

Ignore case true

SSL Enabled false

SSL Configuration cellname/DefaultSSLSettings

c. %w&C#

5. dC LTPA O$:

a. !qO$zF → LTPA

b. hC\kTS\Mb\ LTPA \?#

c. + LTPA ''\?,15hC* 120#

d. Z,;0ZP,7O\kTS\Mb\ LTPA \?#

e. %w&C#

f. SA;W?D=StT?V,!q%;"a(SSO)#

g. tC%;"a#

h. dk%;"a DNS r{#

i. %w&C#

6. dC2+ThC:

a. !q2+T → +V2+T

b. dCTB5:

m 6. 2+ThC

2+ThC >}5

Enabled true

Enforce Java 2 Security false

Use domain qualified user IDs true

Cache timeout 600

Issue permission warning true

Active protocol CSI and SAS

Active authentication mechanism LTPA


m 6. 2+ThC (x)

Active user registry LDAP

c. %w&C#

7. %w#f4S#

8. %w#f4%#f0wdC1#

9. S WebSphere Application Server \mXF("z#

10. XBt/ WebSphere Application Server#

Z 3 ?V:dC Access Manager Java Runtime EnvironmentdC Access Manager Java Runtime Environment T)9k IBM WebSphere Application

Server ;pV"D Java runtime#

":Access Manager Java Runtime Environment G Tivoli Access Manager for WebSphere

DX8m~#

IT9C Access Manager Base dC GUI r_S|nP9C pdjrtecfg |ndC Access

Manager Java Runtime Environment#*S Access Manager Base dC GUI dC Access

Manager Java Runtime Environment:

1. |D?<ATB;C:

v (UNIX)/opt/PolicyDirector/bin

v (Windows)C:\Program Files\Tivoli\Policy Director\bin

2. dkTB|n:

pdconfig

T> Access Manager dCA;,zITSPdC Java runtime#

*S|nPdC Access Manager Java Runtime Environment:

1. i$73d? WAS_HOME QhC* IBM WebSphere Application Server w?<#

2. |D?<ATB;C:

v (UNIX)/opt/PolicyDirector/sbin

v (Windows)C:\Program Files\Tivoli\Policy Director\sbin

3. +TB|n,I;Pdk:

v UNIX

pdjrtecfg -action config-java_home $WAS_HOME/java/jre-host policy_server_host

v Windows

pdjrtecfg -action config-java_home %WAS_HOME%\java\jre-host policy_server_host

":7#Z PATH d?PngvVD java ~xFD~D;CkzT pdjrtecfg !

n -java_home pathname 8(D java ~xFD~;C`%d#

Z 3 B dC}L 29

Z 4 ?V:Sk2+r

jITB=h:


2. c/TBE":

v z#{Cw Tivoli Access Manager for WebSphere &CLrDC'm]DC'J

'{#b)8>E"PD>}|n9Cm] pdpermadmin#z!qDC'{;&C

fZZC'"amP#

v sec_master J'D\k#

v w\ policy server DFczD+^(r{#}g:pdmgrserver.mysubnet.ibm.com

v w\ authorization server DFczD+^(r{#}g:

pdacldserver.mysubnet.ibm.com

v WebSphere 20Dw?<#

3. *+ WAS_HOME 73d?hC* WebSphere Application Server 20?<,k+?<

|D* WebSphere_install_directory/bin "KPTB|n:

UNIX

setupCmdLine.sh

Windows

setupCmdLine.bat

4. Z UNIX =(O,+ PDWAS_HOME 73d?hC* Tivoli Access Manager for

WebSphere 20?<#Z Windows =(O,PDWAS_HOME &CQ-fZZ73P#

UNIX


5. +?<|D*:

v (UNIX)/opt/amwas/sbin

v (Windows)C:\Program Files\Tivoli\amwas\sbin

6. KP pdwascfg 5CLr#9CzZ0f=hPU/DE"4r pdwascfg a)

|nP!n#

":TBD>}|nY(z}Z4(F* pdpermadmin DB Tivoli Access Manager

C'J'#}g:

-remote_acl_user pdpermadmin

9CH0c/DN},+TB|n,I;v|nPdk,y]z}Z9CD

WebSphere Application Server Df>,9C -action configWAS4 r configWAS5N}:

pdwascfg -action configWASversion_number-remote_acl_user pdpermadmin-sec_master_pwd myPassWord-pdmgrd_host fully_qualified_DN_of_the_policy_server_host-pdacld_host fully_qualified_DN_of_the_authorization_server_host-was_home c:\WebSphere\AppServer

":TO|nPD –was_home !nD5vw*>}T>#K5+y]z}ZKP

D WebSphere Application Server Df>M}Z9CD=(x|D#}g,K5

ITG:


WindowsWebSphere Application Server V4.0.6:

c:\WebSphere\AppServer

WebSphere Application Server V5.0.2:

"c:\Program Files\WebSphere\AppServer"

Solaris"Linux M HP-UX/opt/WebSphere/AppServer

AIX /usr/WebSphere/AppServer

pdwascfg 5CLrdC WebSphere Application Server T9C Tivoli Access Manager

for WebSphere w*Z()&L#

":

1. pdwascfg 5CLrv'Vd\mC'4(* sec_master Dr#

2. pdwascfg 5CLrZdyKPD?<O4({* AMWASConfig.log DU>D

~#

7. i$ pdwascfg |nGqI&4(K PdPerm tTD~#

v Solaris"Linux M HP-UX

/opt/WebSphere/AppServer/java/jre/PdPerm.properties

v AIX

/usr/WebSphere/AppServer/java/jre/PdPerm.properties

v Windows

– WebSphere Application Server V4.0.6

C:\WebSphere\AppServer\java\jre\PdPerm.properties


C:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties

":TO76{ICK WebSphere Application Server D1!20?<#g{ZG1

!;CxP20,k`&w{76{#

Z 5 ?V a:(F WebSphere 2+ThC - WebSphereV4.0.6

g{}Z9C WebSphere 5.0.2,kx}b;="Lx4PZ 33 3D:Z 5 ?V b:

(F WebSphere 2+ThC - WebSphere V5.0.2;

b;=+&CLr2+_TS WebSphere admin.ear ?phv{D~(F= Tivoli

Access Manager _T}]b#(F5CLrZ Tivoli Access Manager TsUdP4(

zm WebSphere J4DTs#g{b;?V4jI,z+;\t/ WebSphere#

jITB=h:

1. g{ WebSphere }ZKP,k#9|#

2. 7# WAS_HOME 73d?;hC* WebSphere Application Server 20D;C#TB

>}T>1!;C:

v Solaris"Linux HP-UX

Z 3 B dC}L 31

WAS_HOME=/opt/WebSphere/AppServer

v AIX

WAS_HOME=/usr/WebSphere/AppServer

v Windows

WAS_HOME=C:\WebSphere\AppServer

3. c/TBE",z+h*QCE"8(*(F5CLrDdkN}:

v *(FD EAR D~{F#Znu9C(F5CLr1,Xk(F\m EAR D

~:

– Solaris"Linux M HP-UX

/opt/WebSphere/AppServer/config/admin.ear

– AIX

/usr/WebSphere/AppServer/config/admin.ear

– Windows

C:\WebSphere\AppServer\config\admin.ear

v A PDPerm.properties D~D+76#KD~;Z WebSphere Application Server

20?<BD3v?<#TBPmT>K?vYw53OD1!;C#

":D~;CXkm>*3;J4j6#


file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties

– AIX

file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties

– Windows

file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties

v Tivoli Access Manager \mJ'D{F#&C* sec_master#

v sec_master J'D\k#

v WebSphere \mC'J'D{F#b&CkzTO4(/<kDJ'%d#}g:

wsadmin

v LDAP (P{F(DN)s:,Tivoli Access Manager policy server M WebSphere

Application Server hzdf"C'E"#b&1kz4( wsadmin C'19CD

DN s:`%d#

ZZ 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access

Manager \mC';PT>D>}4(K_PTB DN D wsadmin:

cn=wsadmin,o=ibm,c=us

ZbVivB,DN s:G: o=ibm,c=us

K5&1w* migrateEAR4 5CLrD –d !nDN}xv#

":IT9C pdadmin T>53O wsadmin D DN:

pdadmin> user show wsadmin

4. |D?<A(F5CLrD;C:

v (UNIX)/opt/amwas/bin

v (Windows)C:\Program Files\Tivoli\amwas\bin


5. KP(F5CLr4(F|,Z admin.EAR PD}]#

9CZH0=hPc/DN},Z|na>{&+TBD>,I;v|nPdk:

UNIX

migrateEAR4 -j /opt/WebSphere/AppServer/config/admin.ear-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties

k"b AIX O PdPerm.properties D~D1!;CG:


Windows

migrateEAR4 -j c:\WebSphere\AppServer\config\admin.ear-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties

jI(F1T>4,{"#5CLrDdv+;G<=ZKPK5CLrD?<O

4(DD~ pdwas_migrate.log P#liU>D~T7#*&CLr(FKyP_

T#g{U>D~T>ms,kliO;N"zDBq,|}ms4"XBKP(

F$_#

g{(F;I&,ki$zGq* -c !na)K}7D3;J4j6,"* -j !

na)K}7DD~{#

(F5CLrh*CJ admin.ear#1!ivB,&CLrc`$_|,=0D5`

M(e1(DTD)j<yZ;CD URL }C#rK,iR?phv{ DTD h*

ArXxD,S#g{wz;P,S=rXx,r9C DTD D>X1>#ZbVi

vB,k|B8r>X DTD D?phv{#

/f: 9C Tivoli Access Manager for WebSphere 0,AY+h*YKP;N(

F5CLr#z+h*kT?v}Z#$D&CLrD EAR D~KP|#4PKY

wD8>E";ZZ 43 3DZ 4 B, :(F2+TG+;P#

+ pdwas-admin imS=\m ACLjITB=h,+ pdwas-admin imS=\m ACL:

1. 9C pdadmin + pdwas-admin imS=`&D ACL#+TBD>,I;v|n

dk:

pdadmin> acl modify _WebAppServer_deployedResources_AdminRole_admin_ACLset group pdwas-admin T[WebAppServer]i

2. g{2+r|,`v authorization server,r9C pdadmin 44P server replicate|n,T7#C ACL |D"4|ByP authorization server#

Z 5 ?V b:(F WebSphere 2+ThC - WebSphereV5.0.2

g{z}Z9C WebSphere Application Server 4.0.6,kx}b;=#

b;=+&CLr2+_TS WebSphere adminconsole.ear ?phv{D~(F=

Tivoli Access Manager _T}]b#(F5CLrZ Tivoli Access Manager TsUd

P4(zm WebSphere J4DTs#

Z 3 B dC}L 33

":Tivoli Access Manager for WebSphere ;'V WebSphere Application Server \m

NqD2+T#

jITB=h:

1. g{ WebSphere }ZKP,k#9|#

2. 7#+ WAS_HOME 73d?hC* WebSphere Application Server 20D;C#TB

>}T>1!;C:


WAS_HOME=/opt/WebSphere/AppServer

v AIX

WAS_HOME=/usr/WebSphere/AppServer

v Windows

WAS_HOME=C:\Program Files\WebSphere\AppServer


v *(FD EAR D~{F#Znu9C(F5CLr1,Xk(F\m

EAR"admin-authz.xml M naming-authz.xml:


/opt/WebSphere/AppServer/installedApps/cellname/adminconsole.ear/opt/WebSphere/AppServer/config/cells/cellname/admin-authz.xml/opt/WebSphere/AppServer/config/cells/cellname/naming-authz.xml

– AIX

/usr/WebSphere/AppServer/installedApps/cellname/adminconsole.ear/usr/WebSphere/AppServer/config/cells/cellname/admin-authz.xml/usr/WebSphere/AppServer/config/cells/cellname/naming-authz.xml

– Windows

C:\Program Files\WebSphere\AppServer\installedApps\cellname\adminconsole.earC:\Program Files\WebSphere\AppServer\config\cells\cellname\admin-authz.xmlC:\Program Files\WebSphere\AppServer\config\cells\cellname\naming-authz.xml

v = PDPerm.properties D~D+76#KD~;Z WebSphere Application Server


":D~;CXkm>*3;J4j6#



– AIX


– Windows

file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"


v sec_master J'D\k#

v WebSphere \mC'J'D{F#C{F&CkzZOf4(DJ'%d#}g:

wsadmin



Application Server hzdf"C'E"#b&1kz4( wsadmin C'19CD

DN s:`%d#








4. |D?<A(F5CLrD;C:



5. KP(F5CLr4(F|,ZD~ adminconsole.EAR"admin-authz.xml M

naming-authz.xml PD}]#

9CZH0=hPc/DN},Z|na>{&+TBD>,I;v|ndk:

Solaris"Linux M HP-UX

migrateEAR5–j /opt/WebSphere/AppServer/installedApps/cellname/adminconsole.ear-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties-e adminconsole

migrateEAR5–j /opt/WebSphere/AppServer/config/cells/cellname/admin-authz.xml-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties

migrateEAR5–j /opt/WebSphere/AppServer/config/cells/cellname/naming-authz.xml-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties

AIX

migrateEAR5–j /usr/WebSphere/AppServer/installedApps/cellname/adminconsole.ear-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties-e adminconsole

migrateEAR5–j /usr/WebSphere/AppServer/config/cells/cellname/admin-authz.xml-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties

migrateEAR5–j /opt/WebSphere/AppServer/config/cells/cellname/naming-authz.xml-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties

Windows

migrateEAR5–j "c:\Program Files\WebSphere\AppServer\installedApps\cellname\adminconsole.ear"

Z 3 B dC}L 35

-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"-e adminconsole

migrateEAR5-j "c:\Program Files\WebSphere\AppServer\config\cells\cellname\admin-authz.xml"-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"

migrateEAR5–j "c:\Program Files\WebSphere\AppServer\config\cells\cellname\naming-authz.xml"-a sec_master -p sec_master_password -w wsadmin -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"

jI(F1+T>4,{"#5CLrDdv+;G<=ZKPK5CLrD?<

O4(DD~ pdwas_migrate.log P#liU>D~T7#*&CLr(FKyP

_T#g{U>D~T>ms,kliO;N"zDBq,|}ms4"XBKP

(F$_#

g{(F;I&,ki$zGq* -c !na)K}7D3;J48>w,"* -j

!na)K}7DD~{#

(F5CLrh*CJ adminconsole.ear#1!ivB,&CLrc`$_|,=

0D5`M(e1(DTD)j<yZ;CD URL }C#rK,iR?phv{ DTD

h*ArXxD,S#g{wz;P,S=rXx,r9C DTD D>X1>#Zb

VivB,k|B8r>X DTD D?phv{#

/f: 9C Tivoli Access Manager for WebSphere 0,AY+h*YKP;N(F5

CLr#z+h*kT?v}Z#$D&CLrD EAR D~KP|#4PKYwD8

>E";ZZ 43 3DZ 4 B, :(F2+TG+;P#

Z WebSphere Application Server V5.1 73PdC Tivoli AccessManager for WebSphere

g{T WebSphere Application Server V5.1 20dC Access Manager Java Runtime

Environment r Tivoli Access Manager for WebSphere,r^h20|G#Access Manager

Java Runtime Environment M Tivoli Access Manager for WebSphere <w* WebSphere

Application Server 5.1 m~|D;?Va)#+G,dC=hk WebSphere Dd|f

>;,#k4TBwZPD8>E"Yw,Z WebSphere Application Server V5.1 73

PdC Tivoli Access Manager for WebSphere#


g{ WebSphere \mC'P4fZ,rZ_T(F.0XkZ Tivoli Access Manager

P4(|:

pdadmin -a sec_master -p sec_master_passwordpdadmin> user create was_admin_uid was_admin_user_dnwas_admin_uid was_admin_uid was_admin_pwdpdadmin> user modify was_admin_uid account-valid true


Z 2 ?V:Z WebSphere Application Server V5.1 PtC2+

T

9C Tivoli Access Manager for WebSphere Application Server tC2+TD=hkt

C>zD WebSphere Application Server 2+TD=hj+`,#*G!D*cG:

v Tivoli Access Manager M WebSphere 2m`,DC'"am#rK,h*+

WebSphere dC*k Tivoli Access Manager 9C`,DC'"am#

v Z WebSphere \mXF(PdC LDAP ?<1,h*7#!P+ Tivoli Access

Manager CZJ'_T4!r#

Z 3 ?V:dC Access Manager Java Runtime EnvironmentkN< WebSphere Application Server V5.1 InfoCenter D5PD:dC WebSphere

Application Server T9C Tivoli Access Manager 4O$;;Z,qCXZXhDdC

=hE"#

Z 4 ?V:dC Tivoli Access Manager for WebSphere4PTB=hdC Tivoli Access Manager for WebSphere Tk WebSphere V5.1 ;p

KP#

1. KP;Z WAS_HOME\bin PD setupcmdline E>4hC73#

2. + PDWAS_HOME 73d?hC* WAS_HOME 73d?D5#Z Windows O,

|nG:

set PDWAS_HOME=%WAS_HOME%

3. KP;Z %WAS_HOME%\bin ?<PD pdwascfg E>44PdC#TB>}9C

pdwascfg.bat#TZ UNIX 73,k9C pdwascfg.sh f;KD~:

%WAS_HOME%\bin\pdwascfg.bat -action configWAS5-remote_acl_user remote_ACL_user_name-sec_master_pwd sec_master_pwd -pdmgrd_host TAM_Policy_Server_host-pdacld_host TAM_Authorization_Server_host -was_home WAS_home-amwas_home WAS_home -embedded true -action_type local -verbose true

remote_ACL_user_name T&ZIdC4(DC'#KC'C4k Tivoli Access

Manager ~qwxPyPD(E#bG;v;&1CZNNd|C>DXpC'#

Z 5 ?V:(F\m_T

Z WebSphere Application Server V5.1 P,h*+nbDXF(_T(eD~(F=

Tivoli Access Manager#(F5CLr;Z %WAS_HOME%\bin ?<P#

*(FyPXhD_T(Z Windows O),rh*KPTB|n(,I;P):

UNIX

":Z AIX O,WebSphere D1!;CG /usr/WebSphere/AppServer

migrateEAR5-j /opt/WebSphere/AppServer/installedApps/cellname/adminconsole.ear-a sec_master -p sec_master_pwd-w was_admin_uid -e "adminconsole"-d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties-e adminconsole

migrateEAR5

Z 3 B dC}L 37

-j /opt/WebSphere/AppServer/config/cells/cellname/admin-authz.xml-a sec_master -p sec_master_pwd-w was_admin_uid -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties

migrateEAR5-j /opt/WebSphere/AppServer/config/cells/cellname/naming-authz.xml-a sec_master -p sec_master_pwd-w was_admin_uid -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties

Windows

migrateEAR5-j "c:\Program Files\WebSphere\AppServer\installedApps\cellname\adminconsole.ear-a sec_master -p sec_master_pwd-w was_admin_uid-d "o=ibm,c=us" -c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"-e adminconsole

migrateEAR5-j "c:\Program Files\WebSphere\AppServer\config\cells\cellname\admin-authz.xml"-a sec_master -p sec_master_pwd-w was_admin_uid -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"

migrateEAR5-j "c:\Program Files\WebSphere\AppServer\config\cells\cellname\naming-authz.xml"-a sec_master -p sec_master_pwd-w was_admin_uid -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"

-e !nG(F adminconsole.ear D~yXhD,r* WebSphere Application Server

+Z?pZdX|{K&CLr#

dC=S20

>ZhvgN+=SD Tivoli Access Manager for WebSphere 20dC= Tivoli Access

Manager 2+rP#

>ZD8>E"wKgBYh:

v zQ-I&jIZ 25 3D:dCu<20;PD8>#

(}jITO8>,z+gMQ2+TE"S admin.ear D~(F= Tivoli Access

Manager(g{}Z9C WebSphere Application Server V4.0.6 D0)r_S

adminconsole.ear D~(F= Tivoli Access Manager(g{}Z9C WebSphere

Application Server V5.0.2 D0)#

v zQ-ZH0dCDu<wz53TbD(=S)wz53O20K Tivoli Access

Manager for WebSphere#VZ<8ZC=Swz53OdC Tivoli Access Manager

for WebSphere K#

":}GzH0QjIZ 25 3D:dCu<20;;Z,qr;*9C>ZPD8>

E"#


b)8>E"";hvgNSd| EAR D~P(F2+TE"#ITV*jITNb

d| EAR D~D(FM>ZPDdC8>#XZgN(F EAR D~D|`E",k

NDZ 43 3DZ 4 B, :(F2+TG+;#

dC=h\agB<:

dC=hZTB8ZPhv:

v :Z A-1 ?V:dC Access Manager Java Runtime Environment;

v Z 40 3D:Z A-2 ?V:Sk2+r;

Z A-1 ?V:dC Access Manager Java RuntimeEnvironment

dC Access Manager Java Runtime Environment i~TCJk IBM WebSphere

Application Server ;pV"D Java runtime#

":Access Manager Java Runtime Environment G Tivoli Access Manager for WebSphere

DX8m~#

IT9C Tivoli Access Manager Base dC GUI r_S|nP9C pdjrtecfg |nd

C Access Manager Java Runtime Environment#*S Access Manager Base dC GUI

dC Access Manager Java Runtime Environment:

1. |D?<ATB;C:

v (UNIX)/opt/PolicyDirector/bin

v (Windows)C:\Program Files\Tivoli\Policy Director\bin

2. dkTB|n:

pdconfig

T> Access Manager dCA;,zITSPdC Java runtime#

*S|nPdC Access Manager Java Runtime Environment i~:

1. i$73d? WAS_HOME QhC* IBM WebSphere Application Server w?<#

2. |D?<ATB;C:

v (UNIX)/opt/PolicyDirector/sbin

v (Windows)C:\Program Files\Tivoli\Policy Director\sbin

3. dkTB|n:

v (UNIX)pdjrtecfg -action config -java_home $WAS_HOME/java/jre

< 6. =S Tivoli Access Manager for WebSphere 53DdCNq

Z 3 B dC}L 39

v (Windows)pdjrtecfg -action config -java_home %WAS_HOME%\java\jre

":k7#Z PATH d?PngvVD java ~xFD~D;CkzT pdjrtecfg !

n -java_home pathname 8(D java ~xFD~;C`%d#

Z A-2 ?V:Sk2+r

jITB=h:


2. c/TBE":

v z#{Cw Tivoli Access Manager for WebSphere &CLrDC'm]DC'J

'{#b)8>E"PD>}|n9Cm] pdperm2admin#zIT!qk*DN

N{F#

":ITT Tivoli Access Manager 2+r9CVPDm],rIT4(BDm

]#Zs`}ivB,z+4(;vBD(;m]4zmwz53O10}

ZdCD Tivoli Access Manager for WebSphere i~#

v sec_master J'D\k#

v w\ policy server DFczD+^(r{#}g:pdmgrserver.mysubnet.ibm.com

v w\ authorization server DFczD+^(r{#}g:

pdacldserver.mysubnet.ibm.com

3. *+ WAS_HOME 73d?hC* WebSphere Application Server 20?<,k+?<

|D* WebSphere_install_directory/bin "KPTB|n:

UNIX

setupCmdLine.sh

Windows

setupCmdLine.bat


WebSphere 20?<#Z Windows =(O,PDWAS_HOME &CQ-fZZ73

P#

UNIX


5. +?<|D*:

v UNIX:/opt/amwas/bin

v Windows:C:\Program Files\Tivoli\amwas\sbin

6.

9CH0c/D>}N},+TB|n,I;v|nPdk,y]z}Z9CD

WebSphere Application Server Df>,9C -action configWAS4 r configWAS5N}:

pdwascfg -action configWASversion_number-remote_acl_user pdperm2admin-sec_master_pwd myPassWord-pdmgrd_host pdmgrserver.mysubnet.ibm.com -pdacld_hostpdacldserver.mysubnet.ibm.com-was_home c:\WebSphere\AppServer[-amwas_home location_of_the_amwas_installation]


7. i$ pdwascfg |nGqI&4(K PdPerm tTD~#


/opt/WebSphere/AppServer/java/jre/PdPerm.properties

v AIX


v Windows


C:\WebSphere\AppServer\java\jre\PdPerm.properties


C:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties

":TO76{ICK WebSphere Application Server D1!20?<#g{ZG1

!;CxP20,k`&w{76{#

Z 3 B dC}L 41

Z 4 B (F2+TG+

Tivoli Access Manager for WebSphere a)(F5CLr,C5CLrT/+2+TG

+(e*;* Tivoli Access Manager \#$Ts#G+(eA!T WebSphere &CL

r?phv{,"(F= Tivoli Access Manager \#$TsUd#>BhvgN9C

C5CLr#

wbw}:

v :gN(F2+TG+;

v Z 46 3D:(F5CLrV^T;

v Z 47 3D:JOoO<I;

gN(F2+TG+

gZZ 25 3DZ 3 B, :dC}L;Pyv,b)8>bZjI Tivoli Access Manager

for WebSphere Du<dC.s9C#

*+ J2EE &CLr2+TG+(F= Tivoli Access Manager for WebSphere,kjI

TB=h:

1. i$Z UNIX 53OzGqT root C'rZ Windows 53OT_P\m1X(

DC'G<#

2. (F5CLrh*CJQ-;#$D&CLrD?phv{#1!ivB,&C

Lrc`$_|,=0D5`M(e1(DTD)j<yZ;CD URL }C#r

K,iR?phv{ DTD h*ArXxD,S#g{wz;P,S=rXx,r

9C DTD D>X1>#ZbVivB,k|B8r>X DTD D?phv{#

3. *+ WAS_HOME 73d?hC* WebSphere Application Server 20?<,k+?

<|D* WebSphere_install_directory/bin "KPTB|n:

UNIX

setupCmdLine.sh

Windows

setupCmdLine.bat


WebSphere 20?<#Z Windows =(O,PDWAS_HOME &CQ-fZZ73

P#

UNIX



v *(FD EAR D~{F#}g:


- WebSphere Application Server V4.0.6:

/opt/WebSphere/AppServer/installedApps/secureApp.ear



/opt/WebSphere/AppServer/installedApps/cellname/secureApp.ear

– AIX


/usr/WebSphere/AppServer/installedApps/secureApp.ear


/usr/WebSphere/AppServer/installedApps/cellname/secureApp.ear

– Windows


c:\WebSphere\AppServer\installedApps\secureApp.ear


c:\Program FilesWebSphere\AppServer\installedApps\cellname\secureApp.ear

v PDPerm.properties D~D;C#KD~;Z WebSphere Application Server 2


":D~;CXkm>*3;J48>w#



– AIX


– Windows




file:/c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties


v sec_master J'D\k#

v WebSphere \mC'J'D{F#b&1kzZ Tivoli Access Manager for

WebSphere u<dCZd4(DJ'`%d#}g:

wsadmin


Application Server hzdf"C'E"#b&1kz4( wsadmin C'19C

D DN s:`%d#

Z 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access




K5&1w* migrateEAR 5CLrD –d !nDN}xv#




v &CLrT>{F#ITZ&CLr?p1|D&CLr{F,2ITZTs

(} WebSphere XF(xP|D#+;Z EAR D~P4&K|D#g{;P

^D EAR D~T43B{F,+4(msD\#$Ts#9C -e !n8(Z

WebSphere Application Server XF(OT>D&CLrD{F#

6. 7#_PnBDCZ&CLrD EAR D~#7#K EAR D~_PyPZ{DC

'=G+D3d#g{z;7(yPDG+3dGqfZ,k<v&CLr#

PX<v EAR D~D8>E",kND IBM WebSphere Application Server D5#

7. |D?<A(F5CLrD;C:



8. KP(F5CLr4(F&CLr}]#

9CZ0f=hPc/DN},Z|na>{&+TBZ],I;v|nPd

k:

TZ WebSphere Application Server V4.0.6:

UNIX

migrateEAR4-j /opt/WebSphere/AppServer/installedApps/your_application.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties [-e application_name]



Windows

migrateEAR4 -j \WebSphere\AppServer\installedApps\your_application.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties[-e application_name]

Z 4 B (F2+TG+ 45

TZ WebSphere Application Server V5.0.2:

UNIX

migrateEAR5-j /opt/WebSphere/AppServer/installedApps/cellname/your_application.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties [-e application_name]



Windows

migrateEAR5-j "c:\Program Files\WebSphere\AppServer\installedApps\cellname\your_application.ear"-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties[-e application_name]

jI(F1+T>4,{"#5CLrDdv+;G<=ZKPK5CLrD?

<O4(DD~ pdwas_migrate.log P#liU>D~T7#*&CLr(FKy

P_T#g{U>D~T>ms,kliO;N"zDBq,|}ms4"XB

KP(F$_#

g{(F;I&,ki$z* -c !na)K}7D3;J48>w,"* -j !

na)K}7DD~{#

9. *?v|,Xk(F= Tivoli Access Manager DG+(eDs5i5(EAR)D

~X4H0D=h#

;h*TZ?phv{P;P2+TE"D J2EE &CLrKP(F5CLr#

":TZ?v(;D EAR D~;KP;N(F5CLr#g{3v EAR D~P

`v1>,r;h**?v1><KP(F5CLr#(F5CLrZ?v

Tivoli Access Manager rP;hKP;N#

10. !q4PTBYw.;:

v g{}Z9C WebSphere Application Server Advanced Edition Single Server,

r*AB;=#

v g{;Z9C WebSphere Application Server Single Server Edition,r(FQj

I#;*4PB;=#

11. Tivoli Access Manager for WebSphere k WebSphere Single Server Edition ;p

9C1,Xk9C pdadmin +C'V$mS=(F5CLr4(D ACL P#

:(F5CLrV^T;PhvKmSC'D>} pdadmin |n#

2I4iLLZ 67 3DZ 6 B, :LL:gNtC2+T;PhvDy>&CL

rPD+C'mS= ACL PD=(#kND:+&CLr(F= Tivoli Access

Manager;;ZPD>}|n#

(F5CLrV^T

(F5CLrPTBV^T:


v (F5CLrhF*v+ EAR D~PDG+(F= Tivoli Access Manager \#$

TsUd#;*+K(F5CLrCwG+D,$5CLr#(F EAR D~.s,

k9C Web Portal Manager r pdadmin 5CLr4\mG+#

v (F5CLr;(FZ EAR D~P8(DC'MG+#k7#*zD&CLr9C

nBD EAR D~#

v T EAR D~KPK;N(F5CLrs,(izZ EAR D~|Ds;*YNKP

(F5CLr#14( EAR "(F=\#$TsUd,;sYN(F1,I\"z

TBJb#

– ZZ~Nrsx(F1,g{3;VPG+Q-S EAR >},|+;aS\#$

TsUdP>}#

– ZZ~Nrsx(F1,T EAR D~D|DI\*s(F5CLr8> Tivoli

Access Manager >} ACL (e#ZP)!OP,Tivoli Access Manager I\a

h9bV>}Yw#k"b,+ EAR D~(F= Tivoli Access Manager \#$

TsUda<B4(,S=TsD ACL#g{\m1V$+ ACL (e,S=d

|\#$Ts,Tivoli Access Manager +h9>}K ACL#rK,49Z;NK

P(F5CLr14(D-<Ts;YfZ,ACL 2;a;>}#

v 9C pdadmin 4^DG+#IT9C pdadmin mS=SG+#

v 1k WebSphere Application Server Advanced Edition Single System Edition ;p9

C(F5CLr1,XkV$+C'mS=(F5CLr4(D ACL P#KV^;

0l WebSphere Application Server Advanced Edition#

9C pdadmin +C'mS= ACL#TB>}yZLLDZ 73 3D:Z 8 ?V:

+&CLr(F= Tivoli Access Manager;BZPhvDy>&CLr4T>gN+

C'mS= ACL P#k"b,?v pdadmin |nXk,I;v|nPdk#

c:> pdadmin -a sec_master -p myPasswordpdadmin> acl list(iRT _WebAppServer_deployedResources_GoodGuys_ *7D ACL)

pdadmin> acl modify _WebAppServer_deployedResources_GoodGuys_simpleSessionApp_ACLadd user user1 T[WebAppServer]ipdadmin> acl modify _WebAppServer_deployedResources_GoodGuys_simpleSessionApp_ACLadd user user2 T[WebAppServer]ipdadmin> acl modify _WebAppServer_deployedResources_GoodGuys_simpleSessionApp_ACLadd user user3 T[WebAppServer]ipdadmin> acl modify _WebAppServer_deployedResources_GoodGuys_simpleSessionApp_ACLadd user user4 T[WebAppServer]ipdadmin> exit

JOoO<I

>Z|,TBwb:

v Z 48 3D:9CU>D~;

v Z 48 3D:4,S=Q4(D ACL DC';

v Z 48 3D:(FLD~{D Windows D~'\;

v Z 48 3D:Web Portal Manager ^(+ ACL ,S=Ts;

v Z 48 3D:/fC' [...] G pdwas-admin DI1;

v Z 49 3D:M'zO$ra0=Zx*';

v Z 49 3D:(F5CLrD{";PC}7DoTT>;

Z 4 B (F2+TG+ 47

9CU>D~

ZT(F5CLrDJbxPJOoO1,k9C WebSphere M Tivoli Access Manager

a)DU>D~:

v * Tivoli Access Manager authorization server dCU>G<#ZCJ\#$Ts{

FUdPDTsv='Q1,+ZK&xPG<#k"b,4T Tivoli Access

Manager Z(i~DksyzIDU>E"G<ZK&#2k"b,KU>k

WebSphere U>;,#PX|`E",kND6IBM Tivoli Access Manager Base \

m8O7#

v (F5CLrDn/G<ZD~ pdwas_migrate.log P#CD~;Z(F5CLry

KPD?<#nsDU>{";chvn|(F5CLrT<v24#rK,Zs

`}ivB,|+8>ms"zZ24X=#

4,S=Q4(D ACL DC'

Jb:admin.ear D~}KG+3db,;|,NNC'E"#a{G;PC',S=

Q4(D ACL#

bv=8:9C pdadmin +i pdwas-admin mS= ACL P#+TB|n,I;v

|nPdk:

pdadmin> acl modify _WebAppServer_deployedResources_AdminRole_admin_ACLset group pdwas-admin T[WebAppServer]i

(FLD~{D Windows D~'\

Jb:(F5CLrT|,(KE(~)DD~{;pwC#rK1T<(F Windows

LD~{1+"zJb#

bv=8:X|{KD~{T!T(KE(~)

Web Portal Manager ^(+ ACL ,S=Ts

Jb:Web Portal Manager I\^(+ ACL ,S=Ts{FP|,UqDTs#

d(=(:9C pdadmin ,S ACL 4w*d(=(#

bv=8:g{I\D0,ZKP(F5CLr0,7#?phv{PPvD(eP

;PUq#ki$&CLr{FP;|,Uq#

/fC' [...] G pdwas-admin DI1

Jb:KP(F5CLr1,I\4=;u0/f1{",8vC' wsadmin Gi

pdwas-admin DI1#

bv=8:K/fGbO.PD,R;GvZ2+T?DxT>D#K/fC4+C

'j6* pdwas-admin iD10I1,by\m1M\i$ZbvX*D\miPy

|,DC'PmD<7T#

":IT(} WebSphere \mXF(r Tivoli Access Manager Web Portal Manager 4

|B pdwas-admin iDI1


M'zO$ra0=Zx*'

Jb:Tivoli Access Manager a)1! SSL ,15CZ,S= Tivoli Access Manager

policy server#Z4P(F5CLrZd,}K,151,I\4=TB{":

~qw'%TM'zDO$,I\GIZa0=ZlID#

bv=8:1vVK{"1,9C -t minutes !nYNKP(F5CLr#(F5C

Lr9C 60 VSw*1!5#K5;&1sZZ( API M'zk policy server dD

10 SSL ,1#

IT(}li;Z Tivoli Access Manager dCD~ ivmgrd.conf PD [ssl] ZBD

N} ssl-v3-timeout 47( SSL ,15#ssl-v3-timeout D1!5G 7200 k(120

VS)#hCKK1!5s,k7#I(F5CLr -t j>hCD SSL ,1AYP 60

VS#

PX|`E",kND6IBM Tivoli Access Manager Base \m8O7#

(F5CLrD{";PC}7DoTT>

Jb:Z Windows 53O,4T Tivoli Access Manager for WebSphere (F5CL

rD{"TZ3)oT(}gMwOQ@o)T>;}7#

d(=(:^D DOS Windows tT:

1. Z DOS |na>{&dkTB|n:

MSDOS> chcp 1252

2. S DOS 0ZK%,!qtT#

3. !q Lucida XF(#

k"b,0Lucida XF(1G True Type Ve#

4. !q7(#!qfeOD7(T;+tT&CZ100Z#

5. VZITi4(F5CLrDdvK#

Z 4 B (F2+TG+ 49

Z 5 B \mNq

>B|,TBwb:

v :WebSphere Advanced Edition Single Server V4.0.6;

v Z 52 3D:Tivoli Access Manager \m$_;

v Z 52 3D:8(KP1tT;

v Z 56 3D:rXF(mSTs`;

v Z 55 3D:dC=S authorization server;

v Z 56 3D:GSO we3dhC;

v Z 60 3D:Tivoli Access Manager for WebSphere U>G<;

v Z 62 3D:9C WebSEAL %;"a= WebSphere Application Server;

v Z 64 3D:JOoO<I;

v Z 66 3D:8] Tivoli Access Manager for WebSphere D~;

WebSphere Advanced Edition Single Server V4.0.6IBM WebSphere Application Server a)'V%~qwD Advanced Edition f>#Kf

>G*KCyZwzD2+TxGCb?C'"amKP WebSphere xhFD#

Kf>D WebSphere Application Server TZ*"&CLrM*&CLr("-MT0

]> WebSphere Application Server XwM\&G\PCD#;\S WebSphere XF

(^D53"am#

Tivoli Access Manager 'Vm`b?C'"am`M#1 Tivoli Access Manager k

WebSphere Advanced Edition Single Server ;p9C1,Tivoli Access Manager \m

1Xk*w\ WebSphere D53OD?v`XC'J'4(`1DC'"amn#bb

6EXkZC'"amPV$4(C'(e#

k"b,1C'SYw53u?5q= Tivoli Access Manager C'"am1,Tivoli

Access Manager C'j6(ID)XkkYw53DC'j6`%d#Z Windows 53

O,Kj6;|,r{#

9k"b,Tivoli Access Manager for WebSphere (F5CLrZk WebSphere Advanced

Edition Single Server ;p9C1,;aT/+C'mS=|4(DCJXFm#XkI

\m1V$mSC'#XZ|`E",kNDZ 46 3D:(F5CLrV^T;#

Zzz53P,(i;*+ Tivoli Access Manager for WebSphere k WebSphere

Advanced Edition Single Server ;p9C#

kNDZ 14 3D:C'"amHvu~;#


Tivoli Access Manager \m$_

;*9C WebSphere Application Server XF(^DC'rG+DtT#b)|D;a

43Z Tivoli Access Manager _T}]bP#

C'MG+dCE"DyP\mXk(} Tivoli Access Manager \m$_.;44P:

v pdadmin |nP5CLr

v Tivoli Access Manager Web Portal Manager <NC'gf

Tivoli Access Manager 9a)\m API,I9CK API PF.X4P\mNq#

PX Tivoli Access Manager \m$_D|`E",kNDTB8O:

v PX pdadmin M<NC'gfDE",kND6IBM Tivoli Access Manager Base

\m8O7#

v PX`L API DE",kND IBM Tivoli Access Manager for e-business Administration

C API Developer Reference r IBM Tivoli Access Manager for e-business Administration

Java Classes Developer Reference#

8(KP1tT

Tivoli Access Manager for WebSphere 9C|,dCN}D Java tTD~#tTD~

GZKP pdwascfg 5CLrZd4(D,ITfsCZ^DdCN}#

&CZTB;C4( Java tTD~:

v UNIX:WAS_HOME/etc/PDWAS.properties

v Windows:WAS_HOME\etc\PDWAS.properties

TB8ZhvgN^DtThC:

v :dC2,G+_Y:f;

v :(e2,G+;

v Z 53 3D:dC/,G+_Y:f;

v Z 54 3D:yZG+D_Tr\N};

dC2,G+_Y:f

hC2,G+_Y:f

com.tivoli.pd.as.cache.StaticRoleCache=com.tivoli.pd.as.cache.StaticRleCacheImpl

tC2,G+_Y:f

tCr{C2,G+_Y:f#1!ivB+tC2,G+_Y:f#

com.tivoli.pd.as.cache.EnableStaticRoleCaching=true

(e2,G+

(eZ WebSphere Application Server admin.ear r adminconsole.ear D~(!vZ

}ZKPD WebSphere Df>)P4(eD=S2,G+#

com.tivoli.pd.as.cache.StaticRoleCache.Roles=Administrator,Operator,Monitor,Deployer


" : I T ( } m S T B 2 , G + 4 a _ & C L r D T \ :

CosNamingRead"CosNamingWrite"CosNamingCreate M CosNamingDelete#

dC/,G+_Y:f

b;?VhvKTBhC:

v :hC/,G+_Y:f;

v :tC/,G+_Y:f;

v :8(C'Dns}?;

v :8(wezfZ;

v :8(G+zfZ;

v :8(_Y:fmD}?;

hC/,G+_Y:f

com.tivoli.pd.as.cache.DynamicRoleCache=com.tivoli.pd.as.cache.DynamicRoleCacheImpl

tC/,G+_Y:f

tCr{C/,G+_Y:f#1!ivB+tC/,G+_Y:f#

com.tivoli.pd.as.cache.EnableDynamicRoleCaching=true

8(C'Dns}?

Z4P_Y:fe}.0,K_Y:f'VDnsC'}?#KN}ZtC/,G+

_Y:f19C#1!C'}G 100000#

com.tivoli.pd.as.cache.DynamicRoleCache.MaxUsers=100000

8(wezfZ

weu?f"Z_Y:fD1dN(TVSF)#KN}ZtC/,G+_Y:f19

C#1!1dG 10 VS#

com.tivoli.pd.as.cache.DynamicRoleCache.PrincipalLifeTime=10

K&DuoweG8S(;D LDAP C'5XD Tivoli Access Manager >$#

8(G+zfZ

OzG+0,KG+ZC'DG+PmPf"D1dN(TkF)#KN}ZtC/,

G+_Y:f19C#1!5G 20 k#

com.tivoli.pd.as.cache.DynamicRoleCache.RoleLifetime=20

8(_Y:fmD}?

/,G+_Y:fZ?9CDmD}?#KN}ZtC/,G+_Y:f19C#1

!5G 20#

1Ps?D_L9C_Y:f1,vSC54wZ"E/_Y:fDT\#

com.tivoli.pd.as.cache.DynamicRoleCache.NumBuckets=20

Z 5 B \mNq 53

yZG+D_Tr\N}

yZ Tivoli Access Manager for WebSphere G+D_Tr\N}GI pdwascfg 5C

LrZ Tivoli Access Manager for WebSphere dC1T/hCD#z;+I\ah*

|Db)N}#TBPmhvK?vN}:

v com.tivoli.pd.as.rbpf.AmasSession.AMGroup=amgroup-admin

(eITZ;\CJG+DivBizb)G+D\m1Di{#4(KiC'G

*KozxPG+D\m#1!5* amgroup-admin#

v com.tivoli.pd.as.rbpf.AMAction=i

(F$_M Tivoli Access Manager for WebSphere KP19CKN}4m>C';

Z(CJG+#K5;mS= Tivoli Access Manager ACL P#|TC'MiDG+

4PwCCJ#

v com.tivoli.pd.as.rbpf.AMActionGroup=WebAppServer

KN}I(F$_M Tivoli Access Manager for WebSphere KP19C#|hC*

AMAction tT8(DYwd1]wD Tivoli Access Manager Ywi#

v com.tivoli.pd.as.rbpf.PosRoot=WebAppServer

KN}I(F$_M Tivoli Access Manager for WebSphere KP19C#|CZ7

(G+f"Z\#$TsUdPD;C#

v com.tivoli.pd.as.rbpf.ProductId=deployedResources

KN}I(F$_M Tivoli Access Manager for WebSphere KP19C#|CZ7

(G+f"Z\#$TsUdPD;C#1!5* deployedResources#

v com.tivoli.pd.as.rbpf.ResourceContainerName=Resources

KN};I Tivoli Access Manager for WebSphere 9C,+4G;vXkhCD5#

1!5* Resources#

v com.tivoli.pd.as.rbpf.RoleContainerName=

KN}I Tivoli Access Manager for WebSphere KP19C#|(;f"ZG+]

w{FPDG+#|CZ7(G+f"Z\#$TsUdPD;C#1!5GU

D,T'VTsUdDH0f>M(F$_D105V#TKN}mS5+|DT

sUd<V,"RyPQ(FD&CLr+^(;Z(#

v com.tivoli.pd.as.rbpf.GrantUnprotectedAccess=true

KN};I Tivoli Access Manager for WebSphere 9C,+T;h*hC#1!5

* true#

v com.tivoli.pd.as.rbpf.UseEntitlements=false

Jmr{9f WebSphere Application Server a)D Tivoli Access Manager for

WebSphere 9CZ(~q#hC* true,rXkdCZ(~q"9d&ZKP4,,

yP ACLD XkZdC URL PxPdC#1!5* false#

v com.tivoli.pd.as.rbpf.AmasSession.CfgURL=

KtTD5GyZ WebSphere D;CMKP pdwascfg 5CLr18(D -cfg_url4dCD#

v com.tivoli.pd.as.rbpf.AmasSession.LoggingURL=

file:/c:\WebSphere\AppServer\etc\jlog.properties

KtTD5GyZdC1 Tivoli Access Manager for WebSphere 20D;C4dC

D#

v com.tivoli.pd.as.rbpf.AmasSession.AMName=


K5GZ Tivoli Access Manager for WebSphere dCZdhCD#KP pdwascfg|n1,-remote_acl_user N}P8(DGC'#

dC=S authorization serverTivoli Access Manager 2+rITP!qX|,`v authorization server#dC`v

authorization server I\\PC,bPTB=v-r:

v JO*F\&,Z;v authorization server ;ICDivB

v a_T\,ZCJks?G#s1

ITdC Tivoli Access Manager for WebSphere TCJ`v authorization server#9C

Java ` com.tivoli.pd.jcfg.SvrSslCfg ImS=SD authorization server#|no(

G:

java com.tivoli.pd.jcfg.SvrSslCfg -action addsvr-authsvr host_name:port_number:rank -cfg_file cfg_file

":+TO|n,I;v|nPdk#

m 7. mS authorization server D|nN}

N} hv

–action addsvr +~qwE"mS=&CLr~qwdCD~P#

–authsvr Tivoli Access Manager authorization server#N}q=G:

v host_name

V{.#authorization server Dwz{F

v port_number

{}5#I*5 authorization server DKZ#

v rank

{}5#K authorization server `TZd| authorization server D

EH6#&CLr~qw"Tq!3;CJksDS\r\xv

_1,+WH*5E{O_D authorization server#JO*F4E{

3rxP#

–cfg_file cfg_file &CLr~qw(Tivoli Access Manager for WebSphere)dCD~#

dCD~G PdPerm.properties#k"b,bXkm>I3;J48>

w(URI)#Z1!;C20 WebSphere Application Server 1,+7

6G:



v AIX


v Windows

– WebSphere Application Server V4.0.6:


– WebSphere Application Server V5.0.2:


Z 5 B \mNq 55

rXF(mSTs`

WebSphere Application Server XF(ICZ8(Z WebSphere 73PKPD&CLr

D2+_T#WebSphere Application Server XF(9ITy]f"ZC'?<PD5e

8(d| Web J4D2+_T#

Tivoli Access Manager rC'"ammSTs` accessGroup#Tivoli Access Manager

\m1IT9C pdadmin |nr Web Portal Manager 44(Bi#b)Bi+_P

Ts` accessGroup#

1!ivB,;adC WebSphere Application Server XF(T+` accessGroup DT

s6p*C'"ami#ITdC WebSphere Application Server XF(T+KTs`

mS=zmC'"amiDTs`PmP#

jITB8>:

1. g{ WebSphere Application Server P4KP,rt/|#

2. S WebSphere XF(,CJCZdC2+TD_6hC#TZ WebSphere Application

Server V5.0.2,K%3rG:2+T → C'"am → LDAP → _6 LDAP hC#

3. ^Di}KwVN#mSTBu?:

(objectclass=accessGroup)

}g,i}KwVNDb[+*:

(&(cn=%w)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=accessGroup)))

4. ^DiI1j63dVN#mSTBu?:

accessGroup:member

}g,iI1j63dVNDb[+*:

groupOfNames:member;groupOfUniqueNames:uniqueMember;accessGroup:member

5. 4UXF(D8>,#9"XBt/ WebSphere Application Server#

GSO we3dhC

ITdC Tivoli Access Manager for WebSphere T\mT WebSphere Enterprise

Information Systems(EIS)(g;Z WebSphere Application Server 2+rPD}]b"

Bq&m53M{"SP53)DO$#TZ EIS 2+rDO$G(} Tivoli Access

Manager for WebSphere * J2C J49C GSO we3dw JAAS G<#i45VD#

(CDG<#i+>$ek JAAS we(JAAS Subject),;sJ4JdwIT9CC

wersK EIS O$#9CD JAAS G<#iyZ?v,S$'4dC#we3d#

iD1! WebSphere Application Server 5VS XML dCD~lwC'{M\kE"#

Tivoli Access Manager for WebSphere F}f"Z XML dCD~PD>$,D*9C

Tivoli Access Manager GSO }]b4a) EIS 2+rO$E"#

WebSphere Application Server a)+C'>$E"k EIS J4`X*D1!we3d

#i#1!3d#iGZ WebSphere Application Server \mXF(P(}2+T →


JAAS dC → &CLrG<(eD#3d#i{FG DefaultPrincipalMapping#EIS

2+rDC'j6M\kGI authDataAlias tTZ?v,S$'B(eD#authDataAlias

tT5JO;|,C'{M\k#authDataAlias tT|,;vp{,Kp{8DGZ2

+TdCD5P(eDC'{M\kT#

Tivoli Access Manager we3d#i&m authDataAlias 47(T Tivoli Access Manager

GSO }]b4PiRyhD GSO J4{FMC'{#|kS"amlw GSO }]D

Tivoli Access Manager Policy Server (E#

Tivoli Access Manager f"XZJ4/C'{TyT&D Tivoli Access Manager GSO

}]bDO$E"#

4(BD&CLrG<

*4(9C Tivoli Access Manager GSO }]b4f"G<>$DB&CLrG<:

1. !q2+T → JAAS dC → &CLrG<#%wB(4%4(BD JAAS G<d

C#

2. dkBD&CLrG<Dp{#%w&C#

3. Z=StT?V,%w JAAS G<#i4S4(e JAAS G<#i#

4. %wB("dk JAAS G<#i:

< 7. GSO we3de5a9.

Z 5 B \mNq 57

com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy

%w&C#

5. Z=StT?V,%w(FtT4(eX(ZG<#iD5,b)5;1S+]=

WcG<#i#

6. %wB(#

Tivoli Access Manager we3d#i9CdCV{. authDataAlias S2+TdCP

lw}7DC'{M\k#

+]=#iD authDataAlias G* J2C ConnectionFactory dCD#r* authDataAlias

GZdC1dkDNbV{.,yTI\PTB&C!O:

v authDataAlias ,1|, GSO J4{FMC'{#KV{.Dq=G0J4/C'1

v authDataAlias v|, GSO J4{F#C'{G9C10a0D0wb147(

D#

*9CDV&C!OGI JAAS dC!n7(D#b)!nDj8E"G:

{F: com.tivoli.pd.as.gso.AliasContainsUserName

5:True(g{p{|,C'{),false(g{&CS2+OBDlwC'{)#

(} WebSphere Application Server XF(dk authDataAliases 1,Zc{;T/

$CZp{.0#JAAS dCu?CZ7(KZc{Gq&C>}r_w*J4{F

D;?V|,ZZ#

{F:com.tivoli.pd.as.gso.AliasContainsNodeName

5:True(g{p{|,Zc{)#

7. 9CBmw*<rdk?vBN}#

&C!O 1:

O$}]p{ BackendEIS/eisUser

J4 BackEndEIS

C' eisUser

we3dN}

{F: 5:

delegate com.tivoli.pd.as.gso.AMPrincipalMapper

com.tivoli.pd.as.gso.aliasContainsUserName true

com.tivoli.pd.as.gso.aliasContainsNodeName false

com.tivoli.pd.as.gso.AMLoggingURL file:///<jlog.props.path>

&C!O 2:

O$}]p{ BackendEIS

J4 BackEndEIS

C' 10QO$D WAS C'

we3dN}

{F: 5:


com.tivoli.pd.as.gso.aliasContainsUserName false




&C!O 3:

O$}]p{ nodename/BackendEIS/eisUser

J4 BackEndEIS

C' eisUser

we3dN}

{F: 5:

delegate com.tivoli.pd.as.gso.AMPrincipalMapdelegateper


com.tivoli.pd.as.gso.aliasContainsNodeName true


&C!O 4:


J4 nodename/BackEndEIS("bZc{4}%)

C' eisUser

we3dN}

{F: 5:





&C!O 5:

O$}]p{ nodename/BackendEIS

J4 BackEndEIS

C' 10QO$D WAS C'

we3dN}

{F: 5:



com.tivoli.pd.as.gso.aliasContainsNodeName true


&C!O 6:


J4 nodename/BackendEIS/eisUser("bJ4kO$}]p{`

,)#

C' 10QO$D WAS C'

we3dN}

{F: 5:





Z 5 B \mNq 59

zVZh*4( J2C O$p{#Vdxb)p{u?DC'{M\kG;`XD,r*

Tivoli Access Manager :pa)C'{M\k#+G,h*fZVdx J2C O$p{

DC'{M\k,TcIT*XF(PD J2C ,S$'!q|G#

*4( J2C O$p{,kS WebSphere Application Server XF(!q2+T → J2CO$}],"*?vu?%wB(4%#XZ&C!ODdk,kN<Om#

Xk+h*9C GSO }]bD?vJ4JdwD,S$'dC*9C Tivoli Access

Manager we3d#i#*jIKYw:

1. S WebSphere Application Server XF(,!q&CLr → s5&CLr

2. %w&CLr{F#

3. S?|&CLrj8E"A;W?DJ4Jdw?V,%w,Sw#i4S#

4. %w .rar 4S#

5. Z?|A;W?D=StT?VP,%wJ4Jdw4S#

":J4Jdw;h*k&CLr;pr|#|ITG@"D#TZby;v&C

!O,J4JdwGSJ4 → J4JdwdCD#

6. Z?|A;W?D=StT?VP,%w J2C ,S$'4S#

7. %wB("dk,S$'tT#

GSO we3dw#i@"Zd| Tivoli Access Manager for WebSphere &\#+G,

|75h*Z4P pdwascfg Zd4(;)D~,b)D~G

JAVA_HOME/PdPerm.properties M PDWAS_HOME/etc/jlog.properties#*Z;dC Tivoli

Access Manager for WebSphere DivBdC GSO we3dw#i,h*(}V$w

C SvrSslCfg 44( PdPerm.properties D~,"Rh*+ jlog.properties.template

D~V$4F= jlog.properties#

Tivoli Access Manager for WebSphere U>G<

Tivoli Access Manager for WebSphere {"MzYU>G<D?jG WebSphere

Application Server SystemOut.log D~#CD~;Z $WAS_HOME/logs/cellname ?<

P#

Tivoli Access Manager for WebSphere U>G<k Access Manager Java Runtime

Environment ;y9C JLog U>G<r\#TZ;,D Tivoli Access Manager for

WebSphere i~,IT!qTXtCzYM{"+]#

b)i~DzYM{"G<G(}{* jlog.properties DQ20D~XFD,CD~

IZ $AMWAS_HOME/etc ?<PR=#

KD~DZ]JmC'XF:

v TZ?v Tivoli Access Manager for WebSphere i~,tC9G{CzY#

v TZ?v Tivoli Access Manager for WebSphere i~,tC9G{C{"G<#

jlog.properties D~(e8v0G<w1,?v0G<w1k;vw*D Tivoli Access

Manager for WebSphere i~`X*#b)G<w|(:


AmasRBPFTraceLogger

AmasRBPFMessageLogger

CZ*yZG+D_Tr\G<{"/zY#bG Tivoli

Access Manager for WebSphere CZwCJv(DWcr

\#

AmasCacheTraceLogger

AmasCacheMessageLogger

CZ*yZG+D_Tr\y9CD_T_Y:fG<

{"/zY#

AMWASWebTraceLogger

AMWASWebMessageLogger

CZ* WebSphere Application Server Z(e~G<{"

/zY#TZs`}Jb,&C;h*tCKi~Dz

Y#

b)G<wD5V+{"7I= WebSphere Application Server U>G<S53#yT,

gH0ya=D,yPD{"<;4= WebSphere Application Server ~qwD

SystemOut.log D~P#

TZ?vG<w,jlog.properties D~(e isLogging tT,KtTZ;hC* true

1tCC Tivoli Access Manager for WebSphere i~DU>G<#5* false 1r{

CCi~DU>G<#

jlog.properties (e;F* MessageLogger M TraceLogger D08z1G<w,

b)G<w2P isLogging tT#g{0S1G<w;8(K isLogging tT,r|

G+LPdwTD8zD5#20 Tivoli Access Manager for WebSphere 1,

MessageLogger D isLogging tT;hC* true,TraceLogger D isLogging t

T;hC* false#b5JOb6E*yPi~<tCK{"G<,"*yPi~<{C

KzY#

**t Tivoli Access Manager for WebSphere i~DzY,h*4P=vYw:

1. h*|B jlog.properties D~,"+Z{i~D isLogging tThC* true#

}g,*tC AMWASWeb i~DzY,&C+TBPmS= jlog.properties

P:

baseGroup.AMWASWebTraceLogger.isLogging=true

2. Z WebSphere Application Server XF(P,tC PDWAS i~DzY#*9C

WebSphere Application Server XF(jIbnYw,k4PTB=h:

TZ WebSphere V5

a. Zsr\P%w~qw → &CLr~qw#

b. %w?j~qw#

c. %wU>G<MzY → oOzY#

d. ZzYf6jbB,%w^D#

e. %wi~ → PDWAS "!qyhDzY6p#

f. %w&C#

TZ WebSphere V4

a. Zsr\P%w~qw → &CLr~qw#

b. %w?j~qw#

c. %wU>G<MzYtT → oOzY~q#

d. ZzYf6rP,dkTBZ]:

com.ibm.ws.security.PDWAS=all=enabled

Z 5 B \mNq 61

e. %w&C#

0zYf61VZ&C8wZyh6ptCzY##fdC,"XBt/~qwT9

|Dz'#

9C WebSEAL %;"a= WebSphere Application ServerTivoli Access Manager WebSEAL ITCwzm~qw,TT Tivoli Access Manager

for WebSphere #$D&CLra)CJ\mM%;"a\&#CbyDe5a9,

WebSEAL O$C'"+U/D>$T IV 7Dq=*"x WebSphere Application

Server#WebSphere ENX*9Xw(TAI)9X4T WebSEAL Dks"+nUC'

D{FS iv C' HTTP 7Pi!v4,"+d*"x Tivoli Access Manager for

WebSphere,Tivoli Access Manager for WebSphere 9CCE"9lM'z>$E""

Z(C'#kN< WebSphere Application Server D5qCXZ TAI DE"#

4PTB=h(ZSB4D8ZPPj85w),+ WebSEAL hC* WebSphere

Application Server DO$zm:

v :=h 1 - Z Tivoli Access Manager P4(IEDC'J';

v :=h 2 - 4(= WebSphere Application Server D WebSEAL *a;

v Z 63 3D:=h 3a - 9C TAI * WebSphere Application Server V4.0.6 dC

SSO;rZ 63 3D:=h 3b - 9C TAI * WebSphere Application Server V5.0.2

dC SSO;(!vZz}Z9CDWebSphere Application Serverf>)#

=h 1 - Z Tivoli Access Manager P4(IEDC'J'

TAI DWc2+hs.;GZ WebSphere Application Server ;dC9CD Tivoli Access

Manager C'"amP4(IEDC'J'#bG WebSEAL C4r WebSphere

Application Server j6T:Dj6M\k#*K@91ZD)4,k;*+ sec_master

CwIEDC'J'"7#z9CD\kG(;D#IEDC'J'&CvCZ TAI#

Z Tivoli Access Manager zwO,Z pdadmin |nPOdkTB|n:

pdadmin> user create webseal_userid webseal_userid_DN firstnamesurname passwordpdadmin> user modify webseal_userid account-valid yes

=h 2 - 4(= WebSphere Application Server D

WebSEAL *a

d;IT+ WebSEAL dC*Cd|==+]nUC'j6,+G iv C'7G TAI y

(;'VD#RG(i*aOD(E9C SSL Ta_2+T#gK*ahC SSL *s

zdC WebSphere Application Server y9CD HTTP Server M WebSphere Application

Server >m,TS\k> SSL w?"+|}77I= WebSphere Application Server#

b+|(+X*D)p$i<k WebSEAL $i keystore,9I\*<k HTTP Server

$i keystore#

9C -c iv_user !n4(= WebSphere Application Server D WebSEAL *a#}g

(T;Pdk):

server task webseald-server create -t ssl -c iv_user -B-U user -W password -h host_name junction_name -b supply


":

1. g{T>XZ$iM\?}]bDhC;}7D/f{",k>}C*a,|}\

?}]bDJb"XB4(*a#

2. y]zDhs,*aIT4(* -t tcp r -t ssl#

XZgNdC WebSEAL M WebSphere Application Server .dD*aD|`j8E"

M!n,|(8( WebSEAL ~qwm]Dd|!n,kN<6WebSEAL \m8O7

T0z}CZ WebSphere Application Server D HTTP Server DD5#

=h 3a - 9C TAI * WebSphere Application Server V4.0.6dC SSO

** TAI dC WebSEAL %;"a,k`- TAI dCD~

$WAS_HOME/properties/webseal.properties,"7#hCKTBN}:

v + com.ibm.websphere.security.webseal.loginId hC*Z=h 1 P4(D,;

C'{#

v hostnames M ports N}|, WebSEAL ~qwDwz{MKZ#

v com.ibm.websphere.security.webseal.id G* iv C'7dCD#4:

com.ibm.websphere.security.webseal.id=iv-user

v 7#TB trustedservers.properties }7:

– webseal PZ com.ibm.websphere.security.trustassociation.types P

– WebSeal 9Xw`QhC,4(T;Pdk):

com.ibm.websphere.security.trustassociation.webseal.interceptor=com.ibm.ws.securicty.web.WebSealTrustAssociationInterceptor

– tTD~G}7D,4:

com.ibm.websphere.security.trustassociation.webseal.config=webseal

1. S WebSphere \mXF(,CJO$ → 2+PD,"7#!qtC Web ENX

*#

2. SibwzD~PP,!q default_host ibwz#%wp{rPDmS#dkB

Dp{* *:443

3. XBt/ WebSphere#

=h 3b - 9C TAI * WebSphere Application ServerV5.0.2 dC SSO

WNhC2+T1,h*4PTB=h#

1. Zs_<=feP%w2+T → O$zF → LTPA#

2. %w=StTBDENX*#

3. !qtCENX*4!r#

4. %w=StTBD9Xw#

5. %w com.ibm.ws.security.web.WebSealTrustAssociationInterceptor T9C

WebSEAL 9Xw#K9XwG1!5#

6. %w=StTBD(FtT#

7. %wB(,dktT{M5T#k7#hCKTBN}:

v 7# webseal PZ com.ibm.websphere.security.trustassociation.types P

Z 5 B \mNq 63

v + com.ibm.websphere.security.webseal.loginId hC*Z=h 1 P4(D,

;C'{#

v com.ibm.websphere.security.webseal.id G* iv C'7dCD#4:

com.ibm.websphere.security.webseal.id=iv-user

v com.ibm.websphere.security.webseal.hostnames 8(ks7PyZ{Dwz

{(xVs!4)#}g:

com.ibm.websphere.security.webseal.hostnames=host1

}G com.ibm.websphere.security.webseal.ignoreProxy hC* true,qrb9&C

|(zmwz{(g{PD0)#9C server list pdadmin |nIq!~qw

Pm#

v com.ibm.websphere.security.webseal.ports 8(ks7PyZ{Dwz{yT

&DKZE#}G com.ibm.websphere.security.webseal.ignoreProxy hC* true,

qrb9&C|(zmKZ(g{PD0)#}g:

com.ibm.websphere.security.webseal.ports=80,443

v com.ibm.websphere.security.webseal.ignoreProxy GI!tT,g{hC*

true r yes,rvT IV 7PDzmwz{MKZ#1!ivB,KtThC*

false#

8. %w07(1##fdC""z#XBt/ WebSphere Application Server#

=h 4 - Z WebSEAL PhC SSO \k

`- WebSEAL dCD~ webseal_install_directory/etc/webseald-default.conf,

"(}hCTBN}*Z=h 1 P4(DC'hC SSO \k:

basicauth-dummy-passwd=webseal_userid_passwd

XBt/ WebSEAL#

=h 5 - bT WebSEAL ,S

*7#g WebSEAL *aCJ WebSphere Application Server DYw}7,kG<=

WebSEAL ;N""Tg*aCJ WebSphere Application Server OD\#$Ts#

JOoO<I

>Z|,TBwb:

v :WebSphere ~qwZdCM(Fs;t/ - vTZ WebSphere Application Server

V4.0.6;

v Z 65 3D:WebSphere ~qwZ!{dCs;t/ - vTZ WebSphere Application

Server V4.0.6;

WebSphere ~qwZdCM(Fs;t/ - vTZ WebSphereApplication Server V4.0.6

Jb:ZdC Tivoli Access Manager for WebSphere s,WebSphere Application Server

;at/#

5w:I\P=v-r:


v Z Tivoli Access Manager for WebSphere dCZd,BD\mi pdwas-admin ;P

mS=`&D ACL P#

v Z Tivoli Access Manager for WebSphere dCZd,BD\mi pdwas-admin mS

=K`&D ACL P,+;PTyP authorization server |B ACL#KJb;I\

Z_P`v authorization server D2+rP"z#

bv=8:

P=VI\Dbv=8:

v g{ pdwas-admin ;PmS=`&D ACL P,rVZmS|#kNDZ 31 3D:Z

5 ?V a:(F WebSphere 2+ThC - WebSphere V4.0.6;P+ pdwas-admin

imS=\m ACL D8>E"#

v g{ pdwas-admin Q-mS=K`&D ACL P,"R2+r|,`v authorization

server,R4|B authorization server,rVZ|B|G#kNDZ 31 3D:Z 5 ?

V a:(F WebSphere 2+ThC - WebSphere V4.0.6;P+ pdwas-admin im

S=\m ACL D8>E"#

WebSphere ~qwZ!{dCs;t/ - vTZ WebSphereApplication Server V4.0.6

Jb:Z!{dC Tivoli Access Manager for WebSphere M Access Manager Java

Runtime Environment s,WebSphere Application Server I\^(t/#KJba;1

"z#WebSphere Application Server 4\0k2+T-ww

com.ibm.ejs.security.EJSSecurityCollaborator#

d(=(:{C WebSphere Application Server 2+T"XBt/ WebSphere Application

Server#

1. *AKP DB2 D53#T20 DB2 yCDC'{G<#}g:

# su - db2inst1

+T>;uC({"

2. dkTVeVT>DTB|n,dP was40 G WebSphere V4 }]bD{F:

db2 => connect to was40 user db2inst1* db2inst1 dk10\k:

}]b,SE"}]b~qw = DB2/LINUX 7.2.0SQL Z(j6 = DB2INST1>X}]bp{ = WAS40

db2 => update ejsadmin.securitycfg_table set securityenabled = 0DB20000I SQL |nI&jI

db2 => commitDB20000I SQL |nI&jI

3. t/ WebSphere Application Server#

Z 5 B \mNq 65

8] Tivoli Access Manager for WebSphere D~

T Tivoli Access Manager for WebSphere D~9C8]_TG\CD\mv(,by

ITZt1JOivBV4X*E"#

X|D Tivoli Access Manager for WebSphere D~G:

v ;Z Tivoli Access Manager for WebSphere 20D /etc ?<PD PDWAS.properties

M jlog.properties#

v ;Z WebSphere Application Server 20D /config ?<PD PD_WAS.prop#

*V4 Tivoli Access Manager for WebSphere,&CXB20C&CLr"R+TOD

~4FX Tivoli Access Manager for WebSphere M WebSphere Application Server 2

0OD`&;C#


Z 6 B LL:gNtC2+T

>Ba)K;vLLhvgN*>}&CLrmS2+T#KLLT WebSphere LL*

y!,CLLozzKbPX WebSphere &CLrDc`"dCM?pDwv=f#f

WebSphere LLa)Kw* WebSphere z7D;?Vy|,D>}zk#

z;h*N< WebSphere LL4IT9CK Tivoli Access Manager LL#K Tivoli

Access Manager for WebSphere LLa)K;v&CLr EAR D~,CD~G4U

WebSphere LLD8>E"S WebSphere >}zk9(D#

WebSphere LLIZTBX7Z_iR:


f Tivoli Access Manager for WebSphere ;pa)D>}LrGSTOPvD Web >

cODZ 6.7.1"6.7.2 M 6.7.3 ZPDLL8>E"9(D#>BPDZ]+zfTO

PvD Web >cODZ 6.7.4 ZPDLL#

>B|,TBwZ:

v :LL:CZ Tivoli Access Manager for WebSphere Application Server V4.0.6;

v Z 76 3D:LL:CZ Tivoli Access Manager for WebSphere Application Server

V5.0.2;

LL:CZ Tivoli Access Manager for WebSphere Application ServerV4.0.6

gN9C>LL

>LLrz]>KgNr&CLr EAR D~mS2+T"r LDAP C'"ammS

C'"tC WebSphere 2+T"?p"bTy>&CLr"+&CLr(F= Tivoli

Access Manager"tC Tivoli Access Manager for WebSphere Z(i~T0Z Tivoli

Access Manager BbT&CLr2+T#>LL9rz]>gNTG+xPr%D|

D,;sbTZCJliZdGq\6p|Da{#

b)8>E"Y(fZTBiv:

v Q-20MdCK WebSphere Application Server T9C IBM Directory LDAP ~

qw#

v 9;P* WebSphere tC2+T#

zITZjI Tivoli Access Manager for WebSphere Du<20MdC.0r.sK

PKLL#g{9;P20 Tivoli Access Manager for WebSphere,KLL+8>zN

120#

b)8>E"YhQ-20MdCK Tivoli Access Manager M WebSphere Application

Server,"R|G}Z9C`,D IBM Directory Server C'"am#


g{z9;P20"dC Tivoli Access Manager for WebSphere,rkjITBwZP

D8>:

v :Z 1 ?V:r LDAP C'"ammSC';

v Z 69 3D:Z 2 ?V:20 Tivoli Access Manager for WebSphere;

v Z 69 3D:Z 3 ?V:r WebSphere &CLrmS2+T;


\mC';


v Z 72 3D:Z 6 ?V:?p&CLr;

v Z 73 3D:Z 7 ?V:bTQ?pD&CLrD2+T;

v Z 73 3D:Z 8 ?V:+&CLr(F= Tivoli Access Manager;


v Z 75 3D:Z 10 ?V:|DG+;


g{zQ-jIK Tivoli Access Manager for WebSphere Du<20MdC,r;h

*y]Z 25 3DZ 3 B, :dC}L;PD8>E"jITB?V:


":z;h*4Pb;?VPD=h 2#KNqQZ Tivoli Access Manager for

WebSphere Du<dC}LPjI#


v Z 72 3D:Z 6 ?V:?p&CLr;




v Z 75 3D:Z 10 ?V:|DG+;


Z 1 ?V:r LDAP C'"ammSC'

9C Tivoli Access Manager pdadmin 5CLr4r LDAP C'"ammSzZ0;

?VPywDC'(user1"user2 M user3)#mkmS;v=SC' user4#

>Z]>C4mSC'D+2 pdadmin |n#PXyP pdadmin !nDj{E",

kND6IBM Tivoli Access Manager Base \m8O7#

1. T Tivoli Access Manager \m1G<:

C:> pdadmin -a sec_master -p myPassword

* Tivoli Access Manager 2+rD sec_master J'f;}7D\k#

2. g{Q-20K Tivoli Access Manager for WebSphere "RjIKu<dC,rx

}b;=#*AB;=#

g{z9;P20 Tivoli Access Manager for WebSphere,rk4(;v WebSphere

\mC'#+TB|n,I;v|nPdk:


pdadmin> user create wsadmin cn=wsadmin,o=organization,c=country wsadmin wsadmin myPassword

+ organization M country f;*T LDAP C'"amP'D5#

3. *?vBC'4(C'J'#Vd\k#TB>}T>K>}|n,dP organization

G ibm,country G au,"RyPC'SUD\kG myPassword#

pdadmin> user create user1 cn=user1,o=ibm,c=us user1user1 myPasswordpdadmin> user create user2 cn=user2,o=ibm,c=us user2user2 myPasswordpdadmin> user create user3 cn=user3,o=ibm,c=us user3user3 myPasswordpdadmin> user create user4 cn=user4,o=ibm,c=us user4user4 myPassword

4. tCyPDJ':

pdadmin> user modify wsadmin account-valid yespdadmin> user modify user1 account-valid yespdadmin> user modify user2 account-valid yespdadmin> user modify user3 account-valid yespdadmin> user modify user4 account-valid yes

5. Kv pdadmin 5CLr:

pdadmin> quit

6. 5X WebSphere XF(TtC2+T#Lx4PZ 71 3D:Z 5 ?V:tC

WebSphere 2+T;#

Z 2 ?V:20 Tivoli Access Manager for WebSphereg{zQ-20MdCK Tivoli Access Manager for WebSphere,rx}b;?V#*

AB;?VZ 73 3D:Z 8 ?V:+&CLr(F= Tivoli Access Manager;#

VZ<820MdC Tivoli Access Manager for WebSphere m~#

4Z 11 3DZ 2 B, :208>E";PD8>E"Yw#

Z20K Tivoli Access Manager for WebSphere D~s,jIZ 25 3D:dCu<2

0;PhvDu<dC,TBiv}b:

ZKLLP,zQ-ZZ 68 3D:Z 1 ?V:r LDAP C'"ammSC';P4

(K WebSphere \mC'(wsadmin)#by,Zu<dCZdz;h*4PKYw#r

K,kx}Z 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access

Manager \mC';PD=h 2#

Z 3 ?V:r WebSphere &CLrmS2+T

1. t/ WebSphere &CLrc`$_#%w*< → Lr → IBM WebSphere →Application Server V4.0 AE → &CLrc`$_,rKP

C:\WebSphere\AppServer\bin\assembly

Z06-1A;%w!{#

2. +y>&CLrD~ simpleSession.ear Sdb9uD?j?<4F=

C:\temp\assembly\simpleSession.ear

3. S WebSphere &CLrc`$_r*y>&CLr EAR D~#%wD~ → r*

C:\temp\assembly\simpleSession.ear

Z 6 B LL:gNtC2+T 69

4. R|%w2+TG+#%wB(#

5. !q#f!n(#mS:

{F:GoodGuys

6. !qs(!n(#%wmSC'#

{F:user1

%w7(#

7. X4H0D=h4mSTBC':

{F:user2{F:user3

1mSyPDC's%w7(#

8. 9* EJB #i#9* EBJ11#R|%w=(mI(#!qB(#mS:

{F:MyMethodPermissions

a. =(:%wmS#

v !q>X(*)

v !q6L(*)

%w7(#

b. G+:%wmS#!q GoodGuys#%w7(#

9. 9* Web #i#+w SimpleSessionWar#

a. %w_6!n(#

b. !PG<dCr#

c. 8(Z(=(:y>#

d. 8(r{F:Getting Started

e. %w&C#

10. 9* Web #i#9* SimpleSessionWar#R|%w SecurityConstraints#

!qB(#

a. Z2+T<x{P,dk GoodGuys#

b. G+:

v %wmS#

v !q GoodGuys#

v %w7(#

c. Z+M##P,!q^#

d. %w7(#

11. R|%w Web #i -> SimpleSessionWar -> SecurityConstraints ->GoodGuys -> Web J4/O#

a. !qB(#

b. TZ Web J4{,dk SecureMe#

c. Z HTTP =(P,%wmS#!q GET#%w7(#

d. Z HTTP =(P,%wmS#!q POST#%w7(#

e. Z URL P,%wmS#dk:0/SimpleSession1#%w7(#

f. %w7(#


12. #fbvBD EAR D~#!qD~ -> mf*"dk:

C:\temp\assembly\simpleSessionSecure.ear

13. !qD~ -> zI?pzk#

a. +$w?<hC* C:\temp#

b. %w"4zI#

c. ^}yPms#

14. Kv&CLrc`$_#Lx4PB;ZZ 68 3D:Z 1 ?V:r LDAP C'

"ammSC';#























9 wsadmin J'P':



g{P4tC WebSphere 2+T,r9CZ 27 3D:Z WebSphere Application Server

V4.0.6 PtC2+T;PD8>E"4PKYw#

Z 6 B LL:gNtC2+T 71

Z 6 ?V:?p&CLr

1. i$ WebSphere \m~qwGq}ZKP#

2. t/ WebSphere t/M'z:

C:\websphere\appserver\bin\adminclient

3. TC' wsadmin M\k myPassword G<#

4. !q WebSphere \mr -> s5&CLr#

5. R|%w"!q20s5&CLr#

a. !P20&CLr4%#

b. hC76:

c:\temp\assembly\simpleSessionSecure.ear

c. %wB;=#+vVT0ra>z\xTyP4\#$D=(DCJ#%w

G#

d. %w!q#

e. i$GqQPvyPC'

user1 user2 user3

f. %w7(#

g. VZITZr*D;5PT0rPpv!qB;=#b)T0rDjbVp

G:

v 3dC'=G+

v 3d EJB RunAs G+=C'

v s(s5 Bean = JNDI {F

v 3d EJB }C=J4

v * EJB #i8(1!}]4

v *vp CMP Bean 8(}]4

v * Web #i!qibwz

v !q&CLr~qw

h. Zr*T0rjI&CLr20r<1,%wjI#

i. %wG4zIzk#%w7(#

j. %w7(KvT0r#

6. g{1!~qw}ZKP,rVZM#9|#g{1!~qw;PKP,rLx=

B;v=h#

*#91!~qw:

v !q WebSphere \mr -> Zc -> wz{ -> &CLr~qw -> 1!~q

w

v R|%w1!~qw#

v !q#9#

v %w7(TKvT0r#

7. t/01!~qw1#

v !q WebSphere \mr -> Zc -> wz{ -> &CLr~qw -> 1!~q

w


v R|%w1!~qw#

v !qt/#

v %w7(KvT0r#

8. Kv WebSphere _6\mXF(#

9. Lx4P:Z 7 ?V:bTQ?pD&CLrD2+T;#

Z 7 ?V:bTQ?pD&CLrD2+T

Servlet

1. t/ Web /@w#

2. *=TB URL#CzD53{F4f; hostname:

http://hostname:9080/gettingstarted3/SimpleSession?msg=Test

3. &Ca>zdkC'{M\k#dkTBP'C'{.;:user1 r user2 r

user3,"dk;v^'{F,g user4#dk}7D\k#

z&C4=a{3#Zdk^'{F user4 s,&14=JO3#

4. XBt/ Web /@w#

5. *=,; URL#1a>dkC'{M\k1,kdk^'DC'{r\k#

z&C4=JO3#

VM'z

1. 9C launchclient Lr4t/2+&CLr#Z;PPdkTB|n:

C:> c:\websphere\appserver\bin\launchclientc:\websphere\appserver\installedApps\simpleSessionSecure.ear

2. &1SU=G<a>,*szdkC'{M\k#

3. dkP'C'{M\k#}g,user1#

&C4=8>I&G<DD>#

4. XBt/ Web /@w#

5. 9C launchclient LrTt/2+&CLr,gTO=h 1 y>#1a>dkC

'{M\k1,kdk^'DC'{r\k#

&C4=8>G<vVJODD>#

6. LxxPB;Z#

Z 8 ?V:+&CLr(F= Tivoli Access Managerb)8>E"Y(zQ-jIK Tivoli Access Manager for WebSphere Du<20M

dC,gZ 25 3D:dCu<20;Pyv#u<20MdC|,K admin.ear D~

D(F#

":g{z9;PjI Tivoli Access Manager for WebSphere Du<20MdC,G

4VZjI|#kNDZ 25 3D:dCu<20;PD8>E"#


v *(FD EAR D~{F:


Z 6 B LL:gNtC2+T 73

v PDPerm.properties D~D;C#KD~;Z WebSphere Application Server 2

0?<BD3v?<P#TBPmT>K?vYw53OD1!;C#

":D~;CXkm>*3;J48>w#



– AIX


– Windows



v sec_master J'D\k#


WebSphere u<dCWN4(DJ'`%d#}g:

wsadmin


Application Server yZCs:Bf"C'E"#b&1kz4( wsadmin C'1

9CD DN s:`%d#






":zIT9C pdadmin 4T>53O wsadmin D DN:


2. +?<|DA(F5CLryZD;C:

v (UNIX)/opt/pdwas/bin

v (Windows)C:\Program Files\Tivoli\pdwas\bin



9CzZ0f=hPc/DN},Z|na>{P+TBD>,I;v|nPd

k:

m 8. (F5CLrD|nPwC

UNIX

migrateEAR4 -j /temp/assembly/simpleSessionSecure.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties

k"b AIX OD PdPerm.properties D~D1!;CG:


Windows

migrateEAR4 -j C:\temp\assembly\simpleSessionSecure.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties

( F 5 C L r + d v G < = U > D ~ P # T > U > D ~ { F # } g ,

pdwas_migrate.log#zITliU>D~DZ]Ti$Gq(FKyPG+#

g{;vVU>D~,r(F5CLrv=KJb#g{"zKbViv,ki$

zGq* -c !na)K}7D3;J48>w,"* -j !na)K}7DD~

{#

4. ZjIE>s,kLxB;Z:Z 9 ?V:bTQ?pD&CLrD2+T;#


1. ki$&CLrD2+TGqZpwC#X4Z 73 3D:Z 7 ?V:bTQ?pD

&CLrD2+T;PCZ servlet MVM'zD=h#

2. Zi$K2+Ts,kLxxP:Z 10 ?V:|DG+;#

Z 10 ?V:|DG+

k9C Tivoli Access Manager pdadmin 5CLr,T(}mSC'4|DG+(e#

1. t/ pdadmin:

pdadmin -a sec_master -p myPassword

2. ^D SimpleSession &CLrD ACL TmS user4 D{F#,I;v|nPdk

TB acl modify |n:

pdadmin> acl modify _WebAppServer_deployedResources_GoodGuys_SimpleSessApp_ACLset user user4 T[WebAppServer]i

3. 4F=~qw"KvK5CLr:

pdadmin> server replicatepdadmin> quit

4. LxxPZ 76 3D:Z 11 ?V:bTQ?pD&CLrD2+T;#

Z 6 B LL:gNtC2+T 75




k"bZdkP'C'{1,4ITdk user1"user2"user3 r user4#

2. i$ user4 VZ\qG<#

zVZQ-jI>LL#

LL:CZ Tivoli Access Manager for WebSphere Application ServerV5.0.2

gN9C>LL

>LLrz]>KgN*&CLr EAR D~mS2+T"* LDAP C'"ammS

C'"tC WebSphere 2+T"?p"bTy>&CLr"+&CLr(F= Tivoli

Access Manager"tC Tivoli Access Manager for WebSphere Z(i~T0Z Tivoli

Access Manager BbT&CLr2+T#>LL9]>gNTG+xPr%D|D,;

sbTZCJliZdGq\6p|Da{#

b)8>E"Y(fZTBiv:

v Q-20MdCK WebSphere Application Server T9C IBM Directory Server#

v 9;P* WebSphere tC2+T#

zITZjI Tivoli Access Manager for WebSphere Du<20MdC.0r.sK

PKLL#g{9;P20 Tivoli Access Manager for WebSphere,KLL+8>zN

120#

b)8>E"YhQ-20MdCK Tivoli Access Manager M WebSphere Application

Server,"R|G}Z9C`,D IBM Directory Server C'"am#

g{z9;P20"dC Tivoli Access Manager for WebSphere,rkjITBwZP

D8>:

v Z 77 3D:Z 1 ?V:r LDAP C'"ammSC';

v Z 78 3D:Z 2 ?V:20 Tivoli Access Manager for WebSphere;



\mC';


v Z 80 3D:Z 6 ?V:?p&CLr;




v Z 83 3D:Z 10 ?V:|DG+;



g{zQ-jIK Tivoli Access Manager for WebSphere Du<20MdC,r;h

*y]Z 25 3DZ 3 B, :dC}L;PD8>E"jITB?V:



":z;h*4Pb;?VPD=h 3#KNqQZ Tivoli Access Manager for

WebSphere Du<dC}LPjI#

v Z 80 3D:Z 6 ?V:?p&CLr;




v Z 83 3D:Z 10 ?V:|DG+;


Z 1 ?V:r LDAP C'"ammSC'

9C Tivoli Access Manager pdadmin 5CLr4r LDAP C'"ammSzZ0;

?VPywDC'(user1"user2 M user3)#mkmS;v=SC' user4#

>Z]>C4mSC'D+2 pdadmin |n#PXyP pdadmin !nDj{E",

kND6IBM Tivoli Access Manager Base \m8O7#

1. T Tivoli Access Manager \m1G<:

C:> pdadmin -a sec_master -p myPassword

* Tivoli Access Manager 2+rD sec_master J'f;}7D\k#

2. g{zQ-20K Tivoli Access Manager for WebSphere "RjIKu<dC,r

x}b;=#*AB;=#

g{z9;P20 Tivoli Access Manager for WebSphere,rk4(;v WebSphere

\mC'#+TB|n,I;v|nPdk:

pdadmin> user create wsadmin cn=wsadmin,o=organization,c=country wsadmin wsadmin myPassword


3. *?vBC'4(C'J'#Vd\k#TB>}T>K>}|n,dP organization

G ibm,country G au,"RyPC'SUD\kG myPassword#

pdadmin> user create user1 cn=user1,o=ibm,c=us user1user1 myPasswordpdadmin> user create user2 cn=user2,o=ibm,c=us user2user2 myPasswordpdadmin> user create user3 cn=user3,o=ibm,c=us user3user3 myPasswordpdadmin> user create user4 cn=user4,o=ibm,c=us user4user4 myPassword

4. tCyPDJ':

pdadmin> user modify wsadmin account-valid yespdadmin> user modify user1 account-valid yespdadmin> user modify user2 account-valid yespdadmin> user modify user3 account-valid yespdadmin> user modify user4 account-valid yes

5. Kv pdadmin 5CLr:

Z 6 B LL:gNtC2+T 77

pdadmin> quit

6. 5X WebSphere XF(TtC2+T#LxxPZ 80 3D:Z 5 ?V:tC

WebSphere 2+T;#

Z 2 ?V:20 Tivoli Access Manager for WebSphereg{zQ-20MdCK Tivoli Access Manager for WebSphere,rx}b;?V#*

AB;?VZ 82 3D:Z 8 ?V:+&CLr(F= Tivoli Access Manager;#

VZ<820MdC Tivoli Access Manager for WebSphere m~#

4Z 11 3DZ 2 B, :208>E";PD8>E"Yw#

Z20K Tivoli Access Manager for WebSphere D~s,jIZ 25 3D:dCu<2

0;PhvDu<dC,TBiv}b:

ZKLLP,zQ-ZZ 77 3D:Z 1 ?V:r LDAP C'"ammSC';P4

(K WebSphere \mC'(wsadmin)#byZu<dCZdz;h*4PKYw#r

K,kx}Z 26 3D:Z 1 ?V:* WebSphere Application Server 4( Tivoli Access

Manager \mC';PD=h 2#

Z 3 ?V:r WebSphere &CLrmS2+T

1. +y>&CLrD~ simpleSession.ear S %PDWAS_HOME%\example ?<(CD~

;b9uD;C)4F= C:\temp\assembly\simpleSession.ear

2. t/ WebSphere &CLrc`$_#%w*< -> Lr -> IBM WebSphere ->Application Server V5.0 -> &CLrc`$_rKP

C:\WebSphere\AppServer\bin\assembly

Z06-1A;%w!{#

3. S WebSphere &CLrc`$_,r*y>&CLr EAR D~#%wD~ -> r

* C:\temp\assembly\simpleSession.ear

4. 9* EJB #i#9* EBJ11#R|%w2+TG+#%wB(#mS:

{F:GoodGuys

%w7(#

5. 9* Web #i#9* SimpleSessionWar#R|%w2+TG+#%wB(#m

S:

{F:GoodGuys

%w7(#

6. S%cR|%w2+TG+#!qs(!n(#SC'?V,%wmS#dk

user1#

%w7(#

7. X4H0D=h4mSTBC':

{F:user2{F:user3

1yPC'<QmSs,%w&C#


8. 9* EJB #i#9* EBJ11#R|%w=(mI(#!qB(#%wmS4%"

xk Method Permission_Name: VN:

{F:’MyMethodPermissions’

a . S = ( ? V , % w m S # 9 * S i m p l e s e s s i o n E J B I 0 . j a r M

com_ibm_websphere_gettingstarted_ejbs_SimpleSession_(*)#!qyP=

(#%w7(#

b. SG+?V,%wmS#!q GoodGuys#%w7(#

c. %w7(#

9. 9* Web #i#+w SimpleSessionWar#

a. %w_6!n(#

b. !PG<dCr#

c. 8(Z(=(:y>#

d. 8(r{F:Getting Started

e. %w&C#

10. 9* Web #i#9* SimpleSessionWar#R|%w SecurityConstraints#

%wG(b7OK=h 9)#

11. YN9* Web #i#9* SimpleSessionWar#R|%w SecurityConstraints#

%wG#!qB(#

a. Z2+T<x{P,dk GoodGuys#

b. G+:

v %wmS#

v !q GoodGuys#

c. Z+M##P,!q^#

d. %w7(#

12. R|%w Web #i -> SimpleSessionWar -> SecurityConstraints ->GoodGuys -> Web J4/O#

a. R|%w"!qB(#

b. TZ Web J4{,kdk SecureMe#

c. Z HTTP =(P,%wmS#!q GET#%w7(#

d. Z HTTP =(P,%wmS#!q POST#%w7(#

e. Z URL P,%wmS#dk:0/SimpleSession1#%w7(#

f. %w7(#

13. #fbvBD EAR D~#!qD~ -> mf*"dk:

C:\temp\assembly\simpleSessionSecure.ear

14. !qD~ -> zI?pzk#

a. +$w?<hC* C:\temp#

b. %w"4zI4%#

c. ^}yPms#

d. %wXU4%#

15. Kv&CLrc`$_#LxxPB;ZZ 68 3D:Z 1 ?V:r LDAP C'

"ammSC';#

Z 6 B LL:gNtC2+T 79























9 wsadmin J'P':



g{P4tC WebSphere 2+T,r9CZ 27 3D:Z WebSphere Application Server

V5.0.2 PtC2+T;PD8>E"4PKYw#

Z 6 ?V:?p&CLr

1. 7# WebSphere \m~qw}ZKP#

2. r*\mXF(:http://localhost:9090/admin#

":;)tCK LTPA 2+T,rXk9C FQDN:

http://hostname.domain.com:9090/admin

3. T wsadmin G<#

4. !qs5&CLr,;s!q20BD&CLr


5. %w/@4iR&CLr,4 C:\temp\assembly\simpleSessionSecure.ear#%w

r*#

6. zVZITZT>D;5PA;O!qB;=#b)A;DjbG:

v <8&CLr20,

v Z 1 =:a)4P20D!n,

v Z 2 =:a)4P EJB ?pD!n,

v Z 3 =:a) bean D JNDI {F,

v Z 4 =:+ EJB }C3d= bean,

v Z 5 =:3d Web #iDibwz,

v Z 6 =:+#i3d=&CLr~qw,

v Z 7 =:+2+TG+3d=C'/i,

v Z 8 =:53m]D}79C,

v Z 9 =:**#

%wjIT*<20&CLr#

7. %w#fAwdC4S#

8. %w#f4%,7O#fAwdC#

9. (}!qs5&CLr"iR SimpleSessionApp"!PC4!r"!qt/4%

4t/&CLr#

10. %wt/#


Servlet

1. t/ Web /@w#

2. *ATB URL#CzD53{F4f; hostname:

http://hostname:9080/gettingstarted3/SimpleSession?msg=Test

3. &Ca>zdkC'{M\k#dkTBP'C'{.;:user1 r user2 r

user3,"dk;v;P ACL mI(DP'C'{,g user4#dk}7D\k#

z&C4=|,D>0bT1Da{3#Zdk^'{F user4 s,z&C4=4

Z((403 {C)3f#

4. XBt/ Web /@w#

5. *A,; URL#Za>{&,dk;fZDC'{M\k#

&Ca>zYNG<#

VM'z

1. 9C launchclient Lr4t/2+&CLr#Z;PPdkTB|n:

C:> c:\program files\websphere\appserver\bin\launchclient"c:\program files\websphere\appserver\installedApps\<nodename>\simpleSessionSecure.ear"

2. &1SU=G<a>,*szdkC'{M\k#

3. dkP'C'{M\k#}g,user1#

&C4=8>I&G<DD>#

Z 6 B LL:gNtC2+T 81

4. XBt/ Web /@w#

5. 9C launchclient LrTt/2+&CLr,gTO=h 1 y>#1a>dkC

'{M\k1,kdk^'DC'{r\k#

&C4=8>G<vVJODD>#

6. LxxPB;Z#

Z 8 ?V:+&CLr(F= Tivoli Access Managerb)8>E"Y(zQ-jIK Tivoli Access Manager for WebSphere Du<20M

dC,gZ 25 3D:dCu<20;Pyv#u<20MdC|,K adminconsole.ear

D~D(F#

":g{z9;PjI Tivoli Access Manager for WebSphere Du<20MdC,G

4VZjI|#kNDZ 25 3D:dCu<20;PD8>E"#


v *(FD EAR D~{F:


v PDPerm.properties D~D+76#KD~;Z WebSphere Application Server 2

0?<BD3v?<P#TBPmT>K?vYw53OD1!;C#

":D~;CXkm>*3;J48>w#



– AIX


– Windows



v sec_master J'D\k#


WebSphere u<dCWN4(DJ'`%d#}g:

wsadmin


Application Server yZCs:Bf"C'E"#b&1kz4( wsadmin C'1

9CD DN s:`%d#






":zIT9C pdadmin 4T>53O wsadmin D DN:


2. +?<|DA(F5CLryZD;C:





9CzZ0f=hPc/DN},Z|na>{P+TBD>,I;v|nPd

k:

m 9. (F5CLrD|nPwC

UNIX

migrateEAR5 -j /temp/assembly/simpleSessionSecure.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties



Windows

migrateEAR5.bat -j C:\temp\assembly\simpleSessionSecure.ear-a sec_master -p sec_master_password-w wsadmin -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"

( F 5 C L r + d v G < = U > D ~ P # T > U > D ~ { F # } g ,

pdwas_migrate.log#zITliU>D~DZ]Ti$Gq(FKyPG+#

g{;vVU>D~,r(F5CLrv=KJb#g{"zKbViv,ki$

zGq* -c !na)K}7D3;J48>w,"* -j !na)K}7DD~

{#

4. ZjIE>s,kLxB;Z:Z 9 ?V:bTQ?pD&CLrD2+T;#




2. Zi$K2+Ts,kLxxP:Z 10 ?V:|DG+;#

Z 10 ?V:|DG+

k9C Tivoli Access Manager pdadmin 5CLr,T(}mSC'4|DG+(e#

1. t/ pdadmin:

pdadmin -a sec_master -p myPassword

2. ^D SimpleSession &CLrD ACL TmS user4 D{F#,I;v|nPdk

TB acl modify |n:

pdadmin> acl modify _WebAppServer_deployedResources_GoodGuys_SimpleSessApp_ACLset user user4 T[WebAppServer]i

3. 4F=~qw"KvK5CLr:

pdadmin> server replicatepdadmin> quit

4. LxxPZ 84 3D:Z 11 ?V:bTQ?pD&CLrD2+T;#

Z 6 B LL:gNtC2+T 83




k"bZdkP'C'{1,4ITdk user1"user2"user3 r user4#

2. g{z;\T user4 CJC3f,kH}_Y:f,1r_XBt/ WebSphere

Application Server#

zVZQ-jI>LL#


Z 7 B >}Yw8>E"

(}|DXhDdCD~">}Z(i~4>} Tivoli Access Manager for WebSphere#

(}!{dC Tivoli Access Manager for WebSphere Z(i~*<:

1. TBPC'G<:

v (UNIX)root

v (Windows)_P\m1X(D Windows C'#


3. y]z}ZKPD WebSphere Application Server Df>,9C -actionunconfigWAS4 r unconfigWAS5 N}KP pdwascfg 5CLrT!{dC

Tivoli Access Manager for WebSphere Z(i~:

# pdwascfg -action unconfigversion_number-remote_acl_user user_CN-sec_master_pwd password-was_home home_directory_of_WebSphere_Application_Server-pdmgrd_host policy_server_host_name

-pdacld_host authorization_server_host_hame

PX|nP!nD|`E",kNDZ 89 3D=< A, :|nN<;PD|nN<

3#

*jI>}Yw,k*AzDYw53T&DBZ:

v :S Solaris >};

v Z 86 3D:S Windows >};

v Z 86 3D:S AIX >};

v Z 86 3D:S HP-UX >};

v Z 87 3D:S Linux >};

S Solaris >}

jITB8>:

1. *>} Tivoli Access Manager for WebSphere,kdkTB|n:

# pkgrm PDWAS

vVa>,*sz7O>}y!Dm~|#

2. dkV8 y#

4,{"Pv?v;>}DD~#1 postremove E>KPs,vV;u4,{"8

>I&>}Km~|#Kv pkgrm 5CLr#

3. g{*VZM>}'VD Tivoli Access Manager i~,r9CYw53D>}5C

Lr4>} Tivoli Access Manager authorization server(g{Q-20)"Access

Manager Base Runtime Environment M Access Manager Java Runtime Environment#

PXj{D>}8>E",kND6IBM Tivoli Access Manager Base 208O7#

>} Tivoli Access Manager for WebSphere m~|QjI#


S Windows >}

jITB8>:

1. #9"XBt/ WebSphere Application Server#%wmS/>}Lr<j#

2. !q Access Manager for WebSphere#

3. %w|D/>}#

r*0!q20oT1T0r#

4. !q3VoT"%w7(#

5. !q>}%!4%#%wB;=#

r*07OD~>}1T0r#

6. %w7(#

Tivoli Access Manager for WebSphere D~Q>}#

r*,$jIT0r#

7. %wjI#





>} Tivoli Access Manager for WebSphere QjI#

S AIX >}

9C installp 5CLr4>} Tivoli Access Manager for WebSphere Application Server

AIX m~|#

g{*VZM>}'VD Tivoli Access Manager i~,r9CYw53D>}5CL

r4>} Tivoli Access Manager authorization server(g{Q-20)"Access Manager

Base Runtime Environment M Access Manager Java Runtime Environment#PXj{

D>}8>E",kND6IBM Tivoli Access Manager Base 208O7#

S HP-UX >}

jITB8>:


# swremove PDWAS

vV;5P4,{"#vV4,{",8>VvWNQ-I&#swremove 5CL

rS2L>} Tivoli Access Manager for WebSphere D~#

1>}jI1,swremove 5CLrKv#






Z HP-UX O>} Tivoli Access Manager for WebSphere VZQ-jI#

S Linux >}

jITB8>:


# rpm -e PDWAS-PD

D~Q->}#rpm 5CLrKv#





>} Tivoli Access Manager for WebSphere m~|QjI#

Z 7 B >}Yw8>E" 87

=< A. |nN<


pdwascfgdCr!{dC Tivoli Access Manager for WebSphere Application Server#

o(

pdwascfg –action {configWAS4|configWAS5} –remote_acl_user user

–sec_master_pwd password –was_home was_home_dir –pdmgrd_hostpolicy_server_hostname –pdacld_host authorization_server_hostname[–amwas_homeamwas_install_path] [–pdmgrd_port policy_server_port] [–pdacld_portauthorization_server_port] [–embedded {true|false}] [–action_type {all|local|remote}][–am_domain was_domain] [–cfg_url pdjrte_config_file_URL] [–key_urlpdjrte_keystore_URL ] [–verbose {true|false}]

pdwascfg –action {unconfigWAS4|unconfigWAS5} –remote_acl_user user

–sec_master_pwd password –was_home was_install path –pdmgrd_hostpolicy_server_hostname –pdacld_host authorization_server_hostname

pdwascfg –help [ options]

N}

–action {configWAS4|configWAS5}8(K|n4PDYw#dC Tivoli Access Manager for WebSphere Application

Server#

–action {unconfigWAS4|unconfigWAS5}8(K|n4PDYw#!{dC Tivoli Access Manager for WebSphere Application

Server#

–action_type {all|local|remote}8(yhDdC6p#I\D5P:all"local r remote#local !nv4P>

XzwOyhDdC|D(b6E;P SvrSslCfg)#remote !nv4P6LzwO

yhDdC|D(b6E SvrSslCfg)#C|n1!* all#

–am_domain was_domain

8( Tivoli Access Manager for WebSphere D Tivoli Access Manager r#Tivoli

Access Manager O$~qw(pdacld)XkZCrP,"RCrXkfZZ Tivoli

Access Manager \#$TsUdP#

–amwas_home amwas_install_path

1 Tivoli Access Manager for WebSphere ;Z1!;C201,8( Tivoli Access

M a n a g e r f o r W e b S p h e r e 2 0 D ; C # + K N } k – a c t i o n{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n

;p9C#

":1 Tivoli Access Manager for WebSphere 20Z1!;C1,–amwas_home!n^h;8(* pdwascfg |nD;?V#

–cfg_url pdjrte_config_file_url

8( PDJrte tTD~D;C#g{98(K!n -action_type remote r

-action_type all,rKD~+ZdCZd4("Z!{dCZd>}#


–embedded {true|false}1hC* true 1,8(Kz7k WebSphere ;pr|#1!5* false#

–help [options]Pv|n!n{FMrLDhv#g{8(K;vr`v!n,r|Pv?v!n

MrLDhv#

–key_url pdjrte_keystore_url

8( PDJrte keystore D~D;C#g{98(K!n -action_type remote r

-action_type all,rKD~+ZdCZd4("Z!{dCZd>}#

–pdacld_host authorization_server_hostname

|, Tivoli Access Manager authorization server Dwz{#+KN}k –action{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n

;p9C#

–pdacld_port authorization_server_port

v1 Tivoli Access Manager authorization server DKZEQ-dC*;,Zj<K

Z1,E8(CKZE#+KN}k –action {configWAS4|configWAS5} r

–action {unconfigWAS4|unconfigWAS5} !n;p9C#k"b,g{9CK!

n,r9Xk8( pdmgrd_port#

–pdmgrd_host policy_server_hostname

|, Tivoli Access Manager policy server Dwz{#+KN}k –action{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n

;p9C#

–pdmgrd_port policy_server_port

v1 Tivoli Access Manager policy server DKZEQ-dC*;,Zj<KZ1,

E8(CKZE#+KN}k –action {configWAS4|configWAS5} r –action{unconfigWAS4|unconfigWAS5} !n;p9C#

–remote_acl_user user

8(6L acl C'DC'{#KN}C4k Tivoli Access Manager authorization

server xP SSL ,S#CC';&CfZZ"amP#+KN}k –action{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n

;p9C#

}g:-remote_acl_user pdpermadmin

–sec_master_pwd password

8 ( \ m C ' ( ( # G s e c _ m a s t e r) D \ k # + K N } k – a c t i o n{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n

;p9C#

–verbose {true|false}1hC* true 1tCj8dv;qr{Cj8dv#1!5* false#

–was_home was_home_dir

8( WebSphere Application Server 20Dw?<D+^(76#+KN}k

–action {configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5}!n;p9C#

}g,c:\WebSphere\AppServer

=< A. |nN< 91

"M

Z UNIX 53O,pdwascfg 5CLrw* shell E>5V;Z Windows 53O,w

*z&mD~5V#1CYw config wC1,C5CLrjITBNq:

v dC WebSphere 9C Tivoli Access Manager for WebSphere#

v wC Java ` com.tivoli.mts.SvrSslCfg 4dC Tivoli Access Manager for WebSphere

Z(i~k policy server M authorization server =_.dD SSL (E#

v Zwz53O* Tivoli Access Manager for WebSphere `4(C'm]#

KE>@5Z*X8m~D;CiR}7D73d?#+73d? %WAS_HOME% h

C* WebSphere Application Server 20?<#+ %PDWAS_HOME% hC* Tivoli

Access Manager for WebSphere 20?<D?<;C#pdwascfg |nD~CTB!n

wC Java:

v –Dpdwas.lang.home

|,f Tivoli Access Manager for WebSphere a)D>zoT'VbD?<#b)

b;Z Tivoli Access Manager for WebSphere 20?<BD3vS?<P#}g:

-Dpdwas.lang.home=%PDWAS_HOME%\java\nls

v –Dpdwas.home

Tivoli Access Manager for WebSphere Dw(20)?<#}g:

-Dpdwas.home=%PDWAS_HOME%

":;PZ20 Tivoli Access Manager for WebSphere sr*KBD|n0Z1E

hCK73d?#

v –Dwas.home

WebSphere Application Server Dw(20)?<#}g:

-Dwas.home=%WAS_HOME%

y> Java |n,I pdwascfg 9(:

java -Dpdwas.lang.home=%PDWAS_HOME%\java\nls-Dpdwas.home=%PDWAS_HOME%-Dwas.home=%WAS_HOME%PDWAScfg -action configWAS5-remote_acl_user pdpermadmin-sec_master_pwd myPassword-was_home c:\WebSphere\AppServer-pdmgrd_host pdmgrserver.mysubnet.ibm.com -pdacld_hostpdacldserver.mysubnet.ibm.com

ICT

K|n;ZTB1!20?<:

v UNIX 53:

/opt/amwas/sbin/

v Z Windows 53O:

C:\Program Files\Tivoli\amwas\sbin\

1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD sbin ?<(}

g,install_dir\sbin\)P#


5Xk

I\5XTBKv4,k:

0 |nI&jI#

1 |n'\#

1|n'\1,+T>ms{"#kN< IBM Tivoli Access Manager Error Message

Reference qCXZJbD|j8hv#

=< A. |nN< 93

migrateEAR4+2+_TE"S?phv{(s5i5D~)(F= Tivoli Access Manager for

WebSphere Application Server V4.0.6#

o(

migrateEAR4 –j absolute_pathname_to_application_EAR_file –c URI –a admin_ID –padmin_pwd –w Websphere_admin_ID –d user_registry_domain_suff ix [–rroot_objectspace_name] [–t ssl_timeout] [–eenterprise_application_name]

N}

–a admin_ID

8( Tivoli Access Manager \mC'#K\m1Xk_P4(C'"TsM ACL

yhDX(#}g,-a sec_master#

KN}GI!D#g{;P8(CN},+a>C'ZKP1a)\mC'{#

–c URI

8( pdwascfg 5CLrdCD PdPerm.properties D~D3;J48>w

(URI);C#1 WebSphere Application Server 20Z1!;C1,C URI G:



v AIX


v Windows

– WebSphere Application Server 4:




–d user_registry_domain_suffix

8(C'"am*9CDrs:#}g,TZ LDAP C'"amDrs:gB:

"o=ibm,c=us"

":Windows *srs:(Z}EZ#

–e enterprise_application_name

8(&CLr{F,Tc}7(FdT>{Fkd20{F;,DQ20&CL

r#g{;8(K!n,r5CLr+"T(}9C .ear D~r .xml D~4R

v&CLr{F#

ITZ&CLr?p1|D&CLr{F,2ITZTs(} WebSphere XF(x

P|D#K|D;a43Z EAR D~P#g{;P^D EAR D~T43B{F,

+4(msD\#$Ts#9C –e !n8(Z WebSphere Application Server X

F(OT>D&CLrD{F#

–j absolute_pathname_to_application_EAR_file

8( Java 2 Enterprise Edition &CLri5D~#K!n2IT!w EAR ?<#

}g,-j /tmp/test_application.EAR


–p admin_pwd

8( Tivoli Access Manager \mC'D\k#\mC'Xk_P4(C'"Ts

M ACL yhDX(#}g,zIT+ -a sec_master \mC'D\k8(* -p

myPassword#

KN}GI!D#g{;P8(CN},+a>C'a)\mC'{D\k#

–r root_objectspace_name

8( root TsUd{F,|G+* WebSphere Application Server 4(D\#$T

s{FUdcNa9D root {F#KN}GI!D#root TsUdD1!5G

WebAppServer#

g{9C1!{FTbD{F,r+h*|D PDWAS.properties D~TCJ}7

DTsUd#

Ywi{k root TsUd{F`%d#rK,g{8(K root TsUd{Fr+

T/hCYwi{#

–t ssl_timeout

8( SSL ,1DVS}#KN}CZZ1!,S,1.0O*,S"XB,S

Tivoli Access Manager authorization server k policy server .dD SSL OBDX

5#

1!5G 60 VS#nY* 10 VS#ns5;&1,} Tivoli Access Manager

ssl-v3-timeout 5#ssl-v3-timeout D1!5G 120 VS#

KN}GI!D#g{;l$TC5D\m,zIT2+X9C1!5#

–w WebSphere_admin_ID

+Z WebSphere Application Server 2+TC'"amVNPdCD\mC'{F

8(*\m1#4(r|B Tivoli Access Manager \#$TsUd1h*TKC

'xPCJ#

1\#$TsUdPP4fZ WebSphere \mC'1,+4(r<k|#ZbVi

vB,+*KC'zIfz\k,"R+J'hC* invalid#h*+K\k|D*

Q*D\k"+J'hC* valid#

4(K\#$TsM ACL#+\mC'mS=_PTB ACL tTDi

pdwas-admin P:

v T - izmI(

v i - wCmI(

v WebAppServer - Ywi{F#WebAppServer G1!{F#

k"b,1C –r !nKP(F5CLr1,IT2GKYwi{(M%dD root

TsUd)#

g{}Z(F admin.ear D~,h*+i pdwas-admin mSx admin G+#

"M

K5CLr+2+_TE"S?phv{(s5i5D~)(F= Tivoli Access Manager

for WebSphere#Z UNIX 53O,K5CLrw* shell E>5V;Z Windows 5

3O,w*z&mD~5V#KE>wC Java ` com.tivoli.pdas.migrate.Migrate#

KE>@5Z*X8m~D;CiR}7D73d?#KE>CTB!nwC Java:

=< A. |nN< 95





v –cp %CLASSPATH% com.tivoli.pdwas.migrate.Migrate

Xk* Java 20}7hC CLASSPATH#

Kb,Z Windows O,–j !nM –c !n<IT}Cd? %WAS_HOME% T7(ZN&

20 WebSphere Application Server#KE"CZ:

v 9(s5i5D~D+76{#

v 9( PdPerm.properties D~;CD URI +76{#

ICT

K|n;ZTB1!20?<:

v UNIX 53:

/opt/amwas/bin/

v Z Windows 53O:

C:\Program Files\Tivoli\amwas\bin\

1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}

g,install_dir\bin\)P#

5Xk

I\5XTBKv4,k:

0 |nI&jI#

1 |n'\#




migrateEAR5+2+_TE"S?phv{(s5i5D~)(F= Tivoli Access Manager for

WebSphere Application Server V5.0.2#

o(

migrateEAR5 –j path –c URI –a admin_ID –p admin_pwd –w Websphere_admin_user

–d user_registry_domain_suffix [–r root_objectspace_name] [–t ssl_timeout] [–eenterprise_application_name]

N}

–a admin_ID

8(\mC'j6#\mC'Xk_P4(C'"TsM ACL yhDX(#}

g,-a sec_master#

KN}GI!D#g{;P8(CN},+a>C'ZKP1a)\mC'{#

–c URI

8( pdwascfg 5CLrdCD PdPerm.properties D~D3;J48>w

(URI);C#1 WebSphere Application Server 20Z1!;C1,C URI G:


file:/opt/WebSphere/AppServer/java/jre/PDPerm.properties

v AIX


v Windows





–d user_registry_domain_suffix

8(C'"am*9CDrs:#}g,TZ LDAP C'"amDrs:gB:

"o=ibm,c=us"

":Windows *srs:(Z}EZ#

–e enterprise_application_name

8(&CLr{F,Tc}7(FdT>{Fkd20{F;,DQ20&CL

r#g{;8(K!n,r5CLr+"T(}9C .ear D~r .xml D~4R

v&CLr{F#

ITZ&CLr?p1|D&CLr{F,2ITZTs(} WebSphere XF(x

P|D#K|D;a43Z EAR D~P#g{;P^D EAR D~T43B{F,

+4(msD\#$Ts#9C –e !n8(Z WebSphere Application Server X

F(OT>D&CLrD{F#

–j path

8( Java 2 Enterprise Edition &CLri5D~D+^(76MD~{F#K7

62IT!wQ)9Ds5&CLrD?<#

=< A. |nN< 97

}g,-j /tmp/test_application.EAR

–p admin_pwd

8( Tivoli Access Manager \mC'D\k#\mC'Xk_P4(C'"Ts

M ACL yhDX(#}g,zIT+ -a sec_master \mC'D\k8(* -p

myPassword#

KN}GI!D#g{;P8(CN},+a>C'a)\mC'{D\k#

–r root_objectspace_name

8( root TsUd{F,|G+* WebSphere Application Server 4(D\#$T

s{FUdcNa9D root {F#KN}GI!D#

root TsUdD1!5G WebAppServer#g{9C1!{FTbD{F,r+h*

|D PDWAS.properties D~TCJ}7DTsUd#

Ywi{k root TsUd{F`%d#rK,g{8(K root TsUd{Fr+

T/hCYwi{#

–t ssl_timeout

8( SSL ,1DVS}#KN}CZZ1!,S,1.0O*,S"XB,S

Tivoli Access Manager authorization server k policy server .dD SSL OBDX

5#

1!5G 60 VS#nY* 10 VS#ns5;&1,} Tivoli Access Manager

ssl-v3-timeout 5#ssl-v3-timeout D1!5G 120 VS#

KN}GI!D#g{;l$TC5D\m,zIT2+X9C1!5#

–w WebSphere_admin_user

+Z WebSphere Application Server 2+TC'"amVNPdCDC'{F8(

*\m1#4(r|B Tivoli Access Manager \#$TsUdh*KC'DCJ

mI(#

1\#$TsUdPP4fZ WebSphere \mC'1,+4(r<k|#ZbVi

vB,+*KC'zIfz\k,"R+J'hC* invalid#h*+K\k|D*

Q*D\k"+J'hC* valid#

4(K\#$TsM ACL#+\mC'mS=_PTB ACL tTDi

pdwas-admin P:

v T - izmI(

v i - wCmI(

v WebAppServer - Ywi{F#WebAppServer G1!{F#

k"b,1C –r !nKP(F5CLr1,IT2GKYwi{(M%dD root

TsUd)#

g{}Z(F adminconsole.ear D~,k+i pdwas-admin mSx\m1G+#

"M

K5CLr+2+_TE"S?phv{(s5i5D~)(F= Tivoli Access Manager

for WebSphere#Z UNIX 53O,K5CLrw* shell E>5V;Z Windows 5

3O,w*z&mD~5V#KE>wC Java ` com.tivoli.pdas.migrate.Migrate#

KE>@5Z*X8m~D;CiR}7D73d?#KE>CTB!nwC Java:






v –cp %CLASSPATH% com.tivoli.pdwas.migrate.Migrate

Xk* Java 20}7hC CLASSPATH#

Kb,Z Windows O,–j !nM –c !n<IT}Cd? %WAS_HOME% T7(ZN&

20 WebSphere Application Server#KE"CZ:

v 9(s5i5D~D+76{#

v 9( PdPerm.properties D~;CD URI +76{#

ICT

K|n;ZTB1!20?<:

v UNIX 53:

/opt/amwas/bin/

v Z Windows 53O:

C:\Program Files\Tivoli\amwas\bin\

1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}

g,install_dir\bin\)P#

5Xk

I\5XTBKv4,k:

0 |nI&jI#

1 |n'\#



=< A. |nN< 99

=< B. yw

>E"G*Z@za)Dz7M~q`4D#IBM I\Zd{zRrXx;a)Z>D

5PV[Dz7"~qr&\XT#PXz10yZxrDz7M~qDE",kr

z1XD IBM zmI/#NNT IBM z7"Lrr~qD}C"GbZw>r5>

;\9C IBM Dz7"Lrr~q#;*;V8 IBM D*6z(,NN,H&\D

z7"Lrr~q,<ITzf IBM z7"Lrr~q#+G,@@Mi$NNG

IBM z7"Lrr~q,rIC'TP:p#

IBM +>I\Q5Pr}Zjkk>D5yhvZ]PXDwn({#a)>D5"4

ZhC'9Cb)({DNNmI#zITCif==+mIi/Dy:

IBM Director of Licensing

IBM Corporation

500 Columbus Avenue

Thornwood, NY 10594

U.S.A

PX+VZ(DBCS)E"DmIi/,kkzyZzRrXxD IBM *6z(?E*

5,rCif==+i/Dy:

IBM World Trade Asia Corporation

Licensing

2-31 Roppongi 3-chome, Minato-ku

Tokyo 106, Japan

> u n ; J C " z r N N b y D u n k 1 X ( I ; ; B D z R r X x :

INTERNATIONAL BUSINESS MACHINES CORPORATION 04V41a)>vfo,

;=PNNV`D(^[Gw>D9G5,D)#$,|(+;^Z5,DPXGV

("JzMJCZ3VX(C>D#$#3)zRrXxZ3);WP;Jmb}w

>r5,D#$#rK>unI\;JCZz#

>E"PI\|,<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b

)|D+`k>vfoDBf>P#IBM ITf1T>vfoPhvDz7M/rLr

xPDxM/r|D,x;mP(*#

>E"PTG IBM Web >cDNN}C<;G*K=cp{Ea)D,;TNN==

d1TG) Web >cD#$#G) Web >cPDJO;G IBM z7JOD;?V,

9CG) Web >cx4DgU+IzTPP##

IBM IT4|O*J1DNN==9CrV"zya)DNNE"x^kTzP#NN

pN#

>LrD;mI=g{*KbPXLrDE"To=gB?D:(i)JmZ@"4(

DLrMd{Lr(|(>Lr).dxPE";;,T0(ii)JmTQ-;;DE

"xP`%9C,kkBPX7*5:


IBM Corporation

2Z4A/101

11400 Burnet Road

Austin, TX 78758

USA

;*qXJ1Du~Mun,|(3)iNBD;(}?D6Q,<IqCb=fD

E"#

>JOPhvDmILr0dyPICDmIJOyI IBM @] IBM M'-i"IBM

zJm~mI-irNN,H-iPDuna)#

K&|,DNNT\}]<GZ\X73PbCD#rK,Zd{Yw73PqCD

}]I\aPwTD;,#P)b?I\GZ*"6D53OxPD,rK;#$k

;cIC53OxPDb?a{`,#Kb,P)b?G(}Fcx@FD,5Ja

{I\aPnl#>D5DC'&1i$dX(73DJC}]#

f0G IBM z7DE"ISb)z7D)&L"dvf5wrd{I+*qCDJO

Pq!#IBM ;PTb)z7xPbT,2^(7OdT\D+7T"f]TrNNd

{XZG IBM z7Dyw#PXG IBM z7T\DJb&1rb)z7D)&La

v#

yPXZ IBM 44=rrbrDyw<If1|DrUX,x;mP(*,|Gvv

m>K?jMb8xQ#

>E"P|,ZU#L5YwP9CD}]M(m>}#*K!I\j{X5w|

G,b)>}P|,vK"+>"7FMz7D{F#yPb){F<Gi9D,g

{M5JDL5s59CD{FMX7`F,r?tIO#

f(mI:

>E"|,4oTN=Dy>&CLr,b)y>5w;,Yw=(OD`L=(#

g{G*4UZ`4y>LrDYw=(OD&CLr`-SZ(API)xP&CLr

D*""9C"-zrV"*?D,zITNNN=Tb)y>LrxP4F"^

D"V",x^kr IBM 6Q#b)>}"4ZyPu~Bw+fbT#rK,IBM

;\##r5>b)LrDI?T"I,$Tr&\#C'g{G*K4U IBM &C

Lr`-SZ*""9C"-zrV"&CLr,rITNNN=4F"^DMV"

b)y>Lr,x^kr IBM 6Q#

2b)y>LrD?]=4rdNN?VrNN\zz7,<Xk|(gBf(y

w:

©(s+>D{F)(j)#K?VzkGy] IBM +>Dy>Lr\zv4D#©

Copyright IBM Corp.(dkj])#All rights reserved.

g{z}Tm=4q=i4>E",<,MU+<}I\^(T>#

Lj

TBuoG International Business Machines Corporation Z@zM/rd{zRrXx

DLjr"aLj:


AIX

DB2

IBM

IBM Uj

SecureWay

Tivoli

Tivoli Uj

Microsoft"Windows"Windows NT M Windows UjG Microsoft Corporation Z@z

M/rd{zRrXxDLj#

Java MyPyZ Java DLjMUjG Sun Microsystems, Inc. Z@zMd{zRrX

xDLjr"aLj#

UNIX G The Open Group Z@zMd{zRrXxD"aLj#

d{+>"z7M~q{FI\Gd{+>DLjr~qjG#

=< B. yw 103

Jcm

A

CJXF(access control): ZFcz2+T=f,7

#Fcz53DJ4;\IZ(DC'TZ(D==xP

CJD}L#

CJXFm(access control list,ACL): ZFcz2

+T=f,k3;Ts`X*DPm,|j6yPITC

JCTsDwe0dCJ(#}g,CJXFmGk;v

D~`X*DPm,|j6ITCJD~DC'"j6C

'TCD~DCJ(#

CJmI((access permission): JCZ{vTsD

CJX(#

Yw(action): ;VCJXFm(ACL)mI(tT#

m{CJXFm(access control list,ACL)#

ACL: kNDCJXFm(access control list)#

\m~q(administration service): ;VZ( API K

P1e~,IC4Z Tivoli Access Manager J4\mw&

CLrO4P\mks#\m~q+l& pdadmin |n"

vD6Lks,T4PngZ\#$TswPPvX(Z

c B D T s . ` D N q # M ' I T 9 C Z (

ADK(Authorization ADK)*"b)~q#

tTPm(attribute list): |,CZxPZ(v_D)

9E"D4m#tTPmGI;i{F = 5TiID#

O$(authentication): (1) ZFcz2+T=f,TC

'm]rC'CJTsDJqxPi$# (2) ZFcz2+

T=f,i${";P;|DrY5# (3) ZFcz2+T

=f,CZi$E"53r\#$J4DC'D}L#m

{`rSO$(multi-factor authentication)"yZxgDO

$(network-based authentication)T0]}=O$(step-up

authentication)#

Z(,(^(authorization): (1) ZFcz2+T=f,

ZhC'kFcz53(Er9CFcz53D(^# (2)

Z(C'j+r\^CJ3vTs"J4r&\D}L#

Z(fr(authorization rule): kNDfr(rule)#

Z(~qe~(authorization service plug-in): ;V

/,I0kb(DLL r2mb),ITI Tivoli Access

Manager Z( API KP1M'zZu</WN0k,T4

PZZ( API P)9~qSZDYw#10ICD~qS

Z|(\m"b?Z(">$^D"Z(M PAC YwS

Z#M'IT9CZ( ADK *"b)~q#

B

BA: kNDy>O$(basic authentication)#

y>O$(basic authentication): ;VO$=(,*

sC'dkP'C'{M\ksEZ(CJ2+*zJ

4#

s((bind): +3vj6kLrPDm;vTs`X

*;}g,+j6k5"X7rm;vj6`X*,rX

*N=N}M5JN}#

blade: ;vi~,|a)X(Z&CLrD~qMi~#

5qZ((business entitlement): C'>$D9dt

T,CtThvICZTJ4DksZ(D+8u~#

C

CA: kNDO$PD(certificate authority)#

C D A S : k N D g r O $ ~ q ( C r o s s D o m a i n

Authentication Service)#

CDMF: kNDgr3dr$Cross Domain Mapping

Framework)#

$i(certificate): ZFcz2+T=f,++C\?k

$iyP_Dm]s(,Sx9$iyP_IC=O$D

;V}VD5#IO$PD)"D;V$i#

O$PD(certificate authority,CA): )"$iDi

/#O$PDO$$iyP_Dm]0Z(CyP_9C

D~q,)"BD$i,x)VPD$i,"7z;Yq

Z(9CDC'ytD$i#

CGI: kND+2xXSZ(common gateway interface)#

\k(cipher): ZC\?*;*wD}](Qb$.

0;IA!DS\}]#

+2xXSZ(common gateway interface,CGI): (

eE>DrXxj<,KE>(} HTTP ksS Web ~

qwr&CLr+ME",4.`;#CGI E>G;VC

ng PERL .`DE>`FoT`4D CGI Lr#

dC(configuration): (1) E"&m53D2~Mm~

Di/M%,==# (2) iI53"S53rxgDzw"

h8MLr#


,S(connection): (1) Z}](EP,*+dE"x

Z&\%*.d("DX*# (2) Z TCP/IP P,=v-

i&CLr.dD76,C76a)I?D}]w+d~

q#ZrXxP,I;v53OD TCP &CLr)9=m

;v53OD TCP &CLrD,S# (3) Z53(EP,

IC4Z=v53.dr53kh8.d+]}]D_

7#

]wTs(container object): ;V+TsUdi/*

wv&\xrDa9m>#

cookie: ~qwf"ZM'zO"Zsxa0ZdCJD

E"#Cookie 9~qw\G!PXM'zDX(E"#

>$(credentials): ZO$WNq!Dj8E",CE

"hvC'"NNiX*Md|PX2+TDm]tT#

IT9C>$44P`V~q,}gZ("sFM/P#

>$^)~q(credentials modification service): ;

VIC4^D Tivoli Access Manager >$DZ( API K

P1e~#IM'b?*"D>$^)~qy\4PDY

w^ZT>$tTPmxPmSM>},"R;\TG)

;O*I^DDtTxPYw#

grO$~q(cross domain authent ica t ionservice,CDAS): a)2mbzFD WebSEAL ~q,

C~qJmzC;vr WebSEAL 5X Tivoli Access

Manager m]D(F}Lf;1!D WebSEAL O$z

F#m{ WebSEAL#

gr3dr\(cross domain mappingframework,CDMF): ;V`LSZ,Jm*"_Z9

C WebSEAL gSgE SSO &\1(FC'm]D3d

T0C'tTD&m#

D

X$Lr(daemon): ^KU\KPDLr,|4P,

xDr\ZD536Nq,gxgXF#3)X$LrT

/%"T4PdNq;d|X$Lrr(ZKw#

?<#=(directory schema): IZ?<PT>DP'

tT`MMTs`#tT`MMTs`(etT5Do

(,D)tTXkfZT0D)tTXkTC?<fZ#

(P{F(distinguished name,DN): (;j6?<

P3vu?D{F#(P{FI attribute:value TiI,C

:EVt#

}V){(digital signature): ZgSLqP,mS=

}]%*rw*}]%*DS\*;D}],|Jm}]

%*SU=i$%*D4Mj{T,"6pI\D1l)

{#

DN: kND(P{F(distinguished name)#

r(domain): (1) 2m+2~qR(#p=+2wCD

C'"53MJ4D_-Vi# (2) +2XF}]&mJ4

DFczxgD;?V#m{r{(domain name)#

r{(domain name): rXx-i/ZDwz53D{

F#r{I;5PT(gV{VtDS{FiI#}g,

g { w z 5 3 D + ^ ( r { ( F Q D N ) G

as400.rchland.vnet.ibm.com,rTB?v{F<Gr{:

as400.rchland.vnet.ibm.com"vnet.ibm.com"ibm.com#

E

EAS: kNDb?Z(~q(External Authorization

Service)#

S\(encryption): ZFcz2+T=f,+}]*;

*;I6pN=D}L,-}bV*;s,*4^(qC

-<}],*4;P9Cb\}LE\qC-<}]#

Z((entitlement): |,_e/D2+_TE"D}]

a9#Z(|,TX(&CLry\mbD=(xPq=

/D_T}]r\&#

Z(~q(entitlement service): ;VICZSwer

u~/Db?45XZ(DZ( API KP1e~#Z((

#GX(Z&CLrD}],|+IJ4\mw&CLr

T3V==9C,rmSxweD>$TZZ(}LPx

;=9C#M'IT9CZ( ADK *"b)~q#

b?Z(~q(external authorization service): ;V

Z( API KP1e~,IC49X(Z&CLrr73D

Z(v_I* Tivoli Access Manager Z(v_4D;?

V#M'IT9CZ( ADK *"b)~q#

F

D~+M-i(file transfer protocol,FTP): ZrX

x-i/Z,9C+dXF-i(TCP)M Telnet ~qZ

zwrwzd+dz?}]D~D&Cc-i#

G

+V"a(global signon,GSO): ;VinD%;"

abv=8,9C'\rsK Web &CLr~qwa)8

CC'{M\k#+V"a+Z(C'CJ(}%NG<

yZ({G9CDFcJ4#GSO G*Il9"V<=F

c73Z`v53M&CLriIDss5xhFD,|

^hC'\m`vC'{M\k#m{%;"a(single

signon)#

GSO: kND+V"a(global signon)#


H

wz(host): ,S=3vxg(}grXxr SNA x

g)"rCxga)CJcDFcz#y]73D;,,

wz2I\a)xgD/P=XF#wzITGM'z"

~qwr,1d1M'zM~qw#

HTTP: kND,D>+d-i(Hypertext Transfer

Protocol)#

, D > + d - i ( h y p e r t e x t t r a n s f e rprotocol,HTTP): ZrXx-i/Z,CZ+dMT>

,D>D5D-i#

I

xJ-i(Internet protocol,IP): ZrXx-i/

Z,(}xgr%,xg7I}]D^,S-i,|d1

O_-icMomxg.dDPi#

rXx-i/(Internet suite of protocols): *Zr

XxO9Cx*"D-i/,K-i/GIrXx$LN

q i / ( I E T F ) w * k s @ [ ( R e q u e s t s f o r

Comments,RFC)"<D#

xLd(E(interprocess communication,IPC): (1)

Lrd%`+M}]",=dn/yhzDxL#Ej"

EEMZ?{"SPGxLd(ED#{=(# (2) ;VY

w53zF,JmwxLZ,;FczZ?rZxgO%

`(E#

IP: kNDxJ-i(Internet Protocol)#

IPC: kNDxLd(E(Interprocess Communication)#

J

*a(junction): 0K WebSEAL ~qwMsK Web

&CLr~qw.dD HTTP r HTTPS ,S#WebSEAL

9C*a4zmsK~qwa)#$~q#

K

\?(key): ZFcz2+T=f,k\kc(;pC4

S\rb\}]D{ErP#kND(C\?(private

key)M+C\?(public key)#

\?}]bD~(key database file): kND\?7

(key ring)#

\?D~(key file): kND\?7(key ring)#

\?T(key pair): ZFcz2+T=f,8;v+C

\?M;v(C\?#Z9C\?TxPS\1,"M=

9C+C\?S\{",xSU=9C(C\?b\{

"#Z9C\?TxP){1,)p_9C(C\?S\

{"Dmo,SU=9C+C\?4b\{"DmoTx

P){i$#

\?7(key ring): ZFcz2+T=f,|,+C\

?"(C\?"IEyM$iDD~#

L

LDAP: kNDa?6?<CJ-i(Lightweight Directory

Access Protocol)#

a?6?<CJ-i(lightweight directory accessprotocol,LDAP): ;V*E-i,C-i(a)9C

TCP/IP 4a)T'V X.500 #MD?<DCJ,T0

(b);a}"T|4SD X.500 ?<CJ-i(DAP)D

J4*s#9C LDAP D&CLr(F*tC?<D&C

Lr)IT9C?<w*+2}]f"w"C4lwPX

vKr~qDE",}ggSJ~X7"+C\?rX(

Z~qDdCN}#LDAP nuZ RFC 1777 P8(#

LDAP V3 Z RFC 2251 P8(,IETF LxB&Zd|j

<&\#ITZ RFC 2256 PR=;) IETF (eD

LDAP j<#=#

a?6Z}=O$(lightweight third partyauthentication,LTPA): ;VO$r\,JmZtZ3

vrXxrD;i Web ~qwZxP%;"a#

LTPA: kNDa?6Z}=O$(lightweight third party

authentication)#

M

\mr(management domain): 1!r,dP Tivoli

Access Manager ?F4PO$"Z(MCJXFD2+_

T#Cr4(ZdC policy server 1#m{r(domain)#

\m~qw(management server): QOz#kND

policy server#

*}](metadata): hvf"}]DXwD}]#

(F(migration): LrDBf>r"PfD20,Tz

fOgDf>r"Pf#

`rSO$(multi-factor authentication): ?FC'

9 C ~ 6 r ` 6 O $ x P O $ D \ # $ T s _ T

(POP)#}g,T\#$J4DCJXFIT*sC'

TC'{/\kMC'{/nF(Pzkb=_xPO

$#m{\#$Ts_T(protected object policy)#

Jcm 107

`74CzmLr(multiplexing proxy agent,MPA):

Jm`M'zCJD;VxX#b)xXP1F*^_C

J-i(WAP)xX,K1M'z9C WAP CJ2+

r#xX("(r4~qwD%vO$(@,"(}K(

@dMyPM'zksMl&#

N

yZxgDO$(network-based authentication): y

]C'DxJ-i(IP)X7XFCJTsD\#$Ts

_T(POP)#m{\#$Ts_T(protected object

policy)#

P

PAC: kNDX(tT$i(pr i v i l ege a t t r i bu t e

certificate)#

mI((permission): CJ\#$Ts(}gD~r?

<)D\&#TsmI(D}?M,eGICJXFm

(ACL)(eD#m{CJXFm(access control list)#

_T(policy): &CZ\\J4Dfr/#

policy server: ,$PX2+rPd|~qwD;CE"

D Tivoli Access Manager ~qw#

V/(polling): ;vxL,(}KxLI(Z/J}]

b,T7(Gqh*+M}]#

POP: kND\#$Ts_T(protected object policy)#

E'x>(portal): y]X(C'DCJmI(,/,

zIX(C'ICD Web J4(}g4S"Z]r~q)

D(FPmD[O Web >c#

X(tT$i(privilege attribute certificate): |,

weDO$MZ(tTT0we\&D}VD5#

X(tT$i~q(privilege attribute certificateservice): +$(q=D PAC *;* Tivoli Access

Manager >$(4.`;)D;VZ( API KP1M'z

e~#b)~q2ITCZ*+d=2+rDd|I1x

T Tivoli Access Manager >$xPb0r}]`k#M'

IT9CZ( ADK *"b)~q#m{X(tT$i

(privilege attribute certificate)#

\#$Ts(protected object): 5J53J4D_-

m>,CJ4CZ&C ACL M POP,T0Z(C'C

J#m{\#$Ts_T(protected object policy)M\#

$TsUd(protected object space)#

\#$Ts_T(protected object policy,POP): ;

V2+_T,+=Su~?SZ ACL _TJmDYw,T

CJ\#$DTs#J4\mw:p?F4P POP u~#

m{CJXFm(access control list) "\#$Ts

(protected object)M\#$TsUd(protected object

space)#

\#$TsUd(protected object space): 5J53

J4DibTsm>,b)J4CZ&C ACL M POP,

T0Z(C'CJ#m{\#$Ts(protected object)M

\#$Ts_T(protected object policy)#

(C\?(private key): ZFcz2+T=f,;*y

P_y*D\?#k+C\?(public key)`TU#

+C\?(public key): ZFcz2+T=f,TyP

KICD\?#k(C\?(private key)`TU#

Q

#$6p(quality of protection): IO$"j{TM

~=u~*O7(D}]2+6p#

R

"am(registry): |,C'"53Mm~DCJ0dC

E"D}]f"#

1>~qw(replica): ;v~qw,||,m;~qw

D;vr`v?<D1>#1>~qwT~qwxP8]

TDFT\rl&1d"7#}]j{T#

J4Ts(resource object): 5JxgJ4Dm>,}

g~q"D~MLr#

l&D~(response file): ;VD~,||,3vLr

yaJbD;i$(ep8,9CCD~G*K;C;N

;vXdkG)5#

G+$n(role activation): +CJmI(&CZG+

D}L#

G+Vd(role assignment): *C'VdG+,Sx

9C'T*CG+(eDTs_P`&CJmI(D}

L#

7ID~(routing file): |,XF{"dCD|nD;

V ASCII D~#

RSA S\(RSA encryption): CZS\MO$D+C

\?\kuD53#|GI Ron Rivest"Adi Shamir M

Leonard Adleman Z 1977 j"wD#53D2+T!vZ

T=vsX}DK}xPrSVbDQH#

fr(rule): ;ur`u_-od,b)od9B~~

qw\;6pB~.dDX5(B~`X),rx4PT

/l&#


KP1(run time): 4PFczLrD1dN#KP1

73G;V4P73#

S

IluT(scalability): xg53TCJJ4DC'}

vSwvl&D\&#

#=(schema): C}](eoTmoD"j{Xhv}

]ba9DodD/O#ZX5}]bP,#=(eK

m"?vmPDVNT0VNkm.dDX5#

2+WSVc(secure sockets layer,SSL): a)(

E~=TD2+-i#SSL 9M'z/~qw&CLr\

;T;V*@9T}"[DM{"1lxhFD==xP

(E#SSL GI Netscape Communications Corp. M RSA

Data Security, Inc *"D#

2+\m(security management): EXZ3vi/X

FCJBXdI\D&CLrM}]D\&D\mfL#

T"a(self-registration): C'IdkXhD}]"I

*Q"aD Tivoli Access Manager C'(^h\m1i

k)D}L#

~q(service): ~qw4PD$w#~qITGr%D

"MMf"}]Dks(g,9CD~~qw"HTTP ~q

w"gSJ~~qwM finger ~qw),r_ITG|4

SD$w,}gr!~qwrxL~qwD~q#

2,20(silent installation): ;V20,C20;r

XF("M{",xGZU>D~Pf"{"Mms#2

,202IT9Cl&D~xP}]dk#m{l&D~

(response file)#

%;"a(single signon,SSO): C';NG<"C

J`v&CLrx^kVpG<=?v&CLrD\&#

m{+V"a(global signon)#

SSL: kND2+WSVc(Secure Sockets Layer)#

SSO: kND%;"a(Single Signon)#

]}=O$(step-up authentication): ;V\#$T

s_T(POP),|@5Z$dCDO$6pcNa9,

"y]3;J4OD_T/?F4PX(6pDO$#]

}=O$ POP ;?FC'9C`6O$xPO$TCJN

Nx(DJ4,+*sC'TAYk#$3;J4D_T

yh6p,y_D6pxPO$#

s:(suffix): Z>XVPD?<cNa9Pj6%cu

?D(P{F#IZZa?6?<CJ-i(LDAP)P

9CD`T|{#=,Ks:+JCZC?<cNa9P

DN;d|u?#?<~qwITP`vs:,?vs:

j6;v>XVPD?<cNa9#

T

jG,nF(token): (1) ZVrxP,I&XS;v}

]>+]=m;v}]>T8>]1XF+diJD>D

(^{E#?v}]><Pzaq!"9CnF4XFi

J#nFG;VXbD{"r;#=,|m>+dDmI

(# (2) ZVrx(LAN)P,fE+diJS;vh8+

]=m;vh8D;rP#ZrjG=S}]1,|MI

*;v!#

IEy(trusted root): Z2+WSVc(SSL)P,O

$PD(CA)D+C\?0`X*D(P{F#

U

3;J4j6(uniform resource identifier,URI): C

ZZrXxOj6Z]DV{.,|(J4{F(?<{

MD~{)"J4;C(?<{MD~{yZDFcz)

T0gN\CJJ4(-i,}g HTTP)#URI D>}G

3;J4(;w,r URL#

3;J4(;w(uniform resource locator,URL):

zmFczOrxg(}grXx)PE"J4DV{r

P#KV{rP|((a)C4CJE"J4D-iDu

4{FT0(b)-iC4(;E"J4DE"#}g,

ZrXxOBD73P,b)GCZCJwVE"J4D

;)-iDu4{F:HTTP"FTP"Gopher"Telnet M

News;bG IBM w3D URL:http://www.ibm.com#

URI: kND3;J4j6(uniform resource identifier)#

URL: kND3;J4(;w(uni form resource

locator)#

C'(user): 9C{Ka)D~qDNNvK"i/"

xL"h8"Lr"-ir53#

C ' " a m ( u s e r r e g i s t r y ) : k N D " a m

(registry)#

V

ibw\(virtual hosting): Web ~qwD\&,C\

&JmdZrXxOmV*`vwz#

W

Web Portal Manager(WPM): CZ\m2+rP

Tivoli Access Manager Base M WebSEAL 2+_TDy

Z Web D<N&CLr#K GUI ITzf pdadmin |

nPgf,|96L\m1ITxPCJ,"9\m1I

T4(/IDC'r"rb)rVd/I\m1#

Jcm 109

WebSEAL: Tivoli Access Manager blade#WebSEAL G

;VT\#$TsUd&C2+_TD_T\"`_LD

Web ~qw#WebSEAL ITa)%;"abv=8,"

+sK Web &CLr~qwJ4"kd2+_TP#

WPM: kND Web Portal Manager#


w}

[A]2+T

`LD 2

ywD 2

20m~| 11

20 Tivoli Access Manager

AIX 19

HP-UX 20

Linux 21

Solaris 18

Windows 22

[B]8] 66

X8m~

Tivoli Access Manager Base 13

`L2+T 2

?phv{ 3, 5, 43, 46

[C]Yw53

'VDf> 11

_T\m

/P 8

4(

WebSphere \mC' 26

EL*s 12

[D]<kC' 15

/,G+_Y:f

dC 53

[F]CJXFm 5

CJhC

2G 7

LP 7

[G]_Y:fm

8( 53

zY 60

JOoO<I 47, 64

\m$_

pdadmin 52

Web Portal Manager 52

\mC'

WebSphere

4( 26

\m API 8, 52

[J]yZG+D2+T 4

yZG+D_Tr\N}

8( 54

yZwzD2+T 15, 51

LL

bT2+T

VM'z 73, 81

Servlet 73, 81

Ev 67, 76

|DG+ 75, 83

tC2+T 67, 76

tC2+TG+ 66

9C(F5CLr 73, 82

mS2+T 69, 78

r LDAP mSC' 68, 77

G+ 4

G+zfZ

8( 53

G+3d 45

i\ 1

2,G+

(e 52

2,G+_Y:f

tC 52

[N]Zf*s 12

[P]dC

u<53 25

/,G+_Y:f 53

d|53 25, 38

Tivoli Access Manager 25

dCN}

8( 52

z?0kC' 15


[Q](F2+ThC

WebSphere V4.0.6 31

WebSphere V5.0.2 33

(F5CLr

Ev 43

LL 73, 82

V^T 46

U>G< 33, 46, 75, 83

9C 43

WN9C 33, 46, 75, 83

[R]U>G< 60

m~Z] 11

[S]>}

AIX 86

HP-UX 86

Linux 87

Solaris 85

Windows 86

>} Tivoli Access Manager 85

}6

S Access Manager 3.9 15

S Policy Director 3.8 15

ywD2+T 2

5CLr

migrateEAR4 94

migrateEAR5 97

pdwascfg 90

Z(v_ 3

[W]Jb7( 47, 64

[X]`Xvfo x

[Y]*s

ELUd 12

Zf 12

3d

C'=G+ 45

we=G+ 4

i=G+ 4

C'

3d=G+ 45

C'Dns}?

8( 53

C'"am

2m 3, 12

Hvu~ 14

LDAP 14

C WebSEAL %;"a 62

r,Sk 30

[Z]'VD=( 11

we 4

wezfZ

8( 53

i 4

Aadmin.ear 32, 34, 43, 73, 82

Advanced Edition 3

amwas_migrate.log 46, 75, 83

authorization server

dC=S 55

CCLASSPATH

hC 31

com.tivoli.mts.SvrSslCfg 31

configWAS4 30

configWAS5 30

DDirectory 14

DTD 43

EEAR D~ 46

GGSO we3d 56

Iinstallp 19

InstallShield 22


JJ2EE 2+T 4

Java tTD~ 52

Java Runtime Environment

X8m~f> 14

MmigrateEAR4 5CLr 94

migrateEAR5 5CLr 97

Ppdadmin

4(\mC' 26

<kC' 15

|DG+ 75, 83

mSC' 68, 77

** 8

PDPerm.properties 32, 34, 43, 73, 82

pdwascfg

9C 30, 40

pdwascfg 5CLr 90

pdwas-admin i

mS= ACL 33

PDWAS.properties 52

PDWAS_HOME,hC 30

pdwas_migrate.log 33

pkgadd 18

Rrpm 21, 87

SsetupCmdLine 30

Single Server

yZwzD2+T 51

mSC'= ACL 46

ssl ,15 47

SvrSslCfg

mS authorization server 55

swinstall 20

swremove 86

TTivoli Access Manager

2+#M 1

2+r 13

_T}]b

4F 9

\m API 8, 52

Tivoli Access Manager (x)

dC 25

>} 85

Z(r\ 1

k WebSphere /I 2

authorization server 9

policy server 5, 13

WWAS_HOME

hC 31, 34

Web Portal Manager 8, 52

WebSphere

2+TG+ 70

2+T<x 70, 79

s( 70

\m`v~qw 8

\m~qw 27

\mM'z 72, 80

LL

?p&CLr 72, 80

D5 URL 12

Advanced Edition

Single Server 12, 51

EJB #i 70

Single Server

yZwzD2+T 15

(F=h 46

Web #i 70, 79

WebSphere 2+T

Z V4.0.6 PtC 27

Z V5.0.2 PtC 27

WebSphere XF(

dC Tivoli Access Manager i 56

WebSphere Advanced Edition 3

WebSphere V5.1

dC 36

w} 113

��

Pz!"

S152-0810-00

ibm websphere application server...

Documents