Complex Federation Identity and Attribute Mapping for Tivoli Federated Idenity Manager

Use Case Description This article describes an advanced Tivoli Federated Identity Mananager configuration model concerning mapping modules for single sign-on federations. The article is applicable to readers who are already familiar with Tivoli Federated Identity Manager and it’s federated SSO support. In particular I will present a technique to perform identity and attribute mapping via […]

Continue reading

Calling TFIM Commands from Java

This article provides an example of how to call the Tivoli Federated Identity Manager Command Line interface commands from a Java application. It is targeted at Java developers who already understand how to invoke the TFIM commands via the wsadmin command line. Information on the TFIM 6.2.0 command line interface can be found in the […]

Continue reading

Using WebSphere TAI with Tivoli Federated Identity Manager

In this article I will describe a pattern of custom authentication to WebSphere via TAI for use with Tivoli Federated Identity Manager acting as an Identity Provider. The article assumes a strong background in WebSphere authentication and Tivoli Federated Identity Manager. The primary goal of this pattern is to be able to authenticate to WebSphere […]

Continue reading

Ask the Experts Forum

Three of the senior developers in the Tivoli Federated Identity Manager team (including myself) will be participating in the Ask The Expert Online Jam later this week. We do hope you will use this opportunity to connect directly with our development team for your TFIM-related questions. Many of our colleagues will also be participating for […]

Continue reading

Using CURL to send requests to the TFIM Security Token Service

When developing a particular integration or identity mediation which utilizes the Tivoli Federated Identity Manager Security Token Service (TFIM STS), I often test the configured trust chains using a command line driven RequestSecurityToken message with the curl utility. The purpose of this blog entry is to show you how to do the same thing, assuming […]

Continue reading

Advanced TAM Authorization Rules

I was recently involved in an engagement where I was required to re-visit the topic of Tivoli Access Manager authorization rules. For the un-initiated, authorization rules are a form of policy template (just like ACL’s and POP’s) that can be used in Tivoli Access Manager to define an authorization requirement on a protected object (e.g. […]

Continue reading

Updated Java STS Client

I recently reviewed the STS client code that comprised my developerworks article on Using Tivoli Access Manager WebSEAL without a User Registry, and noticed that the basic-authentication support for the STS client was not working. This was a simple defect in the use of the Higgins STS client API’s. If you are trying to make […]

Continue reading

Tivoli Federated Identity Manager and Salesforce.com

I have had several enquiries about how to configure federated single sign-on integration between Tivoli Federated Identity Manager and salesforce.com. Saleforce.com offer cloud applications for all manner of sales and CRM capabilities, and the typical use case is that an enterprise has already authenticated their employees (application users) via a company portal/website, and then want […]

Continue reading

X509Certificate Attribute Mapping Module

This post comes as the result of a request for TFIM help from a colleague. I thought the work product was useful and generic enough to be of interest to others. The use case was a user identity mediation flow, with a TFIM STS chain to validate an X509 certificate (sent as a BinarySecurityToken) and […]

Continue reading