IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

Integrating a BIO-key fingerprint reader

With the integration between BIO-key Biometric Service Provider (BSP) and IBM® Security Access Manager for Enterprise Single Sign-On, users can work with any biometric reader that is supported by BIO-key.

About this task

Only Administrators can integrate and deploy the BIO-key Biometric Service Provider (BSP) with IBM Security Access Manager for Enterprise Single Sign-On. The BIO-key Biometric Service Provider deployment processes for the IMS Server and AccessAgent are different.
Parent topic: Setting up fingerprint authentication

Deploying BIO-key Biometric Service Provider in the IMS Server

Set up the BIO-key Biometric Service Provider first in the IMS Server.

Procedure

  1. Install the Native Library Invoker resource adapter.
  2. Install the BIO-key BSP drivers (BioAPI BSP SDK 1.9_266_Ship or later) in the IMS Server.
    1. Start the BIO-key installer.
    2. In the BIO-key Reader Setup dialog box, select the manual setup of biometric reader files option.
    3. Select the biometric reader files to use. Wait for the completion of the installation.
      Note: Selecting all biometric readers might cause performance issues.
    4. Select the manual selection of biometric readers option.
    5. Select the biometric reader that you are going to use from the list of readers installed.
    6. Complete the rest of the installation steps.
  3. Navigate to the IBM Security Access Manager for Enterprise Single Sign-On installation package.
  4. Open the deploymentPack.biometrics\bio-key folder.
  5. Follow the steps in the README.txt to apply the deployment package for BIO-key.
    Note: Run as an Administrator in Windows Server 2008 or later.
  6. Restart the WebSphere Application Server.
  7. Set pid_second_factors_supported_list to Fingerprint in AccessAdmin. See the IBM Security Access Manager for Enterprise Single Sign-On Administrator Guide for more details.

Deploying BIO-key Biometric Service Provider in AccessAgent

After deploying BIO-key Biometric Service Provider in the IMS Server, you can now deploy BIO-key in AccessAgent.

Procedure

  1. Install BIO-key Biometric Service Provider (BSP) version 1.9.266 or later.
  2. Open the AccessAgent Installer folder.
  3. Navigate to the Customization folder.
  4. Copy FP3-BioKey.reg to the Reg folder in the Installation folder.
  5. Install AccessAgent.
    Note: The Bio-Key BSP installation creates registry settings in the Local Machine (HKLM) and Current User (HKCU) levels. AccessAgent uses only HKLM settings. HKCU settings are ignored even if these settings are set later by the user.
  6. Open the AccessAgent installation directory. For example, C:\Program Files\IBM\ISAM ESSO.
  7. Set ResetBioAPIPermissions in SetupHlp.ini to 1.
  8. On your Windows desktop, click Start > Run.
  9. In the Open field, enter regedit then click OK.
  10. Select HKLM\Software\IBM\ISAM ESSO\SOCIAccess\DSPList\{6EA4B6D4-8CDF-4C4E-8B40-CA6A20D0CD6B}\Devices\{5994DB8B-A2C3-4e0a-BC79-F274AE5ECC11}\UISPList\{68F86CB2-630B-4F15-9E2B-5A77B294E9E2} in the Registry Editor.
  11. Set the registry value Enabled to 1.
  12. Restart the computer.
  13. Optional: If you installed AccessAgent first before BIO-key, do the following additional steps:
    1. Run FP3-BioKey.reg. This file is located in the Customization folder under the AccessAgent installation folder.
    2. Repeat steps 8 to 12.

Feedback