To configure the runtime environment with the local management
interface, use the Runtime Component management page.
Procedure
From the top menu, select Secure
Web Settings > Manage > Runtime
Component.
Click Configure. You
can configure your policy server to be local or remote.
Local policy server with a remote LDAP user
registry
Under Policy Server, select Local.
Under User Registry, select LDAP
Remote.
Click Next.
On the Policy Server tab, provide settings for the
fields displayed. Fields with an asterisk are required and must be
completed.
Management Suffix: The LDAP suffix that is used to hold the IBM® Security Access Manager secAuthority data.
Management Domain: The IBM Security
Access Manager domain name.
Note: Make sure that the domain name you specify is
unique among all suffixes on the LDAP server. The existence of a domain with the same name in a
different suffix also causes an error.
Administrator Password: The security administrator's
password.
Confirm Administrator Password: The security
administrator's password.
SSL Server Certificate Lifetime (days):
The lifetime in days for the SSL server certificate.
SSL Compliance: Specifies any
additional SSL compliance.
Note: If FIPS is enabled on the
appliance, the SSL Compliance field cannot
be set to No additional compliance.
Click Next.
On the LDAP tab, provide settings for the fields
displayed.
Host name: The name of the LDAP server.
Port: The port to be used the system communicates
with the LDAP server.
DN: The distinguished name that is used
when the system contacts the user registry.
Password: The password for the DN.
Enable SSL: Whether SSL is enabled.
Certificate Database: The KDB
file that contains the certificate that is used to communicate with
the user registry. This field is required if "Enable SSL" is
selected.
Certificate Label: The label
of the SSL certificate that is presented to the user registry upon
request. This field is optional and is only required if SSL is enabled,
and the user registry is configured to require a client certificate.
Click Finish to save the settings.
Local policy server with a local user registry
Note: Users and groups within the local user registry are managed
through the Security Access Manager administration framework; for
example, pdadmin. All these users and groups are housed under the
suffix "dc=iswga".
Under Policy Server, select Local.
Under User Registry, select LDAP
Local.
Click Next.
On the Policy Server tab, provide settings for the
fields displayed. Fields with an asterisk are required and must be
completed.
Administrator Password: The security administrator's
password.
Confirm Administrator Password: The security
administrator's password.
SSL Server Certificate Lifetime (days):
The lifetime in days for the SSL server certificate.
SSL Compliance: Specifies any
additional SSL compliance.
Click Next.
On the LDAP tab, provide
settings for the fields displayed. Fields with an asterisk are required
and must be completed.
Password
The administrator password of the embedded LDAP server.
Clean existing data
Select this check box to delete any existing data in the embedded
LDAP server before the configuration.
Click Finish to save the settings.
Remote policy server
Under Policy Server, select Remote.
Under User Registry, select whether to use
LDAP.
Click Next.
On the Policy Server tab, provide settings for the fields displayed.
Host name: The name of the host
that hosts the IBM Security
Access Manager policy server.
Port: The port over which communication
with the IBM Security Access
Manager policy server takes place.
Management Domain: The IBM Security Access Manager domain
name.
Click Next and complete settings on the
LDAP tab.
Host name: The name of the LDAP server.
Port: The port to be used when the system communicates with
the LDAP server.