Enabling embedded Tivoli Access Manager

Embedded Tivoli® Access Manager is not enabled by default, and you need to configure it for use.

About this task

Enabling Tivoli Access Manager security within WebSphere® Application Server requires:
  • A supported Lightweight Directory Access Protocol (LDAP) installed somewhere on your network. This user registry contains the user and group information for both Tivoli Access Manager and WebSphere Application Server.
  • Tivoli Access Manager server exists and is configured to use the user registry. For details on the installation and configuration of Tivoli Access Manager, refer to the IBM® Tivoli Access Manager for e-business documentation.
    Note: WebSphere Application Server contains an embedded client for Tivoli Access Manager. To use Tivoli Access Manager, you must also configure the Tivoli Access Manager server.
  • WebSphere Application Server is installed either in a single server model or as WebSphere Application Server Network Deployment.
  • When administrative security is configured with a Federal Information Processing Standard (FIPS) provider, the Tivoli Access Manager server must be configured for FIPS as well

Complete the following steps to enable embedded Tivoli Access Manager security:

Procedure

  1. Create the security administrative user.

    For more information, see Creating the security administrative user for Tivoli Access Manager.

  2. Configure the Java™ Authorization Contract for Containers (JACC) provider for Tivoli Access Manager .

    For more information, see Tivoli Access Manager JACC provider configuration.

  3. Enable WebSphere Application Server security.
    When you are using Tivoli Access Manager you must configure LDAP as the user registry.

    For more information, see Configuring Lightweight Directory Access Protocol user registries.

  4. Enable the JACC provider for Tivoli Access Manager.

    For more information, see Enabling the JACC provider for Tivoli Access Manager.