Configuring a Java application into the secure domain
Java applications that use Verify Identity Access security must be configured into a Verify Identity Access secure domain.
Verify Identity Access provides a utility class called com.tivoli.pd.jcfg.SvrSslCfg that can be used to accomplish the necessary configuration and unconfiguration tasks.
This section describes configuration and unconfiguration tasks, and provides example command-line syntax for each task.
The examples in this chapter use the values shown in Table 1:
| Information | Value |
|---|---|
| Administrator user ID | sec_master |
| Administrator password | secpw |
| Policy server, TCP/IP communications port number, and rank (default port is 7135) | ampolicy.myco.com:7135:1
This entry can also be used to specify a policy server proxy. The location, port, and rank of the policy server proxy must be specified. The default port for a proxy is 7138. |
| Authorization server, TCP/IP communications port number, and rank (default port is 7136) | amazn.myco.com:7136:1 |
| Host name of Java application system | jsys.myco.com |
| TCP/IP port on which the application server listens for communications from the policy server | 999 |
| Application server password | pw |
| Verify Identity Access application ID | PDPermissionjapp
The application ID must be unique. Other instances of the application running on this or other systems must each be given a unique ID. |
| Verify Identity Access domain | mydomain |
| Configuration file |
(Windows example) c:\am\config_file.conf
Note: SvrSslCfg creates the configuration file when called with
–action config. When SvrSslCfg is called with other options (for example, –action addsvr), the configuration file is expected to exist. |
| Keystore file |
(Windows example) c:\am\keystore_file.ks
Note: SvrSslCfg creates this keystore file when called with
–action config. When SvrSslCfg is called with other options (for example, –action addsvr), the keystore file is expected to exist. |
A detailed command reference for the –action config class can be found in com.tivoli.pd.jcfg.SvrSslCfg.