You must create a domain and deploy a runtime application for each
instance of the Tivoli® Federated Identity Manager. This
task is a prerequisite for configuration of Tivoli Federated Identity Manager support
of Kerberos constrained delegation modules and WebSEAL Kerberos junctions.
A wizard prompts you to supply the necessary configuration properties.
You can use the properties on the worksheet that you prepared. For more information
on the worksheet, see Planning the configuration of domains and runtime nodes
Verify that the WebSphere® Application Server application is running.
When you are deploying a domain into a WebSphere Application Server cluster
and WebSphere global
security is enabled, you must copy the WebSphere key files from the Deployment
Manager to all nodes in the cluster. Place the keys on each node in the same
directory as on the Deployment Manager.
Log in to the WebSphere console and click Tivoli Federated
Identity Manager → Getting Started.
The Getting Started
portlet is displayed.
Click Manage Domains. The Domains
portlet is displayed
Click Create. The Domain Wizard
displays the Welcome panel.
Click Next. The Management Service
Endpoint panel is displayed.
Enter values for the specified properties and click Next.
The WebSphere Security
panel is displayed. Specify whether WebSphere global security is enabled.
When global security is enabled, enter values for the specified properties
and click Next.
When global security is not enabled, leave the remaining properties
blank. Click Next.
Click Test Connection. When successful,
you will see an information message:
Click Next. The WebSphere Target Mapping panel is
displayed. Select or enter the name of your server or cluster. When finished,
click Next.
When the WebSphere environment
consists of a single server, the panel displays a Server name menu with a
default name.
When the WebSphere environment
consists of a cluster, the panel displays the Cluster Name menu. This menu
lists the names of clusters defined in the cell. Select the name of the cluster
to use.
The Select Domain panel is displayed. A default name is provided.
Accept it or enter a name for the new domain.
The Tivoli Access
Manager Environment Settings panel is displayed. Deselect This
Environment Uses Tivoli Access Manager and click Next.
The Summary panel is displayed. Verify that the domain information
is correct and click Finish.
The domain is created
and the domain wizard exits. The Create Domain Complete panel is displayed.
Select both of the check boxes on the Create Domain Complete panel
and click OK.
You must complete both
of the tasks as part of the initial creation and deployment of the Tivoli Federated Identity Manager management service and runtime:
Make this domain the active management domain
Open Runtime Node Management upon completion
When you are deploying Tivoli Federated Identity Manager into
a WebSphere cluster,
ensure that the WebSphere Node
Agent is running on all the nodes in the cluster.
Use the WebSphere administrative
console to verify the status of the node agents.
The Current® Domain
portlet and the Runtime Node Management portlet are displayed. In the Runtime
Node Management portlet, click Deploy. A
message is displayed:
FBTCON355I - A request to deploy the Tivoli Federated Identity Manager
Runtime is in progress.
The following link is displayed:
Click to refresh runtime deployment status and check for completion.
The Deploy operation may take several minutes. During this time, the
link can be checked for completion. When the deployment is complete, then
clicking on the link will return the message:
FBTCON132I The Runtime was successfully deployed to the domain.
The Runtime Node Management portlet is redrawn. An entry for
the runtime is added to the Runtime Nodes table for
each node in the domain. Also, the Configure button
is activated.
In the Runtime Node table, select the check box for your node and
click Configure.
The runtime application
is configured into the environment.
In a WebSphere cluster
environment, configure each node in the cluster by repeating the previous
step.
When all nodes are configured, click the Load configuration
changes to the Tivoli Federated Identity Runtime button.
The button is located in the Current Domain portlet.
Continue with the instructions the apply to your deployment: