IBM Tivoli Federated Identity Manager, Version 6.2.2

Tivoli Access Manager login module

The Tivoli® Access Manager login module is a Java™ Authentication and Authorization Service (JAAS) login module that accepts Tivoli Access Manager security tokens to perform a login. The Tivoli Access Manager login module does not use the Tivoli Federated Identity Manager trust service.

information tip iconThe information in this section applies to Tivoli Federated Identity Manager package users. It also applies to organizations that already have Tivoli Access Manager for e-business in their computing environment.

The Tivoli Access Manager login module permits login using a binary security token containing a privileged attribute certificate (PAC), which is known as a Tivoli Access Manager token. A PDPrincipal is created from the PAC and the principal name is used for login. The login module does not look up the principal name in a user registry.

The Tivoli Access Manager login module uses the login context of the principal created from the Tivoli Access Manager token to run the target Web service.

The Tivoli Access Manager login module class name is

The preferred JAAS configuration name is system.itfim.wssm.tam.

To generate and use Tivoli Access Manager security tokens, PDJRTE must be configured and the PDJRTE configuration file specified to WSSM. This PDJRTE configuration file is used to create the PDPrincipal from the privileged attribute certificate (PAC). The WSSM configuration is specified in the file located at C:\Program Files\IBM\FIM\wssm\etc\ Update the pdjrte.configuration property and specify the PDJRTE configuration file path.


There are no configuration parameters for the Tivoli Access Manager login module.