IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

Planning worksheet

Use the planning worksheet as a reference for the default and sample values during the installation and configuration of the IBM® Security Access Manager for Enterprise Single Sign-On server and other required software.

Installation directories and other paths

The following table contains the different path variables used throughout the guide and the corresponding default values. In some cases, the variable name matches the name of an environment variable that is set in the operating system. For example, %TEMP% represents the environment variable %TEMP% for Windows.

Note: When installing the IBM Security Access Manager for Enterprise Single Sign-On on Windows systems, the default directory is typically the system program files directory <system drive>:\Program Files\IBM\, where the system drive is typically a C: drive. However, you can specify that IBM Security Access Manager for Enterprise Single Sign-On is installed on a disk drive other than the C: drive.
Path variable Component Default directory
<aa_home> AccessAgent C:\Program Files\IBM\ISAM ESSO\AA
<as_home> AccessStudio C:\Program Files\IBM\ISAM ESSO\AA\ECSS\AccessStudio
<db_home> DB2® C:\Program Files\IBM\SQLLIB
<ihs_home> IBM HTTP Server C:\Program Files\IBM\HTTPServer
<ims_home> IBM Security Access Manager for Enterprise Single Sign-On IMS Server C:\Program Files\IBM\ISAM ESSO\IMS Server
<jvm_home> Java™ Virtual Machine C:\Program Files\Java\jre1.5.0_11
<updi_home> IBM Update Installer for WebSphere® Application Server C:\Program Files\IBM\WebSphere\UpdateInstaller
<was_home> WebSphere Application Server C:\Program Files\IBM\WebSphere\AppServer
<was_dmgr_home> WebSphere Application Server Network Deployment deployment manager profile C:\Program Files\IBM\WebSphere\AppServer\profiles\Dmgr01
<%TEMP%> Windows directory for temporary files When logged on as Administrator, C:\Documents and Settings\Administrator\Local Settings\Temp
<%PROGRAMFILES%> Windows directory for installed programs C:\Program Files

Host names and ports

The following table contains the different variable host names and port numbers used throughout the guide.

Variable Description
<was_hostname> Name of the host where the WebSphere Application Server is installed.
<dmgr_hostname> Name of the host where the WebSphere Application Server Network Deployment Manager is installed.
<ihs_hostname> Name of the host where the IBM HTTP Server is installed.
<loadbalancer_hostname> Name of the host where the load balancer is installed.
<ims_hostname> Name of the host where the IMS Server is installed.
<ihs_ssl_port> IBM HTTP Server SSL port number.
<admin_ssl_port> Administrative console secure port number.

URLs and addresses

The following table contains the different URLs and addresses used throughout the guide. The values vary depending on whether you are using WebSphere Application Server stand-alone or WebSphere Application Server Network Deployment.

Description Format Example value
Integrated Solutions Console (WebSphere Application Server administrative console)
  • If you are using WebSphere Application Server stand-alone:

    https://<was_hostname>:<admin_ssl_port>/ibm/console

  • If you are using WebSphere Application Server Network Deployment:

    https://<dmgr_hostname>:<admin_ssl_port>/ibm/console

 https://localhost:9043/ibm/console

or

http://localhost:9060/ibm/console
IMS Configuration Wizard
  • If you are using WebSphere Application Server stand-alone:

    https://<was_hostname>:<admin_ssl_port>/front

  • If you are using WebSphere Application Server Network Deployment:

    https://<dmgr_hostname>:<admin_ssl_port>/front

 https://localhost:9043/front
IMS Configuration Utility
  • If you are using WebSphere Application Server stand-alone:

    https://<was_hostname>:<admin_ssl_port>/webconf

  • If you are using WebSphere Application Server Network Deployment:

    https://<dmgr_hostname>:<admin_ssl_port>/webconf

 https://localhost:9043/webconf
AccessAdmin
  • If you are using a load balancer:

    https://<loadbalancer_hostname>:<ihs_ssl_port>/admin

  • If you are not using a load balancer:

    https://<ims_hostname>:<ihs_ssl_port>/admin

  • If webserver is configured properly:

    https://ims_hostname>/admin
  • https://imsserver:9443/admin
  • https://imsserver/admin
AccessAssistant
  • If you are using a load balancer:

    https://<loadbalancer_hostname>:<ihs_ssl_port>/aawwp

  • If you are not using a load balancer:

    https://<ims_hostname>:<ihs_ssl_port>/aawwp

 https://imsserver:9443/aawwp
Web Workplace
  • If you are using a load balancer:

    https://<loadbalancer_hostname>:<ihs_ssl_port>/aawwp?isWwp=true

  • If you are not using a load balancer:

    https://<ims_hostname>:<ihs_ssl_port>/aawwp?isWwp=true

 https://imsserver:9443/aawwp?isWwp=true

Users, profile names, and groups

The following table contains some of the users and groups created during the installation.

Variable Description Example value
<profile name>

WebSphere Application Server profile name.

The profile name is defined when creating profiles for WebSphere Application Server with the manageprofiles command-line tool or graphical Profile Management tool.
  • If you are using WebSphere Application Server stand-alone:

    <AppSrv_profilename>

  • If you are using WebSphere Application Server Network Deployment:
    • Deployment manager:

      <Dmgr_profilename>

    • Node

      <Custom_profilename>
<WAS Admin user ID>

WebSphere administrator ID created during the installation of WebSphere Application Server.

 wasadmin
<IHS Admin user ID>

HTTP Server administrator user ID created during the installation of the IBM HTTP Server.

ihsadmin
<DB2 Admin user ID>

DB2 administrator service user ID for Microsoft Windows created during the installation of IBM DB2.

 db2admin
<IMS Admin user ID> IBM Security Access Manager for Enterprise Single Sign-On administrator.

User ID created during installation of the IMS Server for administration of IBM Security Access Manager for Enterprise Single Sign-On.

 imsadmin
<TIMAD Admin user ID> (Only for Active Directory enterprise directories) User ID created for use with the Tivoli® Identity Manager Active Directory Adapter.

Not required for LDAP directories.

 tadadmin
<LDAP Admin or lookup user ID> Sample LDAP user ID created for use by the IMS Server with LDAP V3 compatible directory servers. ldapadmin

lookupusr
<VA non-root user ID>

General user account for virtual appliance deployments. Created during virtual appliance activation and deployment.

 virtuser
<VA root user ID>

Root user account for virtual appliance deployments. Used to log on to virtual appliance during boot up.

 root

Installing IBM DB2

The following table contains values that you must specify when installing a database server.

Parameter Default Value
Installation file Workgroup Server Edition (limited use)
  • DB2_97_limited_CD_Win_x86.exe
  • DB2_97_limited_CD_Win_x86-64.exe
Enterprise Server Edition
  • DB2_ESE_V97_Win_x86.exe
  • DB2_ESE_V97_Win_x86-64.exe
Note: The installation files might vary according to the version and edition of DB2.
Installation directory C:\Program Files\IBM\SQLLIB
User information for the DB2 Administration Server
Domain None - use local user account
User name db2admin
Password
DB2 instance Create the default DB2 instance
Partitioning option for the default DB2 instance Single partition instance
DB2 tools catalog None
Set up your DB2 Server to send notifications No
Enable operating system security Yes
DB2 administrators group
Domain None
Group Name DB2ADMNS
Note: This value is an example. You can specify your own value.
DB2 users group
Domain None
Group Name DB2USERS
Note: This value is an example. You can specify your own value.
Port number 50000

Creating the IMS Server database

The following table contains the values that you must specify to create the IMS Server database.

Parameter Default Value
Database name imsdb
Note: This value is an example. You can specify your own value.
Default path C:\
Alias imsdb
Note: This value is an example. You can specify your own value.
Comment DB for IMS
Note: This value is an example. You can specify your own value.
Let DB2 manage my storage (automatic storage) Yes
Default buffer pool and table space page size 8K
Use the database path as a storage path Yes
Code set UTF-8
Collating sequence  
Region Default

Creating a DB2 user manually

The following table contains the values that you must specify, if you are creating a separate database user for IBM Security Access Manager for Enterprise Single Sign-On.

Parameter Default Value
DB2 user imsdb2admin
Administrative privileges
  • Connect to database
  • Create tables
  • Create packages

Installing WebSphere Application Server

The following table contains the values that you must specify when installing the WebSphere Application Server.

Parameter Default Value
Installation file launchpad.exe
Installation directory <was_home>
WebSphere Application Server Environment

(None)

Note: Profiles are created only with the Profile Management tool or command-line interface after the WebSphere fix packs are applied. You can create the following profiles:
For WebSphere Application Server stand-alone product deployments
  • Application server

For WebSphere Application Server Network Deployment (cluster)

  • Deployment Manager
  • Custom
Enable Administrative Security Yes
WebSphere Administration user name wasadmin
Deployment Manager profile name <Dmgr_profilename>
Custom profile name (node) <Custom_profilename>
Application server profile name <AppSrv_profilename>
Cell name <Server01Node01Cell01>
Deployment Manager node name <Server01Cell01>
Application server node name <Server01Node01>
HTTP server installation location <ihs_home>
HTTP port 80
HTTP admin server port 8080

Installing IBM Update Installer for WebSphere software installation

The following table contains the values that you must specify when installing the IBM Update Installer for WebSphere Software Installation.

Parameter Default Value
Installation file install.exe
Installation directory C:\Program Files\IBM\WebSphere\UpdateInstaller

Installing the latest WebSphere Application Server fix pack

The following table contains the values that you must specify when installing the latest WebSphere Application Server fix pack.

Parameter Default Value
Installation file
  • 7.0.0-WS-WAS-WinX32-FP000000X.pak
  • 7.0.0-WS-WAS-WinX64-FP000000X.pak
Installation directory <was_home>
Maintenance Operation Selection Install maintenance package
Maintenance package directory path <updi_home>\maintenance

Installing IBM HTTP Server

The following table contains the values that you must specify when installing the IBM HTTP Server.

Parameter Default Value
Installation file launchpad.exe
Installation directory <ihs_home>
IBM HTTP Server HTTP Port 80
IBM HTTP Server HTTP Administration Port 8008
Run IBM HTTP Server as a Windows Service Yes
Run IBM HTTP Administration as a Windows Service Yes
Log on as a local system account Yes
Log on as a specified user account No
User name Administrator
Note: This value is an example. You can specify your own value.
Password
Startup type Automatic
Create a user ID for IBM HTTP Server administration server authentication Yes
IBM HTTP Server administration server authentication user ID ihsadmin
Note: WebSphere Application Server account for administering IBM HTTP Server and the IBM HTTP Server plug-in.
IBM HTTP Server administration server authentication password
Install IBM HTTP Server Plug-in for IBM WebSphere Application Server Yes
Web server definition <webserver1>
Host name or IP address for the Application Server IMS82.samesso.ibm.com

Installing the latest IBM HTTP Server fix pack

The following table contains the values that you must specify when installing the latest IBM HTTP Server fix pack.

Parameter Default Value
Installation file
  • 7.0.0-WS-IHS-WinX32-FP000000X.pak
  • 7.0.0-WS-IHS-WinX64-FP000000X.pak
Installation directory <ihs_home>
Maintenance Operation Selection Install maintenance package
Maintenance package directory path <was_home>\UpdateInstaller\maintenance

Configuring the IBM HTTP Server

The following table contains the values that you must specify when configuring the IBM HTTP Server to work with the WebSphere Application Server.

Parameter Default Value
Windows batch file configure<webserver1>.bat
Original Location <ihs_home>\Plugins\bin
Target Location <was_home>\bin
com.ibm.SOAP.requestTimeoutproperty 6000
Remote Web server management  
Port 8008
User name ihsadmin
Password
Use SSL No
Refresh configuration interval 60 seconds
Plug-in configuration file name plugin-cfg.xml
Plug-in keystore file name plugin-key.kdb
Plug-in configuration directory and file name <ihs_home>\Plugins\config\<webserver1>\plugin-cfg.xml
Plug-in keystore directory and file name <ihs_home>\Plugins\config\<webserver1>\plugin-key.kdb
Automatically generate the plug-in configuration file Yes
Automatically propagate the plug-in configuration file Yes
Log file name
  • <ihs_home>\Plugins\logs\<webserver1>\http_plug-in.log
  • <ims_home>\ISAM_E-SSO_IMS_Server_InstallLog.log
Log level Error

Installing IMS Server

The following table contains the values that you must specify when installing the IMS Server.

Parameter Default Value
Installation file imsinstaller_8.2.0.0.x.exe
Installation folder <ims_home>
Deploy IMS Server to WebSphere Application Server
  • Yes - automatically deploys the IMS EAR file to WebSphere Application Server
  • No - you must manually deploy the IMS EAR file to WebSphere Application Server
WebSphere Application Server Administration Security enabled Yes
Administrative user name wasadmin
Note: This value must be the same value as the WebSphere Application Server Administrator Server user name.
Administrative password  
SSL Trusted Java key store file trust.p12
SSL Trusted Java key store file location
  • If you are using WebSphere Application Server stand-alone:

    <was_home>\profiles\<AppSrv_profilename>\config\cells\<Server01Cell01>\nodes\<Server01Node01>\

  • If you are using WebSphere Application Server Network Deployment

    <was_home>\profiles\<Dmgr_profilename>\config\cells\<Server01Cell01>\
SSL Trusted Java key store password WebAS
SSL Java key store file key.p12
SSL Java key store file location
  • If you are using WebSphere Application Server stand-alone:

    <was_home>\profiles\<AppSrv_profilename>\config\cells\<Server01Cell01>\nodes\<Server01Node01>\

  • If you are using WebSphere Application Server Network Deployment

    <was_home>\profiles\<Dmgr_profilename>\config\cells\<Server01Cell01>\
SSL Java key store password WebAS
WebSphere Application Server SOAP connector port
  • For WebSphere Application Server stand-alone:

    8880

  • For WebSphere Application Server Network Deployment (deployment manager):

    8879
SOAP connector port number location
  • If you are using WebSphere Application Server stand-alone:

    <was_home>\profiles\<AppSrv_profilename>\logs\AboutThisProfile.txt

  • If you are using WebSphere Application Server Network Deployment

    <was_home>\profiles\<Dmgr_profilename>\logs\AboutThisProfile.txt
IMS Server URL Example: https://localhost:9043/front
  • If you are using WebSphere Application Server stand-alone:

    https://<was_hostname>:<admin_ssl_port>/front

  • If you are using WebSphere Application Server Network Deployment:

    https://<dmgr_hostname>:<admin_ssl_port>/front

Configuring the IMS Server

The following table contains the values that you must specify when configuring the IMS Server.

Parameter Default Value
JDBC provider name ISAM ESSO JDBC Provider
Data source name ISAM ESSO IMS Server Data Source
JNDI name jdbc/ims
Note: The JNDI name is not editable.
J2C authentication data alias imsauthdata
Create IMS Server database schema Yes
Choose Database Type
  • IBM DB2 Server
  • Microsoft SQL Server
  • Oracle Server
Database Configuration - <database type>
Host Name  
Instance
Note: For Microsoft SQL Server only.
  
Port
  • For IBM DB2 Server: 50000
  • For Microsoft SQL Server: 1433
  • For Oracle Server: 1521
Database Name
Note: For IBM DB2 only.
  
SID
Note: For Oracle Server only.
  
User Name db2admin
User Password  
Provide Root CA Details
Keystore name CellDefaultKeyStore
Keystore password  
Root CA alias name root
Fully qualified web server name web1.example.com
IMS Services URL
HTTPS port number 443

Configuring enterprise directory (LDAP or Active Directory)

The following table contains the values that you must specify when configuring the enterprise directory.

Parameter Default value
Host name ldapsvr.example.com
Bind distinguished name
  • For Active Directory:

    cn=lookupusr, cn=users,dc=team, dc=example, dc=com

  • For LDAP:

    cn=lookupusr, ou=users, o=example, c=us
Base distinguished name
  • For Active Directory:

    cn=users, dc=team, dc=example, dc=com

  • For LDAP:

    ou=users,o=example,c=us
Domain team.example.com
Port 389 (without SSL)

636 (with SSL)
Parent topic: Configuration Guide

Feedback