If you use WebSEAL as the point of contact server for your
OAuth federation, you must configure it using the configuration utility
tool.
Before you begin
The
information in this section applies to Tivoli® Federated Identity Manager package
users. It also applies to organizations that already have Tivoli Access Manager for e-business
in their computing environment.
Before starting
this procedure:
- The WebSEAL point of contact profile must be activated.
- You must know the Tivoli Access
Manager administration user (default: sec_master) and administration
user password.
About this task
The Federation wizard provides a button that you can use
to obtain the configuration utility tool. The procedure includes information
on how to obtain and run the utility. The utility configures endpoints
on the WebSEAL server, creates a WebSEAL junction, attaches the appropriate
ACLs, and enables the necessary authentication methods.
The
steps are applicable for OAuth 1.0 and 2.0 federations.
To configure
WebSEAL as the point of contact server, complete the steps in this
procedure:
Procedure
- After creating the federation, click Load configuration
changes to Tivoli Federated Identity Manager runtime to
reload your changes.
- Click Done to return to the Federations
panel.
- Click Download Tivoli Access Manager Configuration
Tool.
- Save the configuration tool to the file system on the computer
that hosts the WebSEAL server.
- Run the configuration tool from a command line. The syntax
is:
java -jar /download_dir/tfimcfg.jar -action tamconfig
-cfgfile webseald-instance_name.conf
Example
For example, when you have placed tfimcfg.jar file
in /tmp, and the WebSEAL instance name is default,
the command is:
java -jar /tmp/tfimcfg.jar -action tamconfig -cfgfile webseald-default
For
more information, see tfimcfg reference.