Global settings
You can use the LMI to access an administrative menu to configure global settings that are used by both Federation and Advanced Access Control.
The Local Management Interface (LMI) has a user interface page for administering each major feature in IBM Security Access Manager. Since some features are used by multiple licensing levels for the product, the administration page for these features can be accessed through multiple user interface menu paths.
You can use either of the following LMI menus to access the global settings:
You can use the global settings menus to configure the following features:
- Advanced Configuration
Some of the advanced configuration properties are common to Advanced Access Control and Federation. Others are specific to one of the licensing levels.
- User Registry
Use these settings to administer users and group memberships for the user registry that is used by the runtime applications. Management tasks are common to Advanced Access Control and Federation.
- Runtime Parameters
You can use the Runtime Parameters menu to view runtime status, tune runtime parameters, and set tracing on the runtime. These functions are common to Advanced Access Control and to Federation.
In addition, the runtime tracing feature can be set in the LMI through
.The topic for Runtime Parameters is also included in the appliance troubleshooting section of the IBM Knowledge Center. See Tuning runtime application parameters and tracing specifications
- Template Files
Template files are HTML pages that are presented to your users. You can customize the content of the pages for your deployment by setting supported macros, or by adding JavaScript scripting. Template pages are used in multiple scenarios.
- Customizing the authentication process, such as error messages
- Specifying settings for the supported authentication mechanisms
- Customizing error messages for authentication attempts
- Obtaining consent for registering devices
- Specifying authorization parameters for OAuth 2.0
- Configuring user self-care tasks
- Mapping Rules
Mapping rules are JavaScript code that runs during the authentication flow for Advanced Access Control and Federation. Mapping rules can be used for multiple purposes. For Advanced Access Control, you can modify rules for the Authentication Service, OTP, and OAuth 2.0. For Federation, you can modify mapping rules to manage identities for OIDC and SAML 2.0.
- Distributed Session Cache
The Distributed Session Cache is supplied by the Web Reverse Proxy and is used with all activation levels. The management windows in the LMI can also be accessed through
.For an overview of the Distributed Session Cache, and a review of advanced configuration options, see: Distributed session cache.
- Server Connections
Advanced Access Control and Federations both use the IBM Security Access Manager appliance to connect to external data sources. For Advanced Access Control, you can use the server connections menus to configure LDAP or database server connections so that you can set up policy information points. For Federation, you can configure an LDAP server as an attribute source for attribute mapping.
- Point of Contact
IBM Security Access Manager provides servers, such as WebSEAL, that function as point of contact servers for handling external requests for authentication and authorization. You can configure a point of contact profile to specify the information that is needed for the runtime to communicate with a specific point of contact server. Security Access Manager provides three Point of Contact profiles that are ready for use. You can specify callback parameters and values for these profiles.
- Access Policies
You can use access policies to perform step-up and reauthentication during a single sign-on flow based on contextual information. Access policies can be enforced at a federation or at API Protection for OAuth and OpenID Connect.