IBM Support

WebSphere & ISAM (TAM) embedded PD.jar

Question & Answer


Question

Which versions of ISAM's (TAM's) PD.jar are compatible with various versions of WAS

Cause

IBM WebSphere upgrade causes an incorrect version of PD.jar to be installed.

Answer

IBM WebSphere® Application Server (WAS) includes the ISAM (TAM) PD.jar file in its distribution.
This can be problematic or confusing when the Policy Server is at a different version.

In general there is quite a bit of flexibility in using various PD.jar files with WebSphere. The main issue is which version of the PD.jar will work with which versions of ISAM's (TAM's) Policy Server and Authorization Server.
Other considerations include WPM, JACC and WebSphere 8. WAS 8 introduced some changes which required changes to the PD.jar. Therefore it is more restricted to certain versions of the PD.jar.
WAS 8 requires a TAM PD.jar level of 6.1.0.7 or 6.1.1.3 as a minimum. JACC is also included in WAS and depends on the PD.jar. WPM is not included with WAS but also depends on the PD.jar.

In general it is recommended that the PD.jar be at the same level as the ISAM (TAM) server. Since this is not always possible the following tables will help serve as a guideline in determining which version to use .

It is recommended that the PD.jar file included with WebSphere be used to configure WebSphere. After the PD.jar is configured, it can be replaced with a newer version using the file copy. The biggest issue with this is that WAS patches replace the jar file with the latest which they have which means customers must replace it again with their own.

The main dependancy is with the ISAM (TAM) server and the type of operations you are doing.
If you are just authenticating i.e. TAI, then you can use just about any version.
If you are running administrative operations then it is best to stay within N-1
If you are using local mode applications i.e. JACC, then the release level of the PD.jar file MUST match the release level of the ISAM (TAM) server.

The following chart shows key WAS releases and the versions of the PD.jar included.


WebSphere Application Server ND
ISAM / Tivoli Access Manager PD.jar
7.0 Fix pack 29
6.1.0.7


8.0
6.1.0.5
8.0 Fix Pack 01
6.1.0.7


8.5
6.1.0.7


8.5.5
6.1.0.7
8.5.5.2
6.1.0.9


9.0
6.1.0.9


The following chart shows key WAS releases and the ISAM (TAM) server versions supported.

Product Versions that PD.jar functions against.
PD.jar
WebSphere Application Server ND
Version
ISAM/TAM
Policy Server
TAM Local Mode DB
6.1.0.5
6.1 / 7.x
6.1 / 6.1.1
6.1 / 6.1.1
6.1.0.7
7.x / 8.x
6.1 / 6.1.1 / 7.0
6.1 / 6.1.1
7.0
7.x / 8.x
6.1.1 / 7.0
7.0
7.0.0.12
7.x / 8.x
6.1.1.13 / 7.0.0.12
7.0.0.12
8.0
7.x / 8.x
7.0 / 8.0
8.0
8.0.1.0
7.x / 8.x
6.1.1.13 / 7.0.0.12 / 8.0.1.0
8.0.1.0
8.0.1.5
8.x / 9.x
6.1.1.13 / 7.0.0.12 / 8.0.1.0
8.0.1.5
9.0
8.x / 9.x
6.1.1.13 / 7.0.0.12 / 8.0.1.0 / 9.0
9.0

Note: In a case when the Access Manager fix pack ( 6.1.0.16, 6.1.1.13, 7.0.0.12, 8.0.1.0 or higher ) containing correction for the POODLE issue has been applied to the Policy Server, then prior versions of the PD.jar can not be used to configure the Access Manager runtime for Java. If the older version of the PD.jar without the POODLE fix must be used on the WAS then the SSLv3 connection must be allowed in the Policy Server configuration. When a fix pack or an update is applied to the WebSphere Application Server it is recommended to verify that a fix pack / update includes POODLE compatible version of the PD.jar or after applying a fix pack / update use file copy to replace incompatible PD.jar.

Background information:

The PD.jar file allows java runtimes to deploy a set of classes to an appropriate resource.
Jar files are compressed so you can download a complete application with one download.

The PD.jar file had a manifest file located in the path of the META-INF/MANIFEST.MF
The MANIFEST.MF can be extracted by any standard zip software including "jar" for Windows.

On Unix/Linux the PD.jar version can be viewed by using the zcat command as below:-
For this document I am going to use the zcat command ( from Unix/linux) and available from cygwin for Windows,, i.e zcat PD.jar



To continue this example the above PD.jar was available but after an upgrade of WAS you can see that an older version of PD.jar was inserted and therefore our customer should contact IBM WebSphere for the latest version so it can be inserted into the WebSphere installation/ upgrade mechanism.





Note: The PD.jar can not be downloaded independent of a patch.

All of the above PD.jar files need to be upgraded to the latest version of TAM PD.jar to obtain the latest resolved issues:
The patches containing the PD.jar file can be downloaded from IBM's Fix Central :-
www.ibm.com/support/fixcentral/

For WAS installation please contact your local WebSphere Support for to obtain the latest level using WebSphere installation mechanism.

Internal Use Only

Currently ( 4th June 2018 ) ISAM 7 PD.jar does not support WAS 9, Java 8. Workaround is to use PD.jar from 8.0.1.5 as documented in the in the RTC work item https://rtp-rtc6.tivlab.raleigh.ibm.com:9443/jazz/web/projects/ISAM#action=com.ibm.team.workitem.viewWorkItem&id=105282 ( PMR 58360,L6Q,000 / case TS000026541 )

[{"Product":{"code":"SSPREK","label":"IBM Security Access Manager for Web"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Embedded WAS (JACC)","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1;6.1.1;7.0;8.0;9.0","Edition":""}]

Document Information

Modified date:
16 June 2018

UID

swg21646372