Tivoli Access Manager JACC provider settings

Use this page to configure the Tivoli Access Manager JACC provider.

To view the Tivoli Access Manager JACC provider settings, complete the following steps:
  1. Click Security > Global security.
  2. Under Authorization, click Authorization Providers.
  3. Under Related items, click External JACC provider.
  4. Under Additional properties, click Tivoli Access Manager Properties.

Configuration tab

Enable embedded Tivoli Access Manager

Enables or disables the embedded Tivoli Access Manager client configuration

Default: Disabled
Range: Enabled or Disabled
Ignore errors during embedded Tivoli Access Manager disablement

When selected, errors are ignored during disablement of embedded Tivoli Access Manager client.

This option is applicable only when reconfiguring embedded Tivoli Access Manager client or disabling embedded Tivoli Access Manager.

Default: Disabled
Range: Enabled or Disabled
Client listening port set

Enter the ports used as listening ports by Tivoli Access Manager clients.

WebSphere Application Server needs to listen on a TCP/IP port for authorization database updates from the policy server. More than one process may run on a particular node/machine so a list of ports is required for use by the processes. If a range of ports is to be specified separate the lower and higher values by a colon. Single ports and port ranges are specified on separate lines. An example list might look like:

7999
9990:9999

Policy server

Enter the name, fully-qualified domain name, or IP address of the Tivoli Access Manager policy server and the connection port.

Use the form policy_server:port. The policy server communication port was set at the time of Tivoli Access Manager configuration – the default is 7135.

Authorization servers

Enter the name, fully-qualified domain name, or IP address of the Tivoli Access Manager authorization server. Use the form auth_server:port:priority.

The authorization server communication port was set at the time of Tivoli Access Manager configuration – the default is 7136. More than one authorization server can be specified by entering each server on a new line. Having more than one authorization server configured is useful for reasons of failover and performance. The priority value is the order of authorization server use. For example:

auth_server1.mycompany.com:7136:1
auth_server2.mycompany.com:7137:2

A priority (of 1) is still required when configuring against a single authorization server.
Administrator user name

Enter the Tivoli Access Manager administration user ID as created at the time of Tivoli Access Manager configuration. This is usually, sec_master.

Administrator user password

Enter the Tivoli Access Manager administration password for the user ID entered in the Administrator user name field.

User registry distinguished name suffix

Enter the distinguished name suffix for the user registry to be shared between Tivoli Access Manager and WebSphere. For example: o=organization,c=country

Security domain

Enter the name of the Tivoli Access Manager security domain used to store WebSphere Application Server users and groups.

Specification of the Tivoli Access Manager domain is required as more than one security domain can be created in Tivoli Access Manager each with its own administrative user. Users, groups and other objects are created within a specific domain and are not permitted to access resources in another domain. If a security domain has not been established at the time of Tivoli Access Manager configuration, leave the value as Default.

Default: Default
Administrator user distinguished name

Enter the full distinguished name of the WebSphere security administrator ID. For example, cn=wasadmin,o=organization,c=country