Disabling embedded Tivoli Access Manager client using wsadmin

Follow these steps to unconfigure the Java™ Authorization Contract for Containers (JACC) provider for Tivoli® Access Manager.

About this task

In a WebSphere® Application Server Network Deployment architecture, ensure that all the managed servers, including node agents, are started. Perform the following process once on the deployment management server. Details of the unconfiguration are forwarded to managed servers, including node agents, when a synchronization is performed. The managed servers require their own reboot for the configuration changes to take effect.

Note: It is also possible to unconfigure using the administrative console. For details on unconfiguring the embedded Tivoli Access Manager client using the WebSphere Application Server administrative console, refer to the Disabling embedded Tivoli Access Manager client using the administrative console article.

Procedure

Restart the deployment manager process.
Start the wsadmin command-line utility. The wsadmin command is found in theinstall_dir/bin directory

From the wsadmin prompt, enter the following command:

WSADMIN>$AdminTask unconfigureTAM -interactive

The following table lists the information that you are asked to provide for the unconfigureTAM command. The table also lists the properties that apply to the configureTAM and reconfigureTAM commands.

Table 1. Commands for configuring, reconfiguring, and unconfiguring Tivoli Access Manager . The following table lists the information that you are asked to provide for the configureTAM command. The table also lists the properties that apply to the unconfigureTAM and reconfigureTAM commands.
Property	Default	Relevant command	Description
Websphere Application Server node name	*	configureTAM reconfigureTAM unconfigureTAM	Specify a single node or enter an asterisk (*) to run the configuration task on all of the application server instances including the deployment manager, node agents, and servers.
Tivoli Access Manager Policy Server	Default port: 7135	configureTAM reconfigureTAM	Enter the name of the Tivoli Access Manager policy server and the connection port. Use the format, policy_server : port. The policy server communication port is set at the time of Tivoli Access Manager configuration.
Tivoli Access Manager Authorization Server	Default port: 7136	configureTAM reconfigureTAM	Enter the name, port, and priority of each configured Tivoli Access Manager authorization server. Use the format auth_server : port : priority. The authorization server communication port is set at the time of Tivoli Access Manager configuration. You can specify more than one authorization server by separating the entries with commas. Having more than one authorization server configured is useful for failover and performance. The priority value is the order of authorization server use. For example: auth_server1:7136:1,auth_server2:7137:2. A priority of 1 is still required when you use a single authorization server.
Websphere Application Server administrator's distinguished name		configureTAM reconfigureTAM	Enter the full distinguished name of the security primary administrator ID for WebSphere Application Server as created in Creating the security administrative user for Tivoli Access Manager. For example: cn=wasadmin,o=organization,c=country
Tivoli Access Manager user registry distinguished name suffix		configureTAM reconfigureTAM	Enter the suffix that you have set up in the user registry to contain the user and groups for Tivoli Access Manager. For example: o=organization,c=country
Tivoli Access Manager administrator's user name	sec_master	configureTAM reconfigureTAM unconfigureTAM	Enter the Tivoli Access Manager administration user ID that you created when you configured Tivoli Access Manager. This ID is usually sec_master.
Tivoli Access Manager administrator's user password		configureTAM reconfigureTAM unconfigureTAM	Enter the password that is associated with the Tivoli Access Manager administration user ID.
Tivoli Access Manager security domain	Default	configureTAM reconfigureTAM	Enter the name of the Tivoli Access Manager security domain that is used to store users and groups. If a security domain is not already established at the time of Tivoli Access Manager configuration, click Return to accept the default.
Embedded Tivoli Access Manager listening port set	8900:8999	configureTAM reconfigureTAM	WebSphere Application Server needs to listen on a TCP/IP port for authorization database updates from the policy server. More than one process can run on a particular node and machine so a list of ports is required for the processes. Enter the ports that are used as listening ports by Tivoli Access Manager clients, separated by a comma. If you specify a range of ports, separate the smaller and larger values by a colon. For example, 7999, 9990:9999.
Defer	No	configureTAM reconfigureTAM unconfigureTAM	Set this option to yes if you want to defer the configuration of the management server until the next restart. Set the option to no if you want the configuration of the management server to occur immediately. Managed servers are configured on their next restart.
Force	No	reconfigureTAM unconfigureTAM	Set this value to yes if you want to ignore errors during the unconfiguration process and allow the entire process to complete. Set the value to no if you want errors to stop the unconfiguration process. This option is especially useful if the environment needs to be cleaned up and problems are occurring that do not allow the entire cleanup process to complete successfully.

When all information is entered, enter F to save the properties or C to cancel from the unconfiguration process and discard the entered information.
Optional: Synchronize all nodes.
Restart all WebSphere Application Server instances for the changes to take effect.