Configuring Tivoli Access Manager for non-z/OS® operating systems
You can configure Tivoli® Access Manager for authentication, authorization, and with a credential vault with one task or you can configure them individually.
About this task
- Tivoli Access Manager prerequisites
Complete the prerequisite tasks before you configure Tivoli Access Manager. - Creating the PdPerm.properties file
The PdPerm.properties file configures the Access Manager Java Run Time Environment (AMJRTE). You must create the PdPerm.properties file before you configure Tivoli Access Manager for authentication, authorization, Credential Vault, or user provisioning. Run the run-svrssl-config task to create the files. This task also creates the keystore file that is used to encrypt communication with IBM Tivoli Access Manager. - Configuring Tivoli Access Manager for authentication, authorization, and the Credential Vault
You can configure Tivoli Access Manager for authentication, authorization, and the vault adapter with one task. - Configuring Tivoli Access Manager for authentication only
IBM WebSphere Portal and IBM WebSphere Application Server support the Trust Association Interceptors (TAI) that Tivoli provides. If you use Tivoli Access Manager for authorization, you must also use Tivoli Access Manager for authentication. Using Tivoli Access Manager only for authorization is not supported. - Configuring Tivoli Access Manager to perform authorization
You can configure IBM Tivoli Access Manager to perform authorization as an independent task from configuring Tivoli Access Manager to perform authentication, but you must configure both tasks. Using Tivoli Access Manager to perform only authorization is not supported. - Configuring the Credential Vault adapter for Tivoli Access Manager
You can use IBM Tivoli Access Manager in the IBM WebSphere Portal Credential Vault service. WebSphere Portal includes a vault adapter to access the Tivoli Access Manager Global Sign-on (GSO) lockbox. Any existing Tivoli resource or resource credentials can be used in your portlets that access the credential vault service without any additional configuration. In addition, the credential vault service and credential vault management portlet can create or update an existing GSO lockbox entry. - Removing Tivoli Access Manager
After you have installed and used IBM Tivoli Access Manager, you may find that you no longer require its use. You can then remove it from the IBM WebSphere Portal environment and restore authentication capabilities to IBM WebSphere Application Server and authorization capabilities to WebSphere Portal.