Tivoli Federated Identity Manager, Version 6.2    

Creating and deploying a new domain

You must create a domain and deploy a runtime application for each instance of the Tivoli® Federated Identity Manager. This task is a prerequisite for configuration of Tivoli Federated Identity Manager support of Kerberos constrained delegation modules and WebSEAL Kerberos junctions.

A wizard prompts you to supply the necessary configuration properties. You can use the properties on the worksheet that you prepared. For more information on the worksheet, see Planning the configuration of domains and runtime nodes
  1. Verify that the WebSphere® Application Server application is running.
  2. When you are deploying a domain into a WebSphere Application Server cluster and WebSphere global security is enabled, you must copy the WebSphere key files from the Deployment Manager to all nodes in the cluster. Place the keys on each node in the same directory as on the Deployment Manager.
  3. Log in to the WebSphere console and click Tivoli Federated Identity Manager → Getting Started.

    The Getting Started portlet is displayed.

  4. Click Manage Domains. The Domains portlet is displayed
  5. Click Create. The Domain Wizard displays the Welcome panel.
  6. Click Next. The Management Service Endpoint panel is displayed.
  7. Enter values for the specified properties and click Next.
  8. The WebSphere Security panel is displayed. Specify whether WebSphere global security is enabled.
    • When global security is enabled, enter values for the specified properties and click Next.
    • When global security is not enabled, leave the remaining properties blank. Click Next.
  9. Click Test Connection. When successful, you will see an information message:
    FBTCON317I Tivoli Federated Identity Manager connected successfully.
  10. Click Next. The WebSphere Target Mapping panel is displayed. Select or enter the name of your server or cluster. When finished, click Next.
    • When the WebSphere environment consists of a single server, the panel displays a Server name menu with a default name.
    • When the WebSphere environment consists of a cluster, the panel displays the Cluster Name menu. This menu lists the names of clusters defined in the cell. Select the name of the cluster to use.
  11. The Select Domain panel is displayed. A default name is provided. Accept it or enter a name for the new domain.
  12. The Tivoli Access Manager Environment Settings panel is displayed. Deselect This Environment Uses Tivoli Access Manager and click Next.
  13. The Summary panel is displayed. Verify that the domain information is correct and click Finish.

    The domain is created and the domain wizard exits. The Create Domain Complete panel is displayed.

  14. Select both of the check boxes on the Create Domain Complete panel and click OK.

    You must complete both of the tasks as part of the initial creation and deployment of the Tivoli Federated Identity Manager management service and runtime:

    • Make this domain the active management domain
    • Open Runtime Node Management upon completion
  15. When you are deploying Tivoli Federated Identity Manager into a WebSphere cluster, ensure that the WebSphere Node Agent is running on all the nodes in the cluster.

    Use the WebSphere administrative console to verify the status of the node agents.

  16. The Current® Domain portlet and the Runtime Node Management portlet are displayed. In the Runtime Node Management portlet, click Deploy. A message is displayed:
    FBTCON355I - A request to deploy the Tivoli Federated Identity Manager
    Runtime is in progress.

    The following link is displayed:

    Click to refresh runtime deployment status and check for completion.

    The Deploy operation may take several minutes. During this time, the link can be checked for completion. When the deployment is complete, then clicking on the link will return the message:

    FBTCON132I The Runtime was successfully deployed to the domain.

    The Runtime Node Management portlet is redrawn. An entry for the runtime is added to the Runtime Nodes table for each node in the domain. Also, the Configure button is activated.

  17. In the Runtime Node table, select the check box for your node and click Configure.

    The runtime application is configured into the environment.

  18. In a WebSphere cluster environment, configure each node in the cluster by repeating the previous step.
  19. When all nodes are configured, click the Load configuration changes to the Tivoli Federated Identity Runtime button.

    The button is located in the Current Domain portlet.

  20. Continue with the instructions the apply to your deployment:

Topic type Task topic    


Feedback