Tivoli Federated Identity Manager, Version 6.2    

Creating a Kerberos constrained delegation module instance

A wizard guides you through the creation of the module instance. For information about each requested property, see Planning configuration of the trust chain.

You can also consult the Worksheet for trust chain configuration.

To create a module instance:

  1. Login to the WebSphere® console.
  2. Click Tivoli Federated Identity Manager -> Configure Trust Service -> Module Instances The Module Instances portlet is displayed.
  3. Click Create. The Module Instance wizard starts, and the Module Type panel is displayed.
  4. Select com.tivoli.am.fim.trustserver.sts.modules.KerberosDelegationSTSModule. Click Next. The Module Instance Name panel is displayed.
  5. Enter a value in the Module Instance Name field.

    For example:

    Kerberos Junction
  6. Optionally, enter a description in the Module Instance Description field. .
  7. Click Next. The Kerberos Delegation Module Configuration panel is displayed.
  8. Enter a value in the field Maximum size of the user credential cache.
  9. Click Finish. The Module Instances panel is displayed. The Current® Domain portlet is also displayed, and prompts you to load the new configuration changes.
  10. Click the Load configuration changes to Tivoli® Federated Identity Manager runtime button.
  11. Continue with Creating a trust chain for Kerberos constrained delegation.

Topic type Task topic    

Feedback