IBM Tivoli Federated Identity Manager, Version 6.2.1

Creating and deploying a new domain

You must create a domain and deploy a runtime application for each instance of the Tivoli® Federated Identity Manager. This task is a prerequisite for configuration of additional Tivoli Federated Identity Manager features such as federated single sign-on or Web services security management. It is also a prerequisite for deployments that use the Tivoli Federated Identity Manager security token service for token exchange. An example of a token exchange scenario is deployment of Tivoli Federated Identity Manager Kerberos constrained delegation with WebSEAL junctions.

Before you begin

A wizard prompts you to supply the necessary configuration properties. You can use the properties on the worksheet that you prepared. For more information on the worksheet, see Domain configuration

Procedure

  1. Verify that the WebSphere® Application Server application is running.
  2. When you are deploying a domain into a WebSphere Application Server cluster and WebSphere global security is enabled, you must ensure that the WebSphere key files from the Deployment Manager are copied to all nodes in the cluster. Place the keys on each node in the same directory as on the Deployment Manager. WebSphere 6.1 should do this automatically. However, ensure that when the administration console is remote from the Dmgr(Management Service) that the server certificate presented by the DMgr is trusted by the console. One way to do this is to copy the trust store from the DMgr to the console profile.
  3. Log in to the WebSphere console and click Tivoli Federated Identity Manager → Getting Started.

    The Getting Started portlet is displayed.

  4. Click Manage Domains. The Domains portlet is displayed
  5. Click Create. The Domain Wizard displays the Welcome panel.
  6. Click Next. The Management Service Endpoint panel is displayed.
  7. Enter values for the specified properties and click Next.
  8. The WebSphere Security panel is displayed. Specify whether WebSphere global security is enabled.
    Note: When installing on z/OS®, see the README file on the z/OS distribution media for important information about setting WebSphere security properties.
    • When global security is enabled, enter values for the specified properties and click Next.
    • When global security is not enabled, leave the remaining properties blank. Click Next.
  9. Click Test Connection. When successful, you will see an information message: 
    FBTCON317I Tivoli Federated Identity Manager connected successfully.
  10. Click Next. The WebSphere Target Mapping panel is displayed. Select or enter the name of your server or cluster. When finished, click Next.
    • When the WebSphere environment consists of a single server, the panel displays a Server name menu with a default name.
    • When the WebSphere environment consists of a cluster, the panel displays the Cluster Name menu. This menu lists the names of clusters defined in the cell. Select the name of the cluster to use.
  11. The Select Domain panel is displayed. A default name is provided. Accept it or enter a name for the new domain.
  12. The Tivoli Access Manager Environment Settings panel is displayed. Select or deselect This Environment Uses Tivoli Access Manager as appropriate. and click Next. When you select this option, provide values for the rest of the properties.
  13. The Summary panel is displayed. Verify that the domain information is correct and click Finish.

    The domain is created and the domain wizard exits. The Create Domain Complete panel is displayed.

  14. Select both of the check boxes on the Create Domain Complete panel and click OK.

    You must complete both of the tasks as part of the initial creation and deployment of the Tivoli Federated Identity Manager management service and runtime:

    • Make this domain the active management domain
    • Open Runtime Node Management upon completion
  15. When you are deploying Tivoli Federated Identity Manager into a WebSphere cluster, ensure that the WebSphere Node Agent is running on all the nodes in the cluster.

    Use the WebSphere administrative console to verify the status of the node agents.

  16. The Current® Domain portlet and the Runtime Node Management portlet are displayed. In the Runtime Node Management portlet, click Deploy Runtime. A message is displayed: 
    FBTCON355I - A request to deploy the Tivoli Federated Identity Manager
Runtime is in progress.

    The following link is displayed:

    Click to refresh runtime deployment status and check for completion.

    The Deploy operation may take several minutes. During this time, you can click the link to check for completion. When the deployment is complete, then clicking on the link will return the message:

    FBTCON132I The Runtime was successfully deployed to the domain.

    The Runtime Node Management portlet is redrawn. An entry for the runtime is added to the Runtime Nodes table for each node in the domain. Also, the Configure button is activated.

  17. In the Runtime Node table, select the check box for your node and click Configure.

    The runtime application is configured into the environment.

  18. In a WebSphere cluster environment, configure each node in the cluster by repeating the previous step.
  19. When all nodes are configured, click the Load configuration changes to the Tivoli Federated Identity Runtime button.

    The button is located in the Current Domain portlet.

  20. Continue with the instructions the apply to your deployment:
    • In a WebSphere cluster environment, continue with Mapping the runtime to a Web server.
    • In a WebSphere non-clustered (standalone server) environment, the domain creation and deployment is now complete. Continue with the appropriate instructions for your scenario.
Parent topic: Domain configuration

Feedback