A Tivoli® Federated Identity Manager domain is a deployment of the Tivoli Federated Identity Manager runtime component to either a WebSphere® single server or a WebSphere cluster.
There is one domain per WebSphere cluster. In a single server environment, there can be only one domain.
Each domain is managed independently. You can use the installation of the Tivoli Federated Identity Manager management console to manage multiple domains. You can manage only one domain at a time. The domain that is being managed is known as the active domain.
When Tivoli Federated Identity Manager is installed, no domains exist. Use the management console to create a domain. When you installed Tivoli Federated Identity Manager, the management service was deployed to a WebSphere server (single server mode) or WebSphere Deployment Manager (WebSphere cluster mode).
Connect with the management service and choose a WebSphere server or cluster to which you must deploy the Tivoli Federated Identity Manager runtime component. When the runtime is deployed and configured, you are ready to configure additional features such as federated single sign-on or Web services security management.
In a WebSphere Network Deployment environment, the deployment and configuration of the Tivoli Federated Identity Manager runtime to cluster members is an automated process. It is not necessary to perform additional installation of Tivoli Federated Identity Manager or Tivoli Access Manager software onto the WebSphere cluster computers.
The Tivoli Federated Identity Manager management service uses the application deployment services of the WebSphere Deployment Manager to deploy and configure the runtime application to distributed cluster members.
The management console provides a wizard to guide you through the creation of the domain. The following sections list the properties that the wizard prompts you to supply.
idp.example.com
WebSphere Application Server can optionally have global security enabled. When global security is enabled, the security properties must be configured for the Tivoli Federated Identity Manager management service. Global security is enabled in most deployments.
When you have installed Tivoli Federated Identity Manager on a computer that uses an existing WebSphere installation, the default path on Linux or UNIX is:
/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/etc/trust.p12
On Windows:
C:\Program Files\IBM\WebSphere\AppServer\
profiles\AppSrv01\etc\trust.p12
When you have installed embedded WebSphere as part of the Tivoli Federated Identity Manager installation, the default path on Linux or UNIX is:
/opt/IBM/FIM/ewas/profiles/
itfimProfile/etc/trust.p12
On Windows:
C:\Program Files\IBM\FIM\ewas\
profiles\AppSrv01\etc\trust.p12
The default password for the WebSphere key is:
WebAS
This keystore file is an optional configuration item. Some WebSphere deployments do not use an SSL Client Keystore file.
The domain wizard prompts for the WebSphere server or cluster name when creating a domain.
The server is a single server, not part of a cluster.
The default name is automatically built by the wizard. For example, on host named host1:
WebSphere:cell=host1Node01Cell,node=host1Node01,server=server1
The wizard prompts whether you want to configure into a Tivoli Access Manager environment. Do not configure into a Tivoli Access Manager environment if you are using a point of contact server other than WebSEAL. For example, do not configure into a Tivoli Access Manager environment if you are using WebSphere as a point of contact server.
The wizard presents the following prompt:
If you select this check box, specify the properties listed in the following table.
idp.example.com
idp.example.com