Use the IBM® Tivoli® Federated Identity Manager
Federation First Steps tool to configure and enable risk-based access.
Risk-based access is a component for IBM Tivoli Federated Identity Manager.
Risk-based access provides access decision and enforcement that is
based on a dynamic risk assessment or confidence level of a transaction.
Before you begin
Before you start the Federation First Steps tool, complete
the following steps:
- If you have a WebSphere® Application
Server clustered environment, you must create and configure a JNDI
context named jdbc/rba in WebSphere Application Server and create
the database schema for risk-based access. See Manually configuring the database.
- Install risk-based access. See Installing risk-based access.
- Configure the WebSEAL point of contact server for IBM Tivoli Federated
Identity Manager. See Configuring WebSEAL point of contact server for SAML
federation.
You must know the following information to complete the wizard:
- URL of the Point of Contact Server for IBM Tivoli Federated
Identity Manager
- URI of the IBM Tivoli Access Manager secure resource that
you want to protect with risk-based access
- WebSEAL instance name
Procedure
- Launch the Federation First Steps tool.
- Select Risk-based Access Configuration Wizard.
- Click Start. The tool scans your
existing configuration settings.
- Provide the information that is requested by the wizard.
- Optional: On the General Configuration
Settings page, select Configure Tivoli Access
Manager, if you want to set up IBM Tivoli Access
Manager environment so that it delegates authorization decisions to
risk-based access for your secure resources.
Note: If you
select this option, you must ensure that IBM Tivoli Access Manager is installed
and configured locally on the same system as IBM Tivoli Federated
Identity Manager.
- Specify the URL of the Point of Contact Server for IBM Tivoli Federated
Identity Manager, which is used for collecting attributes.
http://host_name/webseal-junction-name
For
example:http://mywebsealhost.company.com/FIM
After the configuration process is completed, the Risk-based
Access Configuration Summary page describes whether the
configuration failed or was successful.- If the configuration completes successfully, the next steps to
complete the setup for risk-based access are displayed on the Risk-based
Access Configuration Summary page. Follow the instructions
in the summary page to complete the IBM Tivoli Access Manager and external
authorization service (EAS) setup for your environment.
- If the configuration fails, the log and failure messages are displayed
on the Risk-based Access Configuration Summary page.
Use the details that are provided in the log and failure messages
to check where the configuration process failed and the probable causes
of failure. Resolve the configuration issues and run the Federation
First Steps tool again to configure risk-based access.
- Click Finish.
What to do next
After you complete all of the next steps that are specified
on the summary page, verify that risk-based access is configured correctly
on your system. See
Verifying the configuration.