Troubleshooting
Problem
Configuration of Tivoli Access Manager for e-business 6.1.1 ( TAM ) Web Portal Manager ( WPM ) fails on WebSphere Application Server ( WAS ) version 8.
Symptom
Error message is shown on console when manually trying to configure WPM from the command line.
HPDBF0030W The JRE (/opt/IBM/WebSphere/AppServer//java/jre) is not
configured for the Tivoli Access Manager Runtime for Java.
Cause
Either PD.jar or some of the required property files ( PD.properties, PDJLog.properties, PDCA.ks ) are missing from the correct directories.
Environment
Problem was reproduced with RHEL 6.0, TAM 6.1.1.8, WAS 8.5.5. Initially problem occured on Solaris 10, TAM 6.1.1.8, WAS 8.5.0.2.
Diagnosing The Problem
Next error message is shown even after successful PDJrteCfg command on the console when manually trying to configure WPM.
HPDBF0030W The JRE (/opt/IBM/WebSphere/AppServer//java/jre) is not
configured for the Tivoli Access Manager Runtime for Java.
In this case log files about the configurations do not provide any additional information of the error.
Resolving The Problem
Verify that TAM is on level 6.1.1.3 at minimum. Configuring WAS , version 8, for Access Manager Java runtime ( PDJrte ) is supported starting from TAM 6.1.1 fixpack 3. In order to successfully deploy WPM on WAS 8 first manually configure PDJrte. Details of the configuration options for PDJrte can be found from the FP0003 ( or from later fixpack ) readme file which can be downloaded from Fix Central.
The actual syntax for each configuration command ( PDJrteCfg, amwpmcfg ) can be found from the TAM 6.1.1 product documentation, command reference guide ( see below Related Information ).
In the examples below the following values have been used:
Policy Server port = 7135 ( Policy Server default port )
Authorization Server port = 7136 ( Authorization Server default port )
WAS_HOME or waspath = /opt/IBM/WebSphere/AppServer
WAS port = 8880 ( Specifies the SOAP port number for the WAS )
Userid of WAS administrator = wasadmin
1) Set environment variables
export PATH=/opt/IBM/WebSphere/AppServer/java/jre/bin:$PATH
export JAVA_HOME=/opt/IBM/WebSphere/AppServer/java
2) Unconfigure WPM in case WPM deployment was already executed
/opt/PolicyDirector/sbin/amwpmcfg -action unconfig -admin_id sec_master -admin_pwd <password for the sec_master> -policysvr <IP or host name of the PolicyServer> -policysvr_port 7135 -waspath /opt/IBM/WebSphere/AppServer -was_host <IP or host name of the WAS> -was_port 8880 -was_admin_id wasadmin -was_admin_pwd <password for WAS admin> -trust_store /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/etc/trust.p12 -trust_store_pwd WebAS
3) Unconfigure Access Manager Runtime for Java
java -Dpd.home=/opt/PolicyDirector/ -cp /opt/PolicyDirector/java/export/pdjrte/PD.jar com.tivoli.pd.jcfg.PDJrteCfg -action unconfig -java_home /opt/IBM/WebSphere/AppServer/java/jre -host <IP or host name of the PolicyServer> -port 7135 -domain Default -config_type full
4) Check that the required subdirectory exists
Verify that PolicyDirector subdirectory is under <WAS_HOME>/tivoli/tam.
By default when installing WAS 8.x the following directory structure should exist in <WAS_HOME>/tivoli/tam. However, if for any reason the subdirectories are missing then manually create at least /PolicyDirector before executing the next step.
/PolicyDirector
/PolicyDirector/etc
/PolicyDirector/log
/PolicyDirector/nls
/PolicyDirector/nls/java
5) Configure PDJrte using -cfgfiles_path and -alt_config configuration options
java -Dpd.home=/opt/PolicyDirector/ -cp /opt/PolicyDirector/java/export/pdjrte/PD.jar com.tivoli.pd.jcfg.PDJrteCfg -action config -java_home /opt/IBM/WebSphere/AppServer/java/jre -host <IP or host name of the PolicyServer> -port 7135 -domain Default -config_type full -cfgfiles_path /opt/IBM/WebSphere/AppServer/tivoli/tam -alt_config
From the fixpack 3 readme file:
-cfgfiles_path {pd.cfg.home}
----------------------------
By default Websphere Application Server, Version 8, will locate its own
embedded PD.jar in a set location, WAS_HOME/tivoli/tam. This value must be
passed for {pd.cfg.home}, for example
"-cfgfiles_path /opt/IBM/WebSphere/AppServer/tivoli/tam".
This directory contains PD.jar and the "PolicyDirector" subdirectory
containing PD.properties. Websphere Application Server, Version 8, will also
include WAS_HOME/tivoli/tam in its java.ext.dirs property at startup so
PD.jar is available to the corresponding JVM. Thus no other location for
pd.cfg.home is usable by default.
-alt_config
-----------
Using -alt_config causes pdjrtecfg to look for PD.jar in the location
specified with -cfgfiles_path to update it as necessary. The -cfgfiles_path
must be set in order to use -alt_config.
-alt_config stops pdjrtecfg from modifying any files in the Websphere
Application Server JRE. Previously PD.jar was placed in the Websphere
Application Server JRE lib/ext/ directory and PolicyDirector/PD.properties
file was placed in the Websphere Application Server JRE directory.
As Websphere Application Server, Version 8, treats the associated Java as
read-only it is no longer possible to place these files, hence the new
configuration options.
6) Configure WPM
/opt/PolicyDirector/sbin/amwpmcfg -action config -admin_id sec_master -admin_pwd <password for the sec_master> -policysvr <IP or host name of the PolicyServer> -policysvr_port 7135 -authzsvr <IP or host name of the Authorization Server> -authzsvr_port 7136 -waspath /opt/IBM/WebSphere/AppServer -was_port 8880 -was_host <IP or host name of the WAS> -was_admin_id wasadmin -was_admin_pwd <password for WAS admin> -trust_store /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/etc/trust.p12 -trust_store_pwd WebAS
Related Information
Product Synonym
TAM;ITAM;ISAM
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21679124