IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1

Integrating a BIO-key fingerprint reader

With the integration between BIO-key Biometric Service Provider (BSP) and IBM® Security Access Manager for Enterprise Single Sign-On, users can work with any biometric reader that is supported by BIO-key.

Before you begin

See "Requirements for authentication devices" in the IBM Security Access Manager for Enterprise Single Sign-On Planning and Deployment Guide for the supported software and version.

About this task

Only Administrators can integrate and deploy the BIO-key Biometric Service Provider (BSP) with IBM Security Access Manager for Enterprise Single Sign-On.

The BIO-key Biometric Service Provider deployment processes for the IMS Server and AccessAgent are different.

Deploying BIO-key Biometric Service Provider in the IMS Server

Set up the BIO-key Biometric Service Provider first in the IMS Server.

About this task

Repeat these steps for each Application Server.

Procedure

  1. Install the Native Library Invoker resource adapter.
  2. Install the BIO-key Biometric Service Provider drivers on the IMS Server.
    1. Start the BIO-key installer.
    2. In the BIO-key Reader Setup dialog box, select the manual setup of the biometric reader files option.
    3. Select the biometric reader files to use. Wait for the completion of the installation.
      Note: Selecting all biometric reader files might cause performance issues.
    4. Select the manual selection of biometric readers option.
    5. Select the biometric reader that you want from the list of installed readers.
    6. Complete the installation steps.
  3. Navigate to the IBM Security Access Manager for Enterprise Single Sign-On installation package.
  4. Open the deploymentPack.biometrics_<IMS Server version>\bio-key folder.
  5. Follow the steps in the README.txt to apply the deployment package for BIO-key.
    Note: Run as an Administrator in Windows Server 2008 or later.
  6. Restart the WebSphere Application Server.
  7. In AccessAdmin, set the machine policy Authentication second factors supported (pid_second_factors_supported_list) to Fingerprint.

    See the IBM Security Access Manager for Enterprise Single Sign-On Administrator Guide for more details.

Deploying BIO-key Biometric Service Provider in AccessAgent

After deploying BIO-key Biometric Service Provider in the IMS Server, you can now deploy BIO-key in AccessAgent.

Before you begin

You must install the BIO-key Biometric Service Provider before deploying Bio-key in AccessAgent. For more information about deploying BIO-key Biometric Service Provider, see Deploying BIO-key Biometric Service Provider in the IMS Server

Procedure

  1. Install the BIO-key Biometric Service Provider.
  2. Open the AccessAgent Installer folder.
  3. Navigate to the Customization folder. For example:
    32-bit
    <AccessAgent installer package>\{9713108D-08D5-474E-92A3-09CD7B63DB34}\Customization
    64-bit
    <AccessAgent installer package>\{E72C4028-45BB-4EE6-8563-3066EEB39A84}\Customization
  4. Copy FP3-BioKey.reg to the Reg folder in the Installation folder.
  5. Install AccessAgent.
    Note: The Bio-Key BSP installation creates registry settings in the Local Machine (HKLM) and Current User (HKCU) levels. AccessAgent uses only HKLM settings. HKCU settings are ignored even if these settings are set later by the user.
  6. Open the AccessAgent installation directory. For example, C:\Program Files\IBM\ISAM ESSO.
  7. Set ResetBioAPIPermissions in SetupHlp.ini to 1.
  8. On your Windows desktop, click Start > Run.
  9. In the Open field, enter regedit then click OK.
  10. Select HKLM\Software\IBM\ISAM ESSO\SOCIAccess\DSPList\{6EA4B6D4-8CDF-4C4E-8B40-CA6A20D0CD6B}\Devices\{5994DB8B-A2C3-4e0a-BC79-F274AE5ECC11}\UISPList\{68F86CB2-630B-4F15-9E2B-5A77B294E9E2} in the Registry Editor.
  11. Set the registry value Enabled to 1.
  12. Restart the computer.
  13. Optional: If you installed AccessAgent before BIO-key, follow these steps:
    1. Run FP3-BioKey.reg. This file is in the Customization folder under the AccessAgent installation folder. For example:
      32-bit
      aa-8.2.1.0100\{9713108D-08D5-474E-92A3-09CD7B63DB34}\Customization
      64-bit
      aa-8.2.1.0100_x64\{E72C4028-45BB-4EE6-8563-3066EEB39A84}\Customization
    2. Repeat steps 8 to 12.


Feedback