Embed Size (px)
Citation preview
IBM Tivoli Access Manager for e-business
BEA WebLogic Server/I8O
f> 5.1
S152-0811-00
���
IBM Tivoli Access Manager for e-business
BEA WebLogic Server/I8O
f> 5.1
S152-0811-00
���
"b
Z9C>JO0d'VDz7.0,kDAZ 57 3D=< C, :yw;PDE"#
Z;f(2003 j 11 B)
>f>JCZ IBM Tivoli Access Manager V5.1.0(z7E 5724-C08)T0yPsx"PfM^)f,1=ZBf>P
mPyw*9#
© Copyright International Business Machines Corporation 2003. All rights reserved.
?<
0T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v>iDA_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v>iDZ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vvfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
"PE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viBase E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viWeb 2+TE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi*"_N< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii<u9d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii`Xvfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiZ_CJvfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
(z!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi*5m~'V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi>iP9CD<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Ve<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiYw53xp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Z 1 B riMEv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Tivoli Access Manager 2+T#M . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1+ Tivoli Access Manager k WebLogic Server /I . . . . . . . . . . . . . . . . . . . . . . 2
Tivoli Access Manager Security Service Provider Interface i~ . . . . . . . . . . . . . . . . . . 2_TMG+?p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4J4MG+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49C Tivoli Access Manager O$ . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
U>G<MsF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6I?T"ICTMIluT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Z 2 B 208>E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9\'V=( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9ELMZf*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9m~Hvu~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Tivoli Access Manager policy server . . . . . . . . . . . . . . . . . . . . . . . . . . 10Tivoli Access Manager Authorization Server . . . . . . . . . . . . . . . . . . . . . . . . 10Tivoli Access Manager WebSEAL r Tivoli Access Manager Plug-in for Web Servers . . . . . . . . . . 10BEA WebLogic Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Tivoli Access Manager Java KP1 . . . . . . . . . . . . . . . . . . . . . . . . . . 11
9C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11install_amwls !n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
9C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Z AIX O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Z HP-UX O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Z Solaris O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Z Windows O20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Z 3 B dC}L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Z 1 ?V:dC Tivoli Access Manager Java runtime environment . . . . . . . . . . . . . . . . . 17Z 2 ?V:* startWebLogic hC CLASSPATH . . . . . . . . . . . . . . . . . . . . . . . 18Z 3 ?V:dC Tivoli Access Manager for WebLogic . . . . . . . . . . . . . . . . . . . . . 19
9CXF()9 Web &CLrdC Tivoli Access Manager for WebLogic . . . . . . . . . . . . . . 19S|nPdC Tivoli Access Manager for WebLogic . . . . . . . . . . . . . . . . . . . . . 21
© Copyright IBM Corp. 2003 iii
Z 4 ?V:dC Tivoli Access Manager r . . . . . . . . . . . . . . . . . . . . . . . . . 229CXF()9 Web &CLrdC Tivoli Access Manager r . . . . . . . . . . . . . . . . . 22S|nPdC Tivoli Access Manager r . . . . . . . . . . . . . . . . . . . . . . . . . 22
Z 5 ?V:* BEA WebLogic Server %cG<xPdC . . . . . . . . . . . . . . . . . . . . 249C WebSEAL acdC%cG< . . . . . . . . . . . . . . . . . . . . . . . . . . . 249C Tivoli Access Manager Plug-in for Web Servers dC%cG< . . . . . . . . . . . . . . . . 25
Z 6 ?V:Z BEA WebLogic Server `~qw73(|(:/73)PdC Tivoli Access Manager for WebLogic 25Z 7 ?V:bTdC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Z 4 B tC%cG< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279C Tivoli Access Manager WebSEAL xP%cG< . . . . . . . . . . . . . . . . . . . . . 27
Z 5 B \mNq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Z Tivoli Access Manager Authorization server OtCZ(~q . . . . . . . . . . . . . . . . . . 29(} Tivoli Access Manager for WebLogic xPDC'Mi\m . . . . . . . . . . . . . . . . . . 309C]>&CLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309C<I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32}N%wG<_T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32>} Tivoli Access Manager r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33!{dC Tivoli Access Manager for WebLogic . . . . . . . . . . . . . . . . . . . . . . . . 34JOoO<I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
9CyZm%DG<1D%cG<'\ . . . . . . . . . . . . . . . . . . . . . . . . . 34WebLogic Server WvZfl# . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
V^ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Q*JbMd(=( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Z 6 B }%8>E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37S Solaris }% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37S Windows }% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37S AIX }% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38S HP-UX }% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
=< A. tTD~N<. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41amsspi.properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41rbpf.properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42amwlsjlog.properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
=< B. |nlYN<. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49AMWLSConfigure –action config . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50AMWLSConfigure –action unconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52AMWLSConfigure –action create_realm. . . . . . . . . . . . . . . . . . . . . . . . . . . 53AMWLSConfigure –action delete_realm. . . . . . . . . . . . . . . . . . . . . . . . . . . 55
=< C. yw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Lj . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Jcm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
w} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
iv IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
0T
6-9C IBM® Tivoli® Access Manager for BEA® WebLogic Server®(TBF* Tivoli
Access Manager for WebLogic)#>z7)9K IBM Tivoli Access Manager D&\9
d'V* BEA WebLogic Server `4D&CLr#
IBM® Tivoli® Access Manager(Tivoli Access Manager)GZ IBM Tivoli Access Manager
z7W~PKP&CLryhDy!m~#|'V/ICZa)cs6'DZ(M\
mbv=8D IBM Tivoli Access Manager &CLr#b)z7w*/Ibv=8v[;
|Ga);VCJXF\mbv=8,bV=8*gSLq&CLr/PKxgM&
CLr2+T_T#
":IBM Tivoli Access Manager GH0"PDF* Tivoli SecureWay® Policy Director
m~DB{F#,y,TZl$ Tivoli SecureWay Policy Director m~MD5DC
',management server VZF* policy server#
6IBM Tivoli Access Manager for WebLogic Server C'8O7a)aO BEA WebLogic
Server 9C IBM Tivoli Access Manager D20"dCM\mD8>E"#
>iDA_
>\m8OD?jA_|(:
v 2+\m1
v xg53\m1
v IT hFK1
A_&l$TBZ]:
v rXx-i,|( HTTP"TCP/IP"D~+d-i(FTP)M Telnet
v WebLogic Server 53D?pM\m
v 2+\m,|(O$MZ(
g{tC2+WSVc(SSL)(E,9&l$ SSL -i"\?;;(+CM(C)"
}V){"S\c(MO$PD#
>iDZ]
>D5|,TBBZ:
v Z 1 B,:riMEv;
xv Tivoli Access Manager for WebLogic a)DO$MZ(~qDEv#
v Z 2 B,:208>E";
hvgN20 Tivoli Access Manager for WebLogic#
v Z 3 B,:dC}L;
hvgNdC Tivoli Access Manager for WebLogic#
v Z 4 B,:\mNq;
© Copyright IBM Corp. 2003 v
hvgN9C]>&CLr,"a)9C<I"JOoOE"MV^T#
v Z 5 B,:}%8>E";
hvgN}% Tivoli Access Manager for WebLogic#
vfo
4iT Tivoli Access Manager b"X8vfoT0`XvfoDhvT7(D)vf
oI\TzPoz#Z7(zh*Dvfo.s,kN<Z_CJvfoD8>E
"#
XZ IBM Tivoli Access Manager for e-business z7>mD=SE"IZTBX7R
=:
http://www.ibm.com/software/tivoli/products/access-mgr-e-bus/
Tivoli Access Manager b;i/*TB`p:
v :"PE";
v :Base E";
v :Web 2+TE";
v Z vii 3D:*"_N<;
v Z viii 3D:<u9d;
"PE"
v 6IBM Tivoli Access Manager for e-business kHDA7(G152-0804-00)
a)XZ20M*<9C Tivoli Access Manager DE"#
v 6IBM Tivoli Access Manager for e-business "P5w7(G152-0805-00)
a)}gm~V^"d(=(MD5|BDnB;FE"#
Base E"
v 6IBM Tivoli Access Manager Base 208O7(S152-0806-00)
5wgN20MdC Tivoli Access Manager Base m~,|( Web Portal Manager
SZ#CiG6IBM Tivoli Access Manager for e-business Web Security 208O7
DS/,<Zkd| Tivoli Access Manager z7(g IBM Tivoli Access Manager
for Business Integration M IBM Tivoli Access Manager for Operating Systems);
p9C#
v 6IBM Tivoli Access Manager Base \m8O7(S152-0807-00)
hv9C Tivoli Access Manager ~qDEnM}L#a)S Web Portal Manager g
fT0(}9C pdadmin |n4PNqD8>E"#
Web 2+TE"
v 6IBM Tivoli Access Manager for e-business Web Security 208O7(S152-0808-00)
a)PX Tivoli Access Manager Base m~T0 Web Security i~D20"dCM
}%8>E"#CiG6IBM Tivoli Access Manager Base 208O7D,/#
v IBM Tivoli Access Manager Upgrade Guide(SC32-1369-00)
vi IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
5wgNS Tivoli SecureWay Policy Director V3.8 r Tivoli Access Manager DH
0f>}6= Tivoli Access Manager V5.1#
v 6IBM Tivoli Access Manager for e-business WebSEAL \m8O7(S152-0809-00)
a)9C WebSEAL \m2+ Web rPJ4D30JO"\m}LM<uN<E
"#
v 6IBM Tivoli Access Manager for e-business IBM WebSphere Application Server /
I8O7(S152-0810-00)
a)CZ+ Tivoli Access Manager k IBM WebSphere® Application Server xP/
ID20"}%M\m8>E"#
v IBM Tivoli Access Manager for e-business IBM WebSphere Edge Server Integration
Guide(SC32-1367-00)
a)CZ+ Tivoli Access Manager k IBM WebSphere Edge Server &CLrxP
/ID20"}%M\m8>E"#
v 6IBM Tivoli Access Manager for e-business Plug-in for Web Servers /I8O7
(S152-0813-00)
a)9C Plug-in for Web Servers #$ Web r2+D208>E""\m}LM
<uN<E"#
v 6IBM Tivoli Access Manager for e-business BEA WebLogic Server /I8O7
(S152-0811-00)
a)CZ+ Tivoli Access Manager k BEA WebLogic Server xP/ID20"}
%M\m8>E"#
v IBM Tivoli Access Manager for e-business IBM Tivoli Identity Manager Provisioning
Fast Start Guide(SC32-1364-00)
a)k+ Tivoli Access Manager k Tivoli Identity Manager xP/I`XDNqD
Ev,"5wgN9CM20 Provisioning Fast Start /O#
*"_N<
v IBM Tivoli Access Manager for e-business Authorization C API Developer
Reference(SC32-1355-00)
a)hvgN9C Tivoli Access Manager Z( C API M Tivoli Access Manager ~
qe~SZ+ Tivoli Access Manager 2+TmS=&CLrPDN<JO#
v IBM Tivoli Access Manager for e-business Authorization Java Classes Developer
Reference(SC32-1350-00)
a)9CZ( API D Java™ oT5V'V&CLr9C Tivoli Access Manager 2
+TDN<E"#
v IBM Tivoli Access Manager for e-business Administration C API Developer
Reference(SC32-1357-00)
a)XZ9C\m API 'V&CLr4P Tivoli Access Manager \mNqDN<
E"#>D5hv\m API D C 5V#
v IBM Tivoli Access Manager for e-business Administration Java Classes Developer
Reference(SC32-1356-00)
a)9C\m API D Java oT5V'V&CLr4P Tivoli Access Manager \m
NqDN<E"#
0T vii
v IBM Tivol i Access Manager for e-bus iness Web Secur i ty Deve loper
Reference(SC32-1358-00)
a)PXgrO$~q(CDAS)"gr3dr\(CDMF)T0\kS?#iD\
mM`LE"#
<u9d
v IBM Tivoli Access Manager for e-business Command Reference(SC32-1354-00)
a)XZ Tivoli Access Manager a)D|nP5CLrME>DE"#
v IBM Tivoli Access Manager Error Message Reference(SC32-1353-00)
a) Tivoli Access Manager yzz{"D5wMFvDYw#
v IBM Tivo l i Acces s Manager for e -bus ines s Prob lem Determina t ion
Guide(SC32-1352-00)
a) Tivoli Access Manager DJb7(E"#
v 6IBM Tivoli Access Manager for e-business T\w{8O7(S152-0812-00)
a)IT IBM Tivoli Directory Server w*C'"amD Tivoli Access Manager y
9ID73DT\w{E"#
`Xvfo
>ZPvk Tivoli Access Manager b`XDvfo#
Tivoli Software Library a)KwV Tivoli vfo,}gW$i"}]m"]>"
Redbooks Myw/#Tivoli Software Library ITSTB Web >cOq!:
http://www.ibm.com/software/tivoli/library/#
Tivoli Software Glossary |,m`k Tivoli m~`XD<uuoD(e#Tivoli Software
Glossary(v"of)ISTB Tivoli Software Library Web 3fOs_D Glossary4Sq!:http://www.ibm.com/software/tivoli/library/#
IBM Global Security KitTivoli Access Manager (}9C IBM Global Security Kit(GSKit)V7.0 a)}]S
\#GSKit |,ZT&ZzX(=(D IBM Tivoli Access Manager Base CD"IBM Tivoli
Access Manager Web Security CD"IBM Tivoli Access Manager Web Administration
Interfaces CD M IBM Tivoli Access Manager Directory Server CD O#
GSKit m~|a) iKeyman \?\m5CLr gsk7ikm,|CZ4(\?}]b"+
C-(C\?TT0$iks#TBD5IS Tivoli Information Center Web >cOk
IBM Tivoli Access Manager z7D5`,D?VPR=:
v IBM Global Secur i ty Ki t Secure Sockets Layer and iKeyman User’s
Guide(SC32-1363-00)
a)KF.Zd Tivoli Access Manager 73PtC SSL (EDxgr532+\
m1DE"#
IBM Tivoli Directory ServerIBM Tivoli Directory Server V5.2 |,ZT&ZZ{DYw53D IBM Tivoli Access
Manager Directory Server CD O#
":IBM Tivoli Directory Server GH0"PD{FgBDm~DB{F:
viii IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
v IBM Directory Server(V4.1 M V5.1)
v IBM SecureWay Directory Server(V3.2.2)
IBM Directory Server V4.1"IBM Directory Server V5.1 M IBM Tivoli Directory Server
V5.2 <\ IBM Tivoli Access Manager V5.1 D'V#
XZ IBM Tivoli Directory Server D=SE"IZTBX7R=:
http://www.ibm.com/software/network/directory/library/
IBM DB2 (C}]bIBM DB2® Universal Database™((C}]b)s5~qwff> 8.1 Z IBM Tivoli
Access Manager Directory Server CD Oa),"k IBM Tivoli Directory Server m~
;p20#Z+ IBM Tivoli Directory Server"z/OS™ r OS/390® LDAP ~qww*
Tivoli Access Manager DC'"am9C1,DB2 GXhD#
XZ DB2 D=SE"IZTBX7R=:
http://www.ibm.com/software/data/db2/
IBM WebSphere Application ServerIBM WebSphere Application Server, Advanced Single Server Edition 5.0 |,ZT&Z
Z{DYw53D IBM Tivoli Access Manager Web Administration Interfaces CD O#
WebSphere Application Server tCT Web Portal Manager SZ(CZ\m Tivoli Access
Manager)M Web \m$_(CZ\m IBM Tivoli Directory Server)b=_D'V#
IBM WebSphere Application Server Fix Pack 2 2G Tivoli Access Manager yXhD,
"Z IBM Tivoli Access Manager WebSphere Fix Pack CD Oa)#
XZ IBM WebSphere Application Server D=SE"IZTBX7R=:
http://www.ibm.com/software/webservers/appserv/infocenter.html
IBM Tivoli Access Manager for Business IntegrationIBM Tivoli Access Manager for Business Integration w*I%@):Dz7,|* IBM
MQSeries® V5.2 M V5.3 {"D IBM WebSphere® MQ a)K2+Tbv=8#IBM
Tivoli Access Manager for Business Integration 'V WebSphere MQSeries &CLr(
}9Ck"MMSU&CLrX*D\?=\X"Rj{X"M}]#s WebSEAL M
IBM Tivoli Access Manager for Operating Systems ;y,IBM Tivoli Access Manager
for Business Integration G9C IBM Tivoli Access Manager ~qDJ4\mw.;#
XZ IBM Tivoli Access Manager for Business Integration D=SE"IZTBX7R
=:
http://www.ibm.com/software/tivoli/products/access-mgr-bus-integration/
TBk IBM Tivoli Access Manager for Business Integration V5.1 `XDD5IZ Tivoli
Information Center Web >cOR=:
v 6IBM Tivoli Access Manager for Business Integration \m8O7(S152-0085-01)
v 6IBM Tivoli Access Manager for Business Integration Jb7(8O7(G152-0676-00)
v 6IBM Tivoli Access Manager for Business Integration "P5w7(G152-0518-01)
0T ix
v 6IBM Tivoli Access Manager for Business Integration kHDA7(G152-0675-00)
IBM Tivoli Access Manager for WebSphere BusinessIntegration BrokersIBM Tivoli Access Manager for WebSphere Business Integration Brokers w* IBM Tivoli
Access Manager for Business Integration D;?Vxa),* WebSphere Business
Integration Message Broker V5.0 M WebSphere Business Integration Event Broker V5.0
a)K2+Tbv=8#IBM Tivoli Access Manager for WebSphere Business Integration
Brokers (}a)yZ\kM>$DO$"/P(eDZ(MsF~q4k Tivoli Access
Manager -,KPT#$ JMS "</$)&CLr#
XZ IBM Tivoli Access Manager for WebSphere Integration Brokers D=SE"IZ
TBX7R=:
http://www.ibm.com/software/tivoli/products/access-mgr-bus-integration/
TBk IBM Tivoli Access Manager for WebSphere Integration Brokers V5.1 `XDD
5IZ Tivoli Information Center Web >cOR=:
v 6IBM Tivoli Access Manager for WebSphere Business Integration Brokers \m8O7
(S152-0793-00)
v 6IBM Tivoli Access Manager for WebSphere Business Integration Brokers "P5w7
(G152-0794-00)
v 6IBM Tivoli Access Manager for Business Integration kHDA7(G152-0675-00)
IBM Tivoli Access Manager for Operating SystemsIBM Tivoli Access Manager for Operating Systems w*I%@):Dz7,|a)}
K>zYw53ya)DTbZ UNIX 53ODZ(_Tv?c#IBM Tivoli Access
Manager for Operating Systems s WebSEAL M IBM Tivoli Access Manager for Business
Integration ;y,G9C IBM Tivoli Access Manager ~qDJ4\mw.;#
XZ IBM Tivoli Access Manager for Operating Systems D=SE"IZTBX7R=:
http://www.ibm.com/software/tivoli/products/access-mgr-operating-sys/
TBk IBM Tivoli Access Manager for Operating Systems V5.1 `XDD5IZ Tivoli
Information Center Web >cOR=:
v 6IBM Tivoli Access Manager for Operating Systems 208O7(S152-0190-00)
v 6IBM Tivoli Access Manager for Operating Systems \m8O7(S152-0571-00)
v 6IBM Tivoli Access Manager for Operating Systems Jb7(8O7(S152-0179-00)
v 6IBM Tivoli Access Manager for Operating Systems "P5w7(G152-0185-00)
v 6IBM Tivoli Access Manager for Operating Systems kHDA7(G152-0186-00)
IBM Tivoli Identity ManagerIBM Tivoli Identity Manager V4.5 w*I%@):Dz7xa),9zIT/P\mC
'(gC'j6M\k)M)&(a)r7zT&CLr"J4rYw53DCJ)#
Tivoli Identity Manager IT(}9C Tivoli Access Manager zmLrxk Tivoli Access
Manager /IZ;p#k*5zD IBM M'zmTq!XZ:rCzmLrD|`E
"#
x IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
XZ IBM Tivoli Identity Manager D=SE"IZTBX7R=:
http://www.ibm.com/software/tivoli/products/identity-mgr/
Z_CJvfo
TB Tivoli Software Library PZ_a)>z7DIF2D5q=(PDF)M/r,D
>jGoT(HTML)q=Dvfo:http://www.ibm.com/software/tivoli/library
*ZbPR=z7vfo,k%wb3fs`D Product manuals 4S#;sZ Tivoli
software information center 3fOR="%wz7{F#
z7vfo|("P5w"208O"C'8O"\m18OT0*"_N<s+#
":*7#\}7r! PDF vfo,kZ Adobe Acrobat0r!10Z(I(}%w
D~ → r!4T>C0Z)P!qJO3f4!r#
(z!n
(z!n&\oz_PmePO(gP/;crS&O-)DC'I&9CwVm~
z7#TZKz7,zIT9C(z<u4v}M/@gf#2I9C|L!zsj
4Yw<NC'gfDyP&\#
*5m~'V
ZM3;Jb*5 IBM Tivoli m~'V.0,k%w;ZTB Web >cD Tivolisupport 4STCJ IBM Tivoli m~'V>c: http://www.ibm.com/software/support/
g{h*d|oz,rk(}9CTB Web >cD IBM Software Support Guide Py
hvD=(4*5m~'V: http://techsupport.services.ibm.com/guides/handbook.html
C8Oa)KTBE":
v XZSU'VD"aMJq*s
v g0Ek(y]zyZDzRrXx)
v *5M''V.0&U/D;5PE"
>iP9CD<(
>N<TXbuoMYwT0!vZYw53D|nM769CKtI<(#
Ve<(
>N<P9CKTBVM<(:
VeV QTk\'D>xVD!4|nrs!4lO|n"X|V"N}"!n"
Java `{T0TsyTVeVT>#
1eV d?"vfojbM?wDXb%JrLoyT1eVT>#
HmVM
zk>}"|nP"A;dv"QTk\'D>xVDD~0?<{"53{
""C'XkdkDD>T0N}r|n!nD5yTHmVMT>#
0T xi
Yw53xp
>iTZ8(73d?M?<{E9CK UNIX <(#9C Windows |nP1,TZ
73d?kC %variable% f; $variable,"C41\(\)f;?<76PD?v}1
\(/)#g{Z Windows 53O9C bash shell,rIT9C UNIX <(#
xii IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
Z 1 B riMEv
Tivoli Access Manager for WebLogic G Tivoli Access Manager D)9,|9C Tivoli
Access Manager D2+&\,#$T BEA WebLogic Server &CLrDCJ#(}9
C BEA WebLogic Server Security Service Provider Interface,Tivoli Access Manager
for WebLogic 9C Tivoli Access Manager \mDC'"am4O$M'z#IBM Tivoli
Access Manager WebSEAL(WebSEAL)r IBM Tivoli Access Manager Plug-in for Web
Servers IC4)9 Tivoli Access Manager for WebLogic D2+&\,T*nUC'
%cG<a)'V#
Tivoli Access Manager for WebLogic 9 WebLogic Server &CLr\;9C Tivoli
Access Manager 2+T,x;h*NN`kr?p|D#
XkZ20 Tivoli Access Manager for WebLogic 0?p Tivoli Access Manager 2+
r#
T Tivoli Access Manager 0zDC'Z?p2+r.0&14i Tivoli Access Manager
2+T#M#K&a)KT2+T#MDr%**#
Tivoli Access Manager 2+T#M
Tivoli Access Manager G;vj+DZ(Mxg2+T_T\mDbv=8,|TXm
OV"DZ?xMb?xDJ4a)KKTK#$#
Tivoli Access Manager DX+ZZ|GG#HxD2+T_T\m#Kb,|9'VO
$"Z("}]2+TMJ4\m&\#+ Tivoli Access Manager kj<DyZrX
xD&CLraO9C,I9(_H2+R<C\mDZ?xMb?x#
ZdKD,Tivoli Access Manager a):
v O$r\
Tivoli Access Manager 'Vc:DO$zF,|(:$i"y>O$"m%M HTTP
7#
v Z(r\
Tivoli Access Manager a)Z(_T\mDr\#Z(_TG/P\mD"+T/V
"={vs56'ZDwCJ5)c#Tivoli Access Manager Z(~qT>z Tivoli
Access Manager ~qwMZ}=&CLrDCJksa)mIM\xv_#
WebSEAL GCZyZ Web DJ4D Tivoli Access Manager J42+T\mw#
WebSEAL G;V_T\"`_LD Web ~qw,|+8#H2+T&C=\#$D
Web J4#
Tivoli Access Manager Plug-in for Web Servers k Tivoli Access Manager /I,T*
zD Web J4a)j{D2+Tbv=8#Ke~w*k Web ~qw`,DxLD
;?VKP,9X=oD?vks"7(Gqh*Z(v_"*C'O$a)=(
(g{X*)#
© Copyright IBM Corp. 2003 1
Tivoli Access Manager Plug-in for Web Servers M WebSEAL yIa)%cG<bv
=8,"+ Web &CLrJ4"k|GD2+_T#
(}4i IBM Tivoli Access Manager DD5,zITKbXZ Tivoli Access Manager
D|`E",|(F(?pv_yhDE"#>vfoD0T|,K`X Tivoli Access
Manager D5DPm#
+ Tivoli Access Manager k WebLogic Server /I
Tivoli Access Manager for WebLogic V5.1 'V:
v BEA WebLogic Server V7.0 SP2
v BEA WebLogic Server V8.1 SP1
Tivoli Access Manager for WebLogic V5.1 (}9C Security Service Provider
Interface(SSPI)4* BEA WebLogic Server a)j+2+Tr\#
":Tivoli Access Manager for WebLogic V5.1 ;'V BEA WebLogic Server (Fr#
'V BEA WebLogic Server (FrG Tivoli Access Manager for WebLogic V4.1
D;?V#
BEA WebLogic Server *Z}=2+a)Lr(}g Tivoli Access Manager for
WebLogic)a) SSPI,T+|GD2+&\^l/I= BEA WebLogic Server e5
a9P#
Tivoli Access Manager Security Service Provider Interfacei~
Tivoli Access Manager for WebLogic C?v BEA WebLogic Server 2+r(domain)
4fz4(D1!2+r(realm),"a)TB BEA WebLogic Server 2+a)Lr:
v O$a)Lr
v Z(a)Lr
v G+3da)Lr
Tivoli Access Manager for WebLogic 9C1! BEA WebLogic Server >$3d2+
a)LrM1! keystore#
TOPvD?va)Lr9|,(} WebLogic XF(tCdC`-D Management
Bean(MBean)#TBwZj8hvKb)a)LrM MBean PD?;vya)D&
\#
Tivoli Access Manager a)k BEA WebLogic Server DTB/Ic:
O$a)Lr
Tivoli Access Manager for WebLogic O$a)Lr5V BEA WebLogic Server r%
O$#Zr%O$P,C'"T9CC'{M\kDiO4r BEA WebLogic Server O
$#KC'{M\kI Tivoli Access Manager 9C Tivoli Access Manager Java KP
1i~4li#
2 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
Tivoli Access Manager for WebLogic 9a)|T:DCZa) WebSEAL r Tivoli
Access Manager Plug-in for Web Servers %cG<&\DG<#i#Z 27 3DZ 4 B,
:tC%cG<;|,tC%cG<&\Dj8E"#
Tivoli Access Manager for WebLogic DO$a)LrI8vi~iI:
v O$a)Lr
+ IBM Tivoli Access Manager for WebLogic Server O$a)Lr/I= WebLogic
Security Framework P#
v Java O$MZ(~q(JAAS)G<#i
4Pr%M%cG<O$# JAAS G<#i5X;v;2kwe(CweI JAAS j
<8()Dwb# Tivoli Access Manager for WebLogic a)|T:DG<#i,C
#i9C Tivoli Access Manager Java KP1i~4r Tivoli Access Manager
authorization server O$#
v O$ MBean
(} WebLogic XF(tCO$a)LrDdC#|9JmC'4PC'"am\m
Nq,}g9C Tivoli Access Manager for WebLogic XF()94mSM>}C'#
Z(a)Lr
Z(a)LrZ BEA WebLogic Server Mb?Z(~q.da)SZ#Z(a)Lr
7(GmI9G\xT BEA WebLogic Server J4DCJ#CJv(G9Cf Tivoli
Access Manager Java KP1i~V"D PDPermission `4wvD#
Tivoli Access Manager for WebLogic DZ(a)LrITBi~iI#
v Z(a)Lr
+Z(a)Lr/I= WebLogic Security Framework P#}XFT BEA WebLogic
Server J4DCJb,Tivoli Access Manager for WebLogic Z(a)Lr9&m_
TD?p(+_T?p= Tivoli Access Manager TsUdP)M_TD}%(S
Tivoli Access Manager TsUdP}%_T)#
v Z( MBean
(} WebLogic XF(tCZ(a)LrDdC#2aZxP;)Yw(}g(}
WebLogic XF(4(M>}_T)1wCZ(a)Lr#
G+3da)Lr
G+3da)LrCZZ BEA WebLogic Server M}ZC4\mG+Db?Z(~q
.da)SZ#G+3da)LrX"DGG+x;G_T(_TGZ(a)LrD
0p)#
G+3da)LrITBi~iI:
v G+3da)Lr#
+G+3da)Lr/I= WebLogic Security Framework P#Tivoli Access Manager
for WebLogic G+3da)Lr:pG+D?pM}%#
v G+3d MBean#
(} WebLogic XF(tCG+3da)LrDdC#2aZxP;)Yw(}g(
} WebLogic XF(>}G+44(M|BG+I1Jq)1wCG+3da)L
r#
Z 1 B riMEv 3
_TMG+?p
_TMG+IZ?phv{P(er(} WebLogic XF(4(#?p J2EE &CLr
s,Z&CLr?phv{Z(eDG+M_Ta;<v= Tivoli Access Manager \
#$TsUd#
!\PI\,+T;#{9C Tivoli Access Manager \m5CLr pdadmin r Tivoli
Access Manager Web Portal Manager 4P_T4(#Zt/}Z9C Tivoli Access
Manager for WebLogic D BEA WebLogic Server 0,Z Tivoli Access Manager P4
(;)1!_TGX*D#KYwZ Tivoli Access Manager for WebLogic dC}L(Z
Z 17 3DZ 3 B, :dC}L;P-GK Tivoli Access Manager for WebLogic dC
Dj8E")P4P#
J4MG+
BEA WebLogic Server (eKm`;,DJ4`M,b)J4`M<\ Tivoli Access
Manager for WebLogic 'V#yPDJ4`MZ Tivoli Access Manager for WebLogic
Z<;O*G`,D,rK* BEA WebLogic Server Dsx"Pfx4(DBJ4`
M+;T/'V#
*yPJ4`M(eD_TMG+<T3;==f"Z Tivoli Access Manager \#$
TsUdP#
IST#$D\'VD BEA WebLogic Server J4D10Pm*:
v \mJ4
v &CLrJ4
v COM J4
v EIS J4
v EJB J4
v JDBC J4
v JMS J4
v ~qwJ4
v URL J4
v Web ~qJ4
Z Tivoli Access Manager \#$TsUdPTBPq=m>J4:
/WebAppServer/WLS/Resources/wls_domain/wls_realm/resource_type/Details
Z Tivoli Access Manager \#$TsUdPTBPq=m>G+:
/WebAppServer/WLS/Roles/wls_domain/wls_realm/role_name/AppName
I9CC Tivoli Access Manager for WebLogic dCDtTD~Tb) Tivoli Access
Manager \#$Ts]w{xPj+dC#rKI+yP BEA WebLogic Server Md
|&CLr~qwdC=,;v Tivoli Access Manager r#byMIT*yPD&C
Lr~qw`M4(G+M_TD/P;C#
4 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
9C Tivoli Access Manager O$
Tivoli Access Manager ICZ*b?C'rZ?C'a)O$#b?C'DO$@5Z
WebSEAL r Tivoli Access Manager Plug-in for Web Servers D%cG<\&#*K
q!nQDxg2+T,?v(} WebSEAL r Tivoli Access Manager Plug-in for Web
Servers SU4Tb?C'CJksD WebLogic Server,<;&1S\4TZ?C'D
CJks#TBwZhvKgNTb?MZ?C'&mO$#
C WebSEAL O$b?C'
B<T>K&m4Tb?C'"*T\#$J4xPCJDksD#M#
TBPmhvKO<T>D}L#
1. 3b?C'ksCJ\#$J4#CksZxks5D2+xg.0; WebSEAL S
U#
2. WebSEAL Z Tivoli Access Manager 2+rP9XCC'ks"O$CC'#
WebSEAL 'VTBO$=(:C'{M\k"$i"C'{M RSA 2+j6,r
_3V(FO$zF#
WebSEAL y]ksD URL M Tivoli Access Manager CJ_T&CdTmDZ(
v_#WebSEAL IT&C;)"bBn,}gJ'P'T"?U1dMO$zF#
3. ;)TCC'D URL ksxPZ(,WebSEAL c+Cks*"A WebLogic
Server#Cks+b?C'{MXb\k|,Zy>O$7P#KXb\ktZ
sso_user,|9 Security Service Provider Interface IT+ WebSEAL 7O*ksD
p4#
PX sso_user D|`E",kNDZ 17 3DZ 3 B, :dC}L;#
4. WebLogic ~qw+-}O$DC'm]M\k8wX+]x Security Service Provider
Interface#
5. Security Service Provider Interface 9C Tivoli Access Manager O$~qi$TZ
Ov sso_user,WebSEAL a)D\kGq}7#MG5,K\ka)KTCksD
44G WebSEAL DENDy!#
< 1. Tivoli Access Manager Tb?C'a)%cG<O$
Z 1 B riMEv 5
VZCksQ-Mw,ITZ(#
O$Z?C'
B<T>K&mZ?C'(;h*(} WebSEAL re~2+T)*T\#$J4xP
CJDksD#M:
TBPmhvKO<T>D}L#
1. 3Z?C'ksCJ\#$J4#
2. WebLogic C'O$#i+CC'm]"M= Security Service Provider Interface#
3. Security Service Provider Interface +CO$ks"M=C'"am#
g{O$I&,r Security Service Provider Interface +CC'{w*QO$C'5
Xx WebLogic Server#
4. *xksZ(,BEA WebLogic Server i/ Tivoli Access Manager for WebLogic
Z(a)Lr,Ca)Lr7(GqQZ(10QO$C'(2mG4O$C')
CJyksDJ4#
CJ(IT Tivoli Access Manager Authorization Server(|!q;Z(CJJ4D
G+"7(Gq+b)G+PDNN;vZh10QO$C')DwCv(#
U>G<MsF
Z Tivoli Access Manager for WebLogic ZDU>G<If Tivoli Access Manager Java
KP1i~V"D IBM JLog `&m#(}9C Tivoli Access Manager for WebLogic
Mf Tivoli Access Manager for WebLogic a)D JLog properties D~,I+ JLog
`dC*9C BEA WebLogic Server U>G<`#b9C Tivoli Access Manager for
WebLogic I+B~1SG<= WebLogic U>D~P#
< 2. Tivoli Access Manager (FrTZ?C'a)O$
6 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
I?T"ICTMIluT
Tivoli Access Manager for WebLogic 9C Tivoli Access Manager Java KP1`4Y
w Tivoli Access Manager \#$Ts}]bMC'"am#Z? Tivoli Access Manager
for WebLogic _Y:fI*CJv(a)T\Dx#
Tivoli Access Manager Java KP1`'V Tivoli Access Manager authorization server
JO*F#g{w authorization server @#,rT/"z=(z~qwDJO*F#
FvD73hCG9C4FD acld M Tivoli Access Manager for WebLogic Z(~q#
I9C Tivoli Access Manager Policy Server rf Tivoli Access Manager for WebLogic
a)D Tivoli Access Manager Authorization Server Z(~q4wvCJv(#
IZ%;JOcMT\Jb,Tivoli Access Manager Policy Server dC;\ZbT73
P9C#Z(~qG(*Zzz73P9Cx*"D#PX|`j8E",kNDZ
29 3D:Z Tivoli Access Manager Authorization server OtCZ(~q;#
Z 1 B riMEv 7
8 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
Z 2 B 208>E"
>B|,TBwb:
v :\'V=(;
v :ELMZf*s;
v Z 10 3D:m~Hvu~;
v Z 11 3D:9C20r<20;
v Z 14 3D:9C>z5CLr20;
\'V=(
Tivoli Access Manager for WebLogic V5.1 'V:
v BEA WebLogic Server V7.0 SP2
v BEA WebLogic Server V8.1 SP1
Tivoli Access Manager for WebLogic ZK"PfP;'V(Fr#xK/I'V BEA
WebLogic Server Security Service Provider Interface(SSPI)#
Tivoli Access Manager for WebLogic ZTBYw53O\'V:
v IBM AIX 5.1
v Sun Solaris 8 M 9
v Hewlett-Packard HP-UX 11.0 M 11i(v BEA WebLogic Server V7.0)
v Microsoft Windows 2000 Server M Advanced Server(Service Pack 3)
":Tivoli Access Manager for WebLogic 'V53ZtC Java 2 Security Manager D
ivBKP#Java _TD~fm~a),Cm~|( Java 2 Security Manager K
PyXhDX(zkbDmI(#
ELMZf*s
Tivoli Access Manager for WebLogic _PTBELMZf*s:
v 64 MB RAM((i 128 MB)#
bG} BEA WebLogic Server Md|NN Tivoli Access Manager i~8(DZf
*s.b9hDZf?#=SD 64 MB RAM CZE/_Y:fT\#
d| Tivoli Access Manager i~yhDZf?+!vZD) Tivoli Access Manager
i~20Zwz53O#XZ|`E",kND6IBM Tivoli Access Manager Base 2
08O7#
v 2 MB ELUd((i 4 MB)#
K*sG} BEA WebLogic Server Md|NN Tivoli Access Manager i~yhD
ELUd.b9hDELUd#
v 5 MB ELUd(CZU>D~)#
KELUdG}m~i~yhDELUd.b9hDELUd#
© Copyright IBM Corp. 2003 9
m~Hvu~
I&20 Tivoli Access Manager for WebLogic h*TBBZhvDHvu~:
v :Tivoli Access Manager policy server;
v :Tivoli Access Manager WebSEAL r Tivoli Access Manager Plug-in for Web
Servers;
v Z 11 3D:BEA WebLogic Server;
v Z 11 3D:Tivoli Access Manager Java KP1;
Tivoli Access Manager policy server20 Tivoli Access Manager for WebLogic .0Xk(" Tivoli Access Manager 2+
r#
20 Tivoli Access Manager policy server 1,+(" Tivoli Access Manager 2+r#
K policy server GZzYw53D IBM Tivoli Access Manager Base CD OV"D#
(#,Tivoli Access Manager policy server 20Z;,Zw\ Tivoli Access Manager
for WebLogic D53O#
Tivoli Access Manager Authorization ServerTivoli Access Manager Authorization Server &k BEA WebLogic Server M Tivoli Access
Manager for WebLogic 20Z,;(wzO#
authorization server * BEA WebLogic Server a)T Tivoli Access Manager Z(~
qDCJ(#authorization server 9d1U>G<MsFU/~qw4f"~qwn/
DG<#
Tivoli Access Manager WebSEAL r Tivoli Access ManagerPlug-in for Web Servers
Tivoli Access Manager WebSEAL(WebSEAL)M Tivoli Access Manager Plug-in for
Web Servers(e~)a)II Tivoli Access Manager for WebLogic 9CDyZ Web
D2+~q#20s,b)&CLrICZa) BEA WebLogic Server %cG<bv
=8#
WebSEAL re~;G20 Tivoli Access Manager for WebLogic DX8m~#+Gg
{zh*%cG<bv=8,|GGXhD#
PX20 WebSEAL re~D8>E",kND6IBM Tivoli Access Manager for
e-business Web Security 208O7#
19C WebSEAL rd|zm~qw,S= BEA WebLogic Server 1,&7#Kzm
~qwGC'CJ BEA WebLogic Server J4D%;*5c#*^FCJ,+h*4
( BEA WebLogic Server ,S}Kw#,S}Kw9z\;Zxg6p#$J4,x
;G(}9CG+4^FCJ#PX4(,S}KwDj8E",kND BEA
WebLogic Server D5#
10 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
BEA WebLogic ServerBEA WebLogic Server Xk20"dCZ+w\ Tivoli Access Manager for WebLogic
D53O#9C startWebLogic |nt/ BEA WebLogic Server#
BEA WebLogic Server fyP\'V=((} AIX b)OyhD Java Runtime
Environment V"# Tivoli Access Manager for WebLogic 9Cb,;v Java Runtime
Environment#I&20 BEA WebLogic Server Izc Tivoli Access Manager for
WebLogic T Java Runtime Environment DHvu~#
Z AIX OD IBM Java Runtime EnvironmentZ AIX 53O,BEA WebLogic Server 7.0 *s IBM Java Runtime Environment V1.3
20Z+w\ Tivoli Access Manager for WebLogic D53O#Z AIX 53O,BEA
WebLogic Server 8.1 *s IBM Java Runtime Environment V1.4 20Z+w\ Tivoli
Access Manager for WebLogic D53O#Tivoli Access Manager for WebLogic 9C
b)`,f>D Java Runtime Environment#
Tivoli Access Manager Java KP1
4T Tivoli Access Manager Base D Tivoli Access Manager Java KP1 V5.1 73X
kZ+w\ Tivoli Access Manager for WebLogic D53O20"dC#
Tivoli Access Manager Java runtime environment a)KyZ Java DO$MZ($_#
b) Java `)9KI BEA WebLogic Server 9CD Java runtime environment#
Z+w\ Tivoli Access Manager for WebLogic D53OdC Tivoli Access Manager
Java runtime environment 0Xk(" Tivoli Access Manager 2+r#
Tivoli Access Manager Java runtime environment f?v\'VYw53D IBM Tivoli
Access Manager Base CD V"#XZ208>E",kND6IBM Tivoli Access Manager
Base 208O7#
9C20r<20
"b
vTZ BEA WebLogic Server V7.0 D1!20;C,K20r<EG\'VD#
g{}Z9C BEA WebLogic Server V8.1,kq-Z 14 3D:9C>z5CL
r20;PD8>E"#
install_amwls 20r<(}TJ13r20MdCTBi~r/K Tivoli Access
Manager for WebLogic Server 53D20#
v Access Manager Java Runtime Environment
v Access Manager for WebLogic Server
*9C install_amwls r<20MdC Tivoli Access Manager for WebLogic Server 5
3,kq-TBb)=h:
1. 7#zQ-ZrP20K Tivoli Access Manager registry server"policy server M
authorization server#
Z 2 B 208>E" 11
2. 7#Q20yPX*DYw539!Lr#PXE",kNDZ 9 3D:\'V
=(;#
3. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.
020oT'Vm~|#
4. 7#ZKzwOQ20"dCK BEA WebLogic Server,RQ4(K BEA WebLogic
Server r#
5. Z Windows 53O,SyPKPPDLrKv#
6. t/ BEA WebLogic Server:
UNIX /WLS_install_dir/user_projects/domain_name/startWebLogic.sh
WindowsC:\WLS_install_dir\user_projects\domain_name/startWebLogic.cmd
7. (}S BEA WebLogic Server WebLogic_install_dir/server/bin ?<4PTB
E>,4hC CLASSPATH M PATH d?,"+ WebLogic .jars mS=
CLASSPATH T0 bin M lib ?<:
UNIX .setWLSEnv.sh
WindowssetWLSEnv.cmd
ZKP20r<0,7#f BEA WebLogic Server a)D java I4PD~Z53
76P&Zn0f#
8. KP install_amwls Lr,CLr;Z AIX"HP-UX(vTZ BEA WebLogic
Server 7.0)"Solaris M Windows =(D Tivoli Access Manager Web Security CD
Dy?<P#g{;Z1!;C20 BEA WebLogic Server,+h*9CTB|n
4KP20r<:
install_amwls -is:javahome path
dP path *CZ9C20r<4P20D jre D;C#
":
1. install_amwls.options.template D~ICZ2,20r;GCZ2G1!2
05#r%`-KD~T|(yPXhD5#
v *2G1!5,r9CK|n:
install_amwls -options install_amwls.options.template
v *4P2,20,r9C:
install_amwls -silent -options install_amwls.options.template
2. 19Cf BEA WebLogic Server a)D JDK 1,G"o=(OD20r<I
\aZ6-A;OT>;,aDD>#KT>Jb;0l5JDm~20#g
{#{^}KJb,k20 IBM JDK 1.3.1 "9C|4KP install_amwls#
20r<(}a>zdkZ 13 3D:install_amwls !n;PhvDdCE"*<
KP#vZ Windows 53P,7#zS\K Tivoli Access Manager for WebLogic
D1!20?<#
":Zza)KE"(rS\1!5).s,i~Z^hx;=I$DivBj
I20MdC#
12 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
Z20r<DnsvV**A;,CA;T>Q20Di~""TDdCT0|
GGqI&#g{20I&+GdC'\,I(}q-Z 17 3DZ 3 B, :dC
}L;PD=h4"TV$dC Tivoli Access Manager for WebLogic,qrML
xxPTB=h#
9. #9 BEA WebLogic Server#
10. li20GqQ+D~ AMSSPIProviders.jar 4F=
/bea_install_dir/weblogic/server/lib/mbeantypes ?<P#g{K?<P;f
ZCD~,rS /amwls_install_dir/lib V$4F|#
11. (}q-Z 18 3D:Z 2 ?V:* startWebLogic hC CLASSPATH;PD8>
E"4* startWebLogic |nhC CLASSPATH#
12. 4("dC Tivoli Access Manager r#PX8>E",kNDZ 22 3D:Z 4 ?
V:dC Tivoli Access Manager r;#
13. 9C WebLogic XF(XBt/ BEA WebLogic Server#
14. g{k*9C Tivoli Access Manager WebSEAL * BEA WebLogic Server a)
%cG<~q,kq-Z 24 3D:Z 5 ?V:* BEA WebLogic Server %cG
<xPdC;PD8>E"#
15. (}jIZ 26 3D:Z 7 ?V:bTdC;PD=h,bT20MdC,T7#
QT Tivoli Access Manager "am}7dCK Tivoli Access Manager for
WebLogic#
install_amwls !n
TB*KP install_amwls 1T>D!n#
m 1. install_amwls 20r<dC!n#
dC!n hv 1!5
6L ACL C' **k authorization server (Ex4(D
Tivoli Access Manager we#
sec_master \k * Tivoli Access Manager \m1\k#
Policy Server wz{ *policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy Server KZE *policy server C4l}ksDKZE#
1!KZE* 7135#7135
Authorization Server wz{ *Tivoli Access Manager authorization
server wz{#
Authorization Server KZE * authorization server KZE# 7136
1hC* true 1,?p AMWLS5.1 XF
()9true
WebLogic r\m1 *
BEA WebLogic Server rD\m1#1
4( WebLogic r1,&Q("KC
'#
WebLogic r\m1\k * WebLogic r\m1\k#
Access Manager for WebLogic Server 2
0?<D76
Z Windows 53O,Xk9C1!
5#C:\Program Files\Tivoli\pdwls
WebLogic Admin Server D URL t3://localhost:7001
Z 2 B 208>E" 13
9C>z5CLr20
kTzDYw53,jITBBZPD8>E":
v :Z AIX O20;
v :Z HP-UX O20;
v Z 15 3D:Z Solaris O20;
v Z 16 3D:Z Windows O20;
":Z20 Tivoli Access Manager for WebLogic 0,7##9 BEA WebLogic Server,
;sZ20jIsYXBt/|#
Z AIX O20
Tivoli Access Manager for WebLogic 20+D~i!Sm~|dCVk#Z AIX O
9C installp 20m~|#;sV$dC Tivoli Access Manager for WebLogic#
":g{Q-20"dC Tivoli Access Manager for WebLogic "h*XB20|,r
XkWHTd!{dC"}% Tivoli Access Manager for WebLogic m~|#kN
DZ 38 3D:S AIX }%;#
*Z AIX O20 Tivoli Access Manager for WebLogic,kjITB8>E":
1. w* root C'G<#
2. i$GqQzcm~Hvu~(|(4T Tivoli Access Manager Base DXhi~)#
kNDZ 10 3D:m~Hvu~;#
3. + IBM Tivoli Access Manager Web Security for AIX CD ek CD }/w#
4. Z shell a>BdkTB|n:
installp -acgNXd cd_mount_point/usr/sys/inst.images PDWLS
":li20GqQ+D~ AMSSPIProviders.jar 4F=
/bea_install_dir/weblogic/server/lib/mbeantypes ?<P#g{K?<P;
fZCD~,rS /amwls_install_dir/lib V$4F|#
5. B;=,dC Tivoli Access Manager for WebLogic#*A:Z 17 3DZ 3 B, :d
C}L;#
Z HP-UX O20
"b
Z HP-UX =(O201,vTZ BEA WebLogic Server 7.0,Tivoli Access
Manager for WebLogic EG\'VD#
g{Q-20"dC Tivoli Access Manager for WebLogic "h*XB20|,rXk
WHTd!{dC"}%|#kNDZ 38 3D:S HP-UX }%;#
*Z HP-UX O20 Tivoli Access Manager for WebLogic,kjITB=h:
1. w*C' root G<#
14 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
2. i$GqQzcm~Hvu~(|(4T Tivoli Access Manager Base DXhi~)#
kNDZ 10 3D:m~Hvu~;#
3. Zs(t/ pfs_mountd,;st/ pfsd(g{|G;ZKPP)#C pfs_mount|n20 CD#}g,dkTB|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8,/cd-rom G20c#
4. dkTB|n20 Tivoli Access Manager for WebLogic m~|:
# swinstall -s /cd_rom/hp PDWLS
T>;u{",8>VvWNQI&#T>m;u{",8>4PWN}Z*<#
S CD i!D~"20Z2LO#T>;u{",8>4PWNQI&# swinstall5CLrKv#
":li20GqQ+D~ AMSSPIProviders.jar 4F=
/bea_install_dir/weblogic/server/lib/mbeantypes ?<P#g{K?<P;
fZCD~,rS /amwls_install_dir/lib V$4F|#
5. B;=,dC Tivoli Access Manager for WebLogic#*A:Z 17 3DZ 3 B, :d
C}L;#
Z Solaris O20
Tivoli Access Manager for WebLogic 20+D~i!Sm~|dCVk#9C pkgaddIZ Solaris Operating Environment(TBF* Solaris)O20m~|#;sV$dC
Tivoli Access Manager for WebLogic#
":g{Q-20"dC Tivoli Access Manager for WebLogic "h*XB20|,r
XkWHTd!{dC"}%|#kNDZ 37 3D:S Solaris }%;#
*Z Solaris O20 Tivoli Access Manager for WebLogic,kjITB8>E":
1. w*C' root G<#
2. i$GqQzcm~Hvu~(|(4T Tivoli Access Manager Base DXhi~)#
kNDZ 10 3D:m~Hvu~;#
3. ek IBM Tivoli Access Manager Web Security for Solaris CD#
4. KPTB|n420m~:
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/solaris/pddefault PDWLS
dP:
-d /cdrom/cdrom0/solaris 8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault 8(20\mE>D;C#
1?vm~|D20}L<QjI1,T>TB{":
m~|D20I&jI#
":li20GqQ+D~ AMSSPIProviders.jar 4F=
/bea_install_dir/weblogic/server/lib/mbeantypes ?<P#g{K?<P;
fZCD~,rS /amwls_install_dir/lib V$4F|#
Z 2 B 208>E" 15
5. B;=,dC Tivoli Access Manager for WebLogic#*AZ 17 3DZ 3 B, :d
C}L;#
Z Windows O20
Tivoli Access Manager for WebLogic 20+D~i!Sm~|dCVk#9C
InstallShield setup.exe I20 Tivoli Access Manager for WebLogic D~#1
InstallShield jI1,9CZ 17 3DZ 3 B, :dC}L;PD8>E"dC Tivoli
Access Manager for WebLogic#
":g{Q-20"dC Tivoli Access Manager for WebLogic "h*XB20|,r
XkWHTd!{dC"}%|#kNDZ 37 3D:S Windows }%;#
*Z Windows O20 Tivoli Access Manager for WebLogic,kjITB8>E":
1. T_P Windows \m1X(DC'G<= Windows r#
2. i$GqQzcm~Hvu~(|(4T Tivoli Access Manager Base DXhi
~)#kNDZ 10 3D:m~Hvu~;#
3. + IBM Tivoli Access Manager Web Security for Windows CD ek CD }/w#
4. (}+wTBD~KP Tivoli Access Manager for WebLogic InstallShield 20L
r,dPTB|nPDL{ E: zm CD }/w:
E:\Windows\PolicyDirector\Disk Images\Disk1\PDWLS\Disk Images\Disk1\setup.exe
+r*0!q20oT10Z#
5. !q`&DoT"%w7(#
InstallShield Lrt/"r*06-10Z#
6. %wB;=#
+r*0mI$-i10Z#
7. DAmI$-i,g{S\b)unMu~,r%wG#
+r*0!q?DX;C10Z#
8. S\1!5r/@TiRzf;C#%wB;=#
r*0*<4FD~10Z#
9. 7#T>D20;C}7,;s%wB;=#
D~i!=EL#+T>;u{",8>Q20D~#
10. %wjIKv20Lr#
11. li20GqQ+D~ AMSSPIProviders.jar 4F=
c:\bea_install_dir\weblogic\server\lib\mbeantypes ?<#g{K?<P;fZ
CD~,rS c:\amwls_install_dir\lib V$4F|#
12. B;=,dC Tivoli Access Manager for WebLogic#*AZ 17 3DZ 3 B, :d
C}L;#
16 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
Z 3 B dC}L
*dC Tivoli Access Manager for WebLogic,kjITB?;ZPD8>E":
v :Z 1 ?V:dC Tivoli Access Manager Java runtime environment;
v Z 18 3D:Z 2 ?V:* startWebLogic hC CLASSPATH;
v Z 19 3D:Z 3 ?V:dC Tivoli Access Manager for WebLogic;
v Z 22 3D:Z 4 ?V:dC Tivoli Access Manager r;
v Z 24 3D:Z 5 ?V:* BEA WebLogic Server %cG<xPdC;
v Z 25 3D:Z 6 ?V:Z BEA WebLogic Server `~qw73(|(:/73)
PdC Tivoli Access Manager for WebLogic;
v Z 26 3D:Z 7 ?V:bTdC;
":>BPD8>E"Y(zQ20K Tivoli Access Manager for WebLogic 0dX8
m~,|( Tivoli Access Manager y>i~DdC#g{zP420Cm~,k
q-Z 9 3DZ 2 B, :208>E";PD8>E"VZ20#
Z 1 ?V:dC Tivoli Access Manager Java runtime environmentTivoli Access Manager Java runtime environment * Tivoli Access Manager for WebLogic
DX8m~#ZdC BEA WebLogic Server r0,XkH}7dC Java KP1i~#
9C Tivoli Access Manager 5CLr pdjrtecfg I|BI BEA WebLogic Server 9
CD Java Runtime Environment#mb,g{53|,`v Java KP1,k7#I BEA
WebLogic Server 9CD Java Runtime Environment ;CZ4PC pdjrtecfg 5CL
r#
1. ki$Q20K Tivoli Access Manager Base D Java runtime environment#
XZ|`E",kNDZ 10 3D:m~Hvu~;#
2. (}S BEA WebLogic Server WebLogic_install_dir/server/bin ?<4PTBE
>,4hC CLASSPATH M PATH d?,"+ WebLogic .jars mS= CLASSPATH
T0 bin M lib ?<:
UNIX .setWLSEnv.sh
WindowssetWLSEnv.cmd
ZKP ezInstall 0,7#f BEA WebLogic Server a)D java I4PD~Z53
76P&Zn0f#
3. Tivoli Access Manager Java Runtime Environment h*Tf BEA WebLogic Server
;pa)"20D JDK xPdC#*jIKYw:
a. +?<|D* Tivoli Access Manager 2076PD sbin ?<#}g:
UNIX:/opt/PolicyDirector/sbinWindows:C:\Program Files\Tivoli\Policy Director\sbin
b. 4P pdjrtecfg |n,gBy>:
pdjrtecfg -action config -host policy_server_name -java_home java_location
© Copyright IBM Corp. 2003 17
dP java_location * BEA WebLogic Server Java Runtime Environment D?<
;C#b+G:
WindowsBEA WebLogic Server V7.0
c:\bea\jdk131_ob\jre
BEA WebLogic Server V8.1
c:\bea\jdk141\jre
Solaris,HP-UX
/usr/local/bea/jdk141_03
AIX
Z AIX 53O,BEA WebLogic Server 7.0 h* IBM Java Runtime
Environment V1.3,BEA WebLogic Server 8.1 h* IBM Java Runtime
Environment V1.4#&+ pdjrtecfg |nPD -java_home !nhC*
zD AIX zwOD JRE D20;C#BEA WebLogic Server V7.0
/usr/java131
BEA WebLogic Server V8.1
/usr/java14
":
1. BEA WebLogic Server 8.1 20OD pdjrtecfg 5CLrf;K jre/lib ?
<PD jsse.jar#1!{dC Tivoli Access Manager Java Runtime 1,V
4KD~#
2. 1dC Sun v1.4 JRE 1,;*T;%==KP pdjrtecfg r9C pdconfig5CLr4dC JRE,r*dC+'\#
XZ9C pdjrtecfg D|`E",kND6IBM Tivoli Access Manager Base 2
08O7PPXDN<3#
Z 2 ?V:* startWebLogic hC CLASSPATH
":Z4Pb)dC=h0,7#Q4(K WebLogic r#
startWebLogic |nCZt/ WebLogic Server#h*^D CLASSPATH 73d?T9
startWebLogic \;CJ"0k}7D Java `#
kjITB8>E":
1. g{ WebLogic Server }ZKP,VZk+d#9#
2. +TBD~{mS= startWebLogic |nD CLASSPATH d?:
UNIX
/opt/pdwls/lib/AMSSPICore.jar/opt/pdwls/lib/rbpf.jar
Windows
C:\amwls_install_directory\lib\AMSSPICore.jarC:\amwls_install_directory\lib\rbpf.jar
18 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
startWebLogic |n;Z BEA WebLogic Server DQ20rD?<P#Zj<2
0P,K;CG:
UNIX /WebLogic_install_directory/user_projects/domain_name
WindowsC:\WebLogic_install_directory\user_projects\domain_name
d? domain_name GZ4( BEA WebLogic Server r1z!qD{F#
3. g{}Z9C1!oT("o),rx}K=h#
g{z}Z9CoT|T'V1!oT("o).bDoT,rXk+TB76m
S=Z startWebLogic E>P(eD CLASSPATH P:
UNIX
/opt/pdwls/nls/java/com/tivoli/amwls/sspi/nls
Windows
C:\Progra~1\Tivoli\pdwls\nls\java\com\tivoli\amwls\sspi\nls
" : m S K ? < + 9 o T | 2 0 \ ; C J 2 0 Z
/opt/pdwls/nls/java/com/tivoli/amwls/sspi/nls/ PDJ4x#
Z 3 ?V:dC Tivoli Access Manager for WebLogicIS|nPr9C Tivoli Access Manager XF()9 Web &CLr4dC Tivoli
Access Manager for WebLogic#b=V!qDj8E"<|,ZTBwZP#
&Z4Pb)8>E"04( BEA WebLogic Server r#
ZdC Tivoli Access Manager for WebLogic "4(r1dkD}]f"ZtTD~P#
b)tTD~ICZ|D Tivoli Access Manager for WebLogic DP*#PX|`E",
kNDZ 41 3D=< A, :tTD~N<;#
9CXF()9 Web &CLrdC Tivoli Access Manager forWebLogic
1. t/ BEA WebLogic Server:
UNIX /WLS_install_dir/user_projects/domain_name/startWebLogic.sh
WindowsC:\WLS_install_dir\user_projects\domain_name\startWebLogic.cmd
2. r* Web /@w",S=w\ BEA WebLogic DzwOD BEA WebLogic XF
(#4:
http://WebLogic_server_name:7001/console
7001 *1! BEA WebLogic Server KZE#K5GIdCD#
3. T> BEA WebLogic Server G<A;#T_P\m1X(D BEA WebLogic Server
C'm]G<#
4. ZdC Tivoli Access Manager for WebLogic server "4( Tivoli Access Manager
r0,z+h*?p Tivoli Access Manager XF()9 Web &CLr,C&CL
ra)=dCNqD Web gf#*?pK Web &CLr:
Z 3 B dC}L 19
a. S BEA WebLogic Server w3,ZrdC8Z,!q Web &CLr#
b. !qdCB Web &CLr4S#
c. !q(}/@wOX|4S#
d. /@TiR&CLr amwls_install_dir\lib\AMWLSConsoleExtension.war#%
wOX#
e. * AMWLSConsoleExtension.war %w!q4S#
f. !q?p?j;s%wdC"T>#
*liGqQI&?pXF()9 Web &CLr,9*s`A;0qPD?p
D~P#9* Web &CLrD~P,AMWLSConsoleExtensions &T>ZKPm
P#Kb,?pXF( Web &CLr)9+QZXF(0Zs_T>D BEA
WebLogic Server <=0qPmS;v Tivoli Access Manager <j#
5. *dC Tivoli Access Manager r,%w BEA WebLogic Server <=0qPD Access
Manager <j#
6. T>dCA;#dkyPXhDE"MNNI!DN}#PX*dkDE"D8
<,kNDBm#
ICZ config YwD!nZBmPPv#Z;vm|,XhD!n#Z~vm|,
I!D!n#
Xh!nD{F hv
domain_admin WebLogic r\m1
domain_admin_pwd WebLogic r\m1\k
remote_acl_user * authorization server 4(D Tivoli Access Manager we
sec_master_pass Tivoli Access Manager sec_master \m1\k
pdmgrd_host Tivoli Access Manager policy server wz{#
pdacld_host Tivoli Access Manager authorization server wz{#
":;Xdk\k,xGZ4PYw0a>dk\k#bG*@9\k#tZ|n
z7G<P#
Bm|, config YwDI!!n#
!n{F hv
wls_server_url 8(>X WebLogic Server D URL#1!5*
t3://localhost:7001#
pdmgrd_port Tivoli Access Manager policy server KZE#
pdacld_port Tivoli Access Manager authorization server KZE#
am_domain 8( Tivoli Access Manager rD{F#1!5* Default#
amwls_home 8(= Tivoli Access Manager for WebLogic Server 20?<D76#
%w&C#
7. g{dCGI&D,raZR`0qPT> Tivoli Access Manager for WebLogic
Server N}DPm#
VZIdC Tivoli Access Manager r#kNDZ 22 3D:Z 4 ?V:dC Tivoli
Access Manager r;#
20 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
S|nPdC Tivoli Access Manager for WebLogic1. t/ BEA WebLogic Server:
UNIX
/WLS_install_dir/user_projects/domain_name/startWebLogic.sh
Windows
C:\WLS_install_dir\user_projects\domain_name\startWebLogic.cmd
2. 4PTB|n4dC Tivoli Access Manager for WebLogic#
":g{ZD~b9}LP4+ Tivoli Access Manager for WebLogic 20=(i
D;C(g0;Byv),r7#+ AMWLSConfigure E>PD AMSSPI_DIR
d?hC*5J20?<D;C#`FX,g{4+ WebLogic 20Z1!;
C,rZ ALWLSConfigure E>P9C WebLogic.jar D}7;C|B
WLS_JAR d?#
UNIX install-dir/sbin/AMWLSConfigure.sh
Windowsinstall-dir\sbin\AMWLSConfigure.bat
dC Tivoli Access Manager for WebLogic D AMWLSConfigure Java &CLr
D|nPo(*:
v AMWLSConfigure -action config [options ...]
dC Tivoli Access Manager for WebLogic#
v AMWLSConfigure -help [action]
T>+]x AMSSPIConfigure DXhMI!D5#
ICZ config YwD!nZBmPPv#Z;vm|,XhD!n#Z~vm|,
I!D!n#
Xh!nD{F hv
domain_admin WebLogic r\m1
domain_admin_pwd WebLogic r\m1\k
remote_acl_user * authorization server 4(D Tivoli Access Manager we
sec_master_pass Tivoli Access Manager sec_master \m1\k
pdmgrd_host Tivoli Access Manager policy server wz{#
pdacld_host Tivoli Access Manager authorization server wz{#
":;Xdk\k,xGZ4PYw0a>dk\k#bG*@9\k#tZ|n
z7G<P#
Bm|, config YwDI!!n#
!n{F hv
deploy_extension 1hC* true 1,?p Tivoli Access Manager for Web Logic Server
XF()9#1!5* true#
wls_server_url 8(>X WebLogic Server D URL#1!5*
t3://localhost:7001#
Z 3 B dC}L 21
pdmgrd_port Tivoli Access Manager policy server KZE#
pdacld_port Tivoli Access Manager authorization server KZE#
am_domain 8( Tivoli Access Manager rD{F#1!5* Default#
amwls_home 8(= Tivoli Access Manager for WebLogic Server 20?<D76#
verbose tCr{Cj8dvD<{5#1!5* false#
VZh*dC Tivoli Access Manager r#
Z 4 ?V:dC Tivoli Access Manager r
9CXF()9 Web &CLrdC Tivoli Access Manager r
;)dCK Tivoli Access Manager for WebLogic Server 4* BEA WebLogic Server
a)2+T,zMh*4(;vr4X* Tivoli Access Manager 2+T#*jIKY
w:
1. 9*s`A;0qPD Access Manager <j,;s%wr<j#
2. T>4(rA;#dkyPXhDd?#%w0&C1#
3. *dC BEA WebLogic Server 7.0 49COf4(D Tivoli Access Manager r:
a. Z BEA WebLogic Server <=0qP!qkzDr`XD<j#
b. T>rdCA;#!q2+T!n(#
c. S#f!n(,9C1!rB-Pm,4!qZOfD=hP4(Dr#%w
&C#
*dC BEA WebLogic Server 8.1 49COf4(D Tivoli Access Manager r,
9C BEA WebLogic Server XF(OD02+T1!n(4hC1!r#
4. XBt/ BEA WebLogic Server#
5. *bTB Access manager rGq}#$w,R`A;0qP Access Manager D~
PZDC'Mi<j&|,4T Tivoli Access Manager C'"amDu?#
":g{8(K;vQ-fZD SSO C',4*KVPC'dkK;}7D\k,r
4(rYw+aI&,+ SSO +;{C#ZKivB,I(}|B Tivoli Access
Manager for WebLogic rbpf.properties D~P`&Du?4\]WXtC SSO#
PX rbpf.properties Dj8E",kNDZ 41 3D=< A, :tTD~N<;#
S|nPdC Tivoli Access Manager r
1. 4PTB|n44( Tivoli Access Manager for WebLogic r#
":g{ZD~b9}LP4+ Tivoli Access Manager for WebLogic 20=(i
D;C(g0;Byv),r7#+ AMWLSConfigure E>PD AMSSPI_DIR
d?hC*5J20?<D;C#`FX,g{4+ WebLogic 20Z1!;
Cr}Z9C WebLogic V8.1,rZ ALWLSConfigure E>P9C
WebLogic.jar D}7;C4|B WLS_JAR d?#
UNIX install-dir/sbin/AMWLSConfigure.sh
Windowsinstall-dir\sbin\AMWLSConfigure.bat
22 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
dC Tivoli Access Manager for WebLogic D AMWLSConfigure Java &CLr
D|nPo(*:
v AMWLSConfigure -action create_realm [options ...]
4( Tivoli Access Manager for WebLogic r#
v AMWLSConfigure -help [action]
T>+]x AMSSPIConfigure DXhMI!D5#
ICZ create_realm YwD!nZBmPv#Z;vm|,XhD!n#Z~vm
|,I!D!n#
Xh!nD{F hv
realm_name 8(}Z4(D WLS rD{F#
domain_admin_pwd 8( WebLogic r\m1\k#
user_dn_suffix 8(Z(}XF()9 Web &CLr4(C'1*9CD(P{
F(DN)s:#
group_dn_suffix 8(Z(}XF()9 Web &CLr4(i1*9CD(P{F
(DN)s:#
admin_group 8(CZZ?dC?DD Tivoli Access Manager i#
":;Xdk\k,xGZ4PYw0a>dk\k#bG*@9\k#tZ|n
z7G<P#
Bm|, create_realm YwDI!!n#
!n{F hv
user_dn_prefix 8(Z(}XF()9 Web &CLr4(C'1*9CD(P{F
(DN)0:#
group_dn_prefix 8(Z(}XF()9 Web &CLr4(i1*9CD(P{F
(DN)0:#
sso_enabled 1hC* true 1,tC%cG<'V#1!5* false#
sso_user 8(CZ4(k Tivoli Access ManagerD%cG<ENX*DC'#
sso_pwd *%cG<C'8(\k#
verbose tCr{Cj8dvD<{5#1!5* false
2. *dC BEA WebLogic Server 7.0 49COf4(D Tivoli Access Manager r:
a. r* Web /@w",S=w\ BEA WebLogic DzwOD BEA WebLogic X
F(#4:
http://WebLogic_server_name:7001/console
7001 *1! BEA WebLogic Server KZE,K5GIdCD#
b. T> BEA WebLogic Server G<A;#T_P\m1X(DC'm]G<#
c. Z BEA WebLogic Server <=0qP!qkzDr`XD<j#
d. T>rdCA;#!q2+T!n(#
e. S#f!n(,9C1!rB-Pm,4!qZOfD=hP4(Dr#%w
&C#
Z 3 B dC}L 23
*dC BEA WebLogic Server 8.1 49COf4(D Tivoli Access Manager r
(realm),9C BEA WebLogic Server XF(OD02+T1!n(4hC1!
r(domain)#
3. XBt/ BEA WebLogic Server#
4. *bTB Access manager rGq}#$w,s`A;0qP Access Manager D~
PZDC'Mi<j&|,4T Tivoli Access manager C'"amDu?#
Z 5 ?V:* BEA WebLogic Server %cG<xPdC
>Z8<zjI9C WebSEAL r Tivoli Access Manager Plug-in for Web Servers r
BEA WebLogic Server dC%cG<D}L#g{;#{5V%cG<&\,IvTK
Z#
WebSEAL M Tivoli Access Manager Plug-in for Web Servers T;,D==5V2+
TM%cG<,R9C;,D53e5a9#PX20 WebSEAL M plug-in for Web
servers DE",kND6IBM Tivoli Access Manager for e-business Web Security 20
8O7#PXdC WebSEAL D30E"Mj8E",kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#PXe~DYwMdCE",kND IBM
Tivoli Access Manager Plug-in for Web Servers Integration Guide#
y]zk*5VDe5a9,TBwZa)=SD WebSEAL Me~dCE",b)E
"TZr BEA WebLogic Server dC%cG<GXhD:
v :9C WebSEAL acdC%cG<;
v Z 25 3D:9C Tivoli Access Manager Plug-in for Web Servers dC%cG<;
9C WebSEAL acdC%cG<
*9C WebSEAL * BEA WebLogic Server a)%cG<\&,kZw\ WebSeal ~
qwD53OjITB=h:
1. r* WebSEAL dCD~ webseald.conf#
2. hCTBdCn:
basicauth-dummy-passwd = sso_pwd
K\kXkkZ4(rYwPtCD sso_pwd VND\k`%d#
3. #9"XBt/ WebSEAL,T9dC|Dz'#
4. 9C pdadmin |nI4( WebSEAL ac#
":IZ Tivoli Access Manager 2+rPDNNzwO4PK=h#;XZ
WebSEAL 53O4P#}g,ITZ Tivoli Access Manager policy server 5
3O4P#
qX9C -b !na)ac?j URL#TZ%cG<,bGXhD#
}g,w*;v,xD|nPdkTB|n:
pdadmin> server task webseald_server_name create -t tcp-p WebLogic_Server_listen_port -h WebLogic_Server-b supply junction_target
24 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
Bm(eKOv pdadmin |nPDd?:
m 2. pdadmin |nD!n
!n hv
webseald_server_name WebSEAL ~qwD{F#C{FI=?ViI:
webseald-WebSEAL_server_instance#T WebSEAL_server_instance
9 C 5 3 D w z { # } g , g { w z { * c r u z , r
webseald_server_name +G:webseald-cruz k"b:g{Z,;
(~qwO20K`v WebSEAL 5},z9h*8(~qw5
}#PX4(k`v~qw5}DacD8>E",kND
6IBM Tivoli Access Manager for e-business WebSEAL \m8
O7#
WebLogic_Server BEA WebLogic Server Dwz{#
WebLogic_Server_listen_port BEA WebLogic Server }ZdOl}DKZ#1!5* 7001#
-b supply TZ%cG<GXhD#7# WebSEAL +]1\k#
junction_target acD URL ?j
XZ4(M9C WebSEAL acDj{E",kND6IBM Tivoli Access Manager for
e-business WebSEAL \m8O7#
9C Tivoli Access Manager Plug-in for Web Servers dC%
cG<
*9%cG<}#$w,h*dC Tivoli Access Manager Plug-in for Web Servers 4
+y>O$7PD}7E"+]x IBM Tivoli Access Manager for WebLogic Server#
*o=K?D,y>O$h*w*e~dCD~PDZ(s#idC#
`-;Z plug-in_install_dir/etc ?<PD pdwebpi.conf dCD~,"+TB5m
S= [common-modules] Z:
[common-modules]post-authzn = BA
;sIZ [BA} ZP+ add-hdr M supply-password N}VphC* BA M sso_user
D\k#4:
[BA]add-hdr = supplysupply-password = sso_pwd
PXdC Tivoli Access Manager Plug-in for Web Servers D|`E",kND IBM Tivoli
Plug-in for Web Servers Integration Guide#
Z 6 ?V:Z BEA WebLogic Server `~qw73(|(:/73)P
dC Tivoli Access Manager for WebLogic>ZkT BEA WebLogic Server 20Z`~qw73r:/73PDe5a9#*Z
BEA WebLogic Server `~qw73(|(:/73)PdC Tivoli Access Manager
for WebLogic:
Z 3 B dC}L 25
1. 9CZ 19 3D:Z 3 ?V:dC Tivoli Access Manager for WebLogic;MZ 22
3D:Z 4 ?V:dC Tivoli Access Manager r;PD8>E"4Z BEA
WebLogic Server \m~qwOdC Tivoli Access Manager for WebLogic "4(
Tivoli Access Manager r#
2. (}+ Tivoli Access Manager for WebLogic tTSKrD\m~qw4F=?v
?jzw(\\~qw)4Z\\~qw(|(:/I1)OtC Tivoli Access
Manager for WebLogic#tTD~;Z BEA_WLS_HOME/jdk_location/jre/amwls/,
&+b)tTD~4F=?v\\~qwOD,;;C#
Z 7 ?V:bTdC
(}jITB=h,i$GqT Tivoli Access Manager "am}7dCK Tivoli Access
Manager for WebLogic:
1. 9C BEA WebLogic Server XF(4("i$BDbTC'#
2. 4PTB pdadmin |n:
pdadmin> user show test_user
v i$ account-valid Gq* yes#
v i$ password-valid Gq* yes#
Tivoli Access Manager for WebLogic %cG<bv=8Jm(} WebSEAL 4P%;
O$=h,C=hr BEA WebLogic Server 8wXO$C'#IT(}KP]>&C
Lr7OGq}7dCKO$#C]>&CLrZZ 30 3D:9C]>&CLr;P
hv#
26 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
Z 4 B tC%cG<
9C Tivoli Access Manager WebSEAL xP%cG<
Tivoli Access Manager for WebLogic 'VSd| Tivoli Access Manager z7(}g
Tivoli Access Manager WebSEAL"Tivoli Access Manager Plug-in for Web Servers M
Tivoli Access Manager Plug-in for Edge Server)xPD Web %cG<#
WebSEAL M BEA WebLogic Server .dDENX5(}9CQdCD HTTP y>O
$ dummy \k4jI#K,yD=(2CZZT0D5V(F2+rSZD Tivoli
Access Manager for BEA WebLogic Server z7P4P%cG<#
Tivoli Access Manager HTTP frzm(}g WebSEAL);dC*+]C'{MQ*
D%cG<#\\k#K#\\kCZ7(CfrzmGqGIED#Tivoli Access
Manager Authorization Server i$K\ks,Ma*}ZksJ4DC'!C>$#
B<T>gN("ENX5Dj8E"#
O<T>TB=h:
1. C'9C WebSEAL 'VDNNO$zF(}g,C'{/\krM'z$i)4
r WebSEAL O$#;sC'a;T BEA WebLogic Server J4Dks#
2. WebSEAL Q-(}9C -b supply !n,dCP;v= BEA WebLogic Server D
ac#WebSEAL +ks+]x BEA WebLogic Server;CksZ,|,TBZ]
Dy>O$7:
v WebSEAL QO$DC'j6(Z<P* user-1)
v webseald.conf PD basicauth-dummy-passwd 5#|G0fa=DGv#\\k#
< 3. 9C Tivoli Access Manager WebSEAL xP%cG<
© Copyright IBM Corp. 2003 27
3. BEA WebLogic Server +KC'j6M#\\k+]x Tivoli Access Manager for
WebLogic O$a)LrTCZi$#
4. Tivoli Access Manager for WebLogic G<#i9C Tivoli Access Manager 4i$
x(D\kGqGkT Tivoli Access Manager for WebLogic QdCD WebSEAL
%cG<C'D#K\kDi$a)K WebSEAL M BEA WebLogic Server .d
DENX5#
g{=h 4 I&,r Tivoli Access Manager for WebLogic O$a)Lrr BEA
WebLogic Server O$x(C'j6#k"b9C#\\k(<P* ws-passwd)x
PDQdC WebSEAL %cG<C'DO$v4P;N,bGr*|_Y:fZ
Tivoli Access Manager for WebLogic G<#iP#K_Y:fIdCRI;XU#
Zr4(D}LPIhC SSO,+G,*V$tC SSO Tivoli Access Manager for
WebLogic:
1. 4( SSO C'#
2. Z amsspi.properties Tivoli Access Manager for WebLogic dCD~/P:
com.tivoli.amwls.sspi.Authentication.ssoEnabled = truecom.tivoli.amwls.sspi.Authentication.ssoTrustId = sso_username
28 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
Z 5 B \mNq
>B|,XZ Tivoli Access Manager for WebLogic DTBE":
v :Z Tivoli Access Manager Authorization server OtCZ(~q;
v Z 30 3D:(} Tivoli Access Manager for WebLogic xPDC'Mi\m;
v Z 30 3D:9C]>&CLr;
v Z 32 3D:9C<I;
v Z 32 3D:}N%wG<_T;
v Z 33 3D:>} Tivoli Access Manager r;
v Z 34 3D:!{dC Tivoli Access Manager for WebLogic;
v Z 34 3D:JOoO<I;
v Z 35 3D:V^;
Z Tivoli Access Manager Authorization server OtCZ(~q
1!ivB,Tivoli Access Manager for WebLogic 9C Tivoli Access Manager Policy
Server 4/@ Tivoli Access Manager \#$Ts}]bPD\#$Ts#+G,IZ
^(4F Tivoli Access Manager Policy Server RarK}k Tivoli Access Manager for
WebLogic %;JOc,yTKe5a9&vCZbT73#Kb,Z(~qyZZ?_
Y:f<ua)|QDKP1T\#Z(~qe5a9&\GCZzz73#
TBdC=h&vZ}7dC Tivoli Access Manager for WebLogic sE\4P# Tivoli
Access Manager for WebLogic 9C=VZ(~q,b=V~q<h*ZyPQdCD
Tivoli Access Manager Authorization server OtC:
v Tivoli Access Manager )9tTZ(~q
bGf Tivoli Access Manager Authorization Server V"D1!Z(~q#
v RBPF \#$Ts/@Z(~q
bGf Tivoli Access Manager for WebLogic V"DZ(~q#
*7# Tivoli Access Manager for WebLogic }Z9CZ(~q,k4PTB=h:
1. + rbpf_ent_pos_browser 2mbS Tivoli Access Manager for WebLogic wz
4F= Tivoli Access Manager Authorization Server wzO,"+|ECZ;Z53
PATH PDNb?<P# rbpf_ent_pos_browser 2mbIZ Tivoli Access Manager
for WebLogic wzDTB?<PR=:
UNIX /opt/PolicyDirector/lib
Windowsc:\Program Files\Tivoli\pdwls\bin
2. S Tivoli Access Manager Authorization wzOr* ivacld.conf D~,CD~;
Z:
UNIX /opt/PolicyDirector/etc
Windowsc:\Program Files\Tivoli\Policy Director\etc
© Copyright IBM Corp. 2003 29
3. +TB=PmSA [aznapi-entitlement-services] Z:
AZN_ENT_EXT_ATTR = azn_ent_ext_attrRBPF_POS_BROWSE = rbpf_ent_pos_browser
4. XBt/ Tivoli Access Manager Authorization Server#
5. S Tivoli Access Manager for WebLogic wz,r*;Z
java_home/amwls/WLS_Domain_Name/WLS_Realm_Name PD rbpf.properties D~ -
dP WLS_Domain_Name * BEA WebLogic Server r(domain)D{F,
WLS_Realm_Name * BEA WebLogic Server 2+r(realm)D{F#+TBtT
|B* true:
com.tivoli.pd.as.rbpf.UseEntitlements=true
6. XBt/ BEA WebLogic Server#
;)b)=hI&jI,tC Tivoli Access Manager for WebLogic D BEA WebLogic
Server +9C Tivoli Access Manager Authorization Server 44PyP\#$Ts/@
(k Tivoli Access Manager Policy Server `T)#
(} Tivoli Access Manager for WebLogic xPDC'Mi\m
PK Tivoli Access Manager for WebLogic,I(}9C BEA WebLogic Server XF
(\mC'Mi#S BEA WebLogic Server XF(D2+T0q,9* Access Manager
<j,;sY9*r<j,TT>C'Mi<j#z}GSb)<j\m Tivoli Access
Manager for WebLogic 2+TDC'Mi#
!qC'<jT>C'\m3f#SK3fzIT:
v Pv Tivoli Access Manager for WebLogic C'#
v T>%vC'Dj8E"#
v 4(C'#
!qi<jT>i\m3f#SK3fzIT:
v Pvi#
v T>X(iDj8E"#
v 4(i#
I(}Z`XDXF()93fPdkCUqVtDPm,+`vC'mSAiP,
r+`vimSAC'P#
1PvC'ri1,g{4Zns5X}VNPdk;v5,r+T>yPzc#=
VNP8(Du~DC'ri#
9C]>&CLr
IT9C]>&CLri4;v_P=V`MZ(D>},"709C WebSEAL %c
G<&\#
b=V`MDZ(G:
v ywT
9C?phv{4+X(G+ZhC'Mi#
v F.T
30 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
S&CLr4zkZ4PG+li#
]>&CLrI;v Web i~M;v EJB i~iI#
IgBhv Web i~P=V6pD2+T:
v ywT:
web.xml ?phv{(e{* ServletRole D%vG+#weblogic.xml ?phv{
(e ServletRole M BankMembersServlet i.dDwe3d#web.xml ?ph
v{PD2+T<x7#C'Xk;Zh ServletRole G+TCJ Servlet DNN=
(#
v F.T:
doPost() =(_P=SD2+T,K1,F.T7#+ ServletRole ZhwC_#
b9CZ%v Web i~Z;+IbTF.T2+T9IbTywT2+T#
HTTPRequest.isUserInRole() =(CZxP(^li#
IgBhv EJB i~P}V6pD2+T:
v ywT2+T:
Z e j b - j a r . x m l ? p h v { P ( e { * E J B R o l e D % v G + #
weblogic-ejb-jar.xml ?phv{(e EJBRole M BankMembersEJB i.dD
we3d#ejb-jar.xml ?phv{PD=(mI(7#C'Xk;Zh EJBRole G
+TCJ getBalance() =(#
v F.T2+T:
getBalance() _Px;=D2+T,K1,F.T7#+ EJBRole ZhwC_#
EJBContext.isCallerInRole() =(CZxP(^li#
v yZJ'{DF.T2+T:
getBalance() =(7#ksDJ'{kwCwe{`%d#4,v Banker1 Ii4
Banker1 DJ'`n#
*KP]>&CLr,kjITB=h:
1. +]>&CLr PDDemoApp.ear 4F= WebLogic_domain_directory\applications#
k"b,K?<;GXh9CD#IT+ EAR D~EkD~53DNN?<P#]
>&CLrIZ /AMWLS_install_dir/demo PR=#
2. 9C BEA WebLogic Server XF(4(TBC':
Banker1Banker2Banker3Banker4URLUser1URLUser2URLUser3
3 . 4( 2 vi:BankMember sEJB M BankMember sSe rv l e t#mSC'
Banker1"Banker2"Banker3 M Banker4 AB4(Di#
XZ9C BEA WebLogic Server XF(D8>E",kND BEA WebLogic Server
D5#
4. 9C BEA WebLogic Server XF(?p]>&CLr#
5. *CJ]>&CLr,kCJTB URL:
http://WebLogic_Server_host:WebLogic_Server_listening_port/pddemo/PDDemo
Z 5 B \mNq 31
9CTO(eD Banker C'.;xPO$#
WebLogic_Server_host G BEA WebLogic Server 53Dwz{#
WebLogic_Server_listening_port G BEA WebLogic Server }ZdOxPl}DKZ#
6. i$Gq;P BankMembersServlet iPDC'EICJ servlet#
7. i$w* BankMembersEJB iPI1DQO$C'Gq;\i4{GT:D`
n,x;\i4d{NNC'D`n#
*bT WebSEAL %cG<,kjITB=h:
1. kCJTB URL:
https://webseald_server_name/junction_target/pddemo/PDDemo
WebSEAL +a>zxPO$#
XZd? webseald_server_name M junction_target D5w,kNDZ 26 3D:Z 7
?V:bTdC;#
":r*1! WebSEAL P*+h9(} HTTP xPy>ryZm%DO$,yT
ZK&9C HTTPS#
2. w*TO(eDC'.;xPO$#
K}L9C'\;%cG<= BEA WebLogic Server,"R+wC servlet x;h*
xPZ~NO$#1(} WebSEAL xPCJ1,PDDemo ]>&CLrT>DP
*+k1SCJ BEA WebLogic Server 1T>DP*`,#
3. i$QO$C'Gq;\i4{GT:D`n,x;\i4NNd{C'D`n#
9C<I
1. ZTb?C'tC%cG<1kqX<CD2+T_}#7#vI WebSEAL ~q
w4PO$#*o=K?D,h{CZ?C'T BEA WebLogic Server xPDC
J;4,G);9C WebSEAL CJ BEA WebLogic Server DC'#I(}9C
xg,S}KwjIKYw#,S}Kw9z\;Zxg6p#$J4,x;G(
}9CG+4^FCJ#
2. h*KbDG,Tivoli Access Manager M WebLogic Server <azY'\DO$"
T#b=vz7wT<a,$;v2+TdChC,ChC8(ZbxC'J'.
0JmDns'\"T}#+y]b=vhCPO!D;vbxC'#}g,g{
WebLogic Server dC*JmeNG<'\,x Tivoli Access Manager dC*;J
m}NG<'\,r}NG<'\s+bxC'#
}N%wG<_T
}N%wG<_T(CZyZ LDAP D Tivoli Access Manager 20)9z\;(}8
(G<"T'\DnsN}MM#x(1d4@9Fcz\k%w#K_T4(Kb
y;V4v,4C'ZxP|`N'\DG<"T0,XkH};N1d#}g,_
TIf( 3 N"T'\sXkH} 180 kw*M##bV`MDG<_TI@9Z;
kZ"zm`NDfz"FczzIDG<"T#
}N%wG<_Th*=v pdadmin _T|nhCD2,wC:
32 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
v G<"T'\DnsN}
policy set max-login-failures
v ,}G<"T'\hCDM#
policy set disable-time-intervalM#hCI|(J'x(1ddtrJ'Dj+{C#
g{G<_ThC*(w*>})}N"T'\sMaPX(Dx(1dM#,rZ
DN"T(}7rms)a<B;vms3f,C3fywIZ\k_TJ'QY1
;IC#
1ddtTk*%;8( - (iDn!1ddt* 60 k#
g{ disable-time-interval _ThC* disable,rJ'TKC'x(,RKC'D
LDAP account valid tT;hC* no#\m1(} Web Portal Manager XBtC
CJ'#
":+ disable-time-interval hC* disable a<BnbD\m*z#Z+ accountvalid E"4F=e~1zI\a[l=SY#Kiv!vZzD LDAP 73#K
b,IZ account valid D|BYw,3) LDAP 5VDT\I\aB5#vZ
b)-r,(iz9C,11ddt#
TB pdadmin |nvJCZ LDAP "am#
m 3. pdadmin LDAP G<_T|n
|n hv
policy set max-login-failures {number|unset} [-user username]
policy get max-login-failures [-user username]
\mXFZ5)M#0yJmDnsG<"T'\N}
D_T#K|n!vZZ policy set disable-time-interval
|nPhCDM##
w*\m1,zIT+K_T&CZX(C',2IT
+K_T+V&CZ LDAP "amPPvDyPC'#
1!hC* 10 N"T#
policy set disable-time-interval {number|unset|disable} [-user username]
policy get disable-time-interval [-user username]
\mM#_T,C_TXFZo=G<"T'\Dns
N}1&C{CJ'D1d$H#
w*\m1,zIT+KM#_T&CZX(C',2
IT+K_T+V&CZ LDAP "amPPvDyPC
'#
1!hC* 180 k#
>} Tivoli Access Manager r
*>} Tivoli Access Manager r:
1. 7# BEA WebLogic Server Qt/#
Z 5 B \mNq 33
2. 9CXF(,|D1!r,by|M;aG Tivoli Access Manager for WebLogic
create_realm Yw4(Dr#
3. XBt/ BEA WebLogic Server#
4. *9CXF(>} Tivoli Access Manager r:
a. S BEA WebLogic Server <=8r* Access Manager <j#
b. %wr<j#T>rdC3f#
c. %w>}#T>>}rdC3f#
d. %w7(#T>xPUVND4(r3f#
5. *9C|nP>} Tivoli Access Manager r,r9C AMWLSConfigure -action
delete_realm#PXk AMWLSConfigure -action delete_realm |n;p9CD!
nDj8E",kNDZ 49 3D=< B, :|nlYN<;#
":g{ZD~b9}LP4+ Tivoli Access Manager for WebLogic 20=(iD;
C,r7#+ AMWLSConfigure E>PD AMSSPI_DIR d?hC*5J20?<
D;C#`FX,g{4+ WebLogic 20Z1!;C,rZ ALWLSConfigureE>P9C WebLogic.jar D}7;C|B WLS_JAR d?#
!{dC Tivoli Access Manager for WebLogic*!{dC Tivoli Access Manager for WebLogic:
1. 7# BEA WebLogic Server Qt/#
2. 7# Tivoli Access Manager rQ>}#kNDZ 33 3D:>} Tivoli Access
Manager r;#
3. *9CXF(!{dC Tivoli Access Manager for WebLogic:
a. %w Access Manager D~P#T>dC3f#
b. %w>}#T>!{dC3f#
c. dk Tivoli Access Manager sec_master \k"%w7(#
d. T>xPUVNDdC3f#
4. *S|nP!{dC Tivoli Access Manager for WebLogic,r9C AMWLSConfigure
-action unconfig |n#PXk AMWLSConfigure -action unconfig |n;p9
CD!nDj8E",kNDZ 49 3D=< B, :|nlYN<;#
JOoO<I
wbw}:
v :9CyZm%DG<1D%cG<'\;
v Z 35 3D:WebLogic Server WvZfl#;
9CyZm%DG<1D%cG<'\
1C'Q(}yZm%DG<xPKO$,""TCJ{GTd;_PmI(DJ4
1,aT>TBms{":
^(S WebSEAL "a{"
r*495JOITO$C',{G2;_PCJ Web ]wP servlet DmI(,yT
a"zKiv#
34 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
g{Z9Cy>O$1"zKiv,+XBa>C'dkO$j8E",x;GT>
Ov3f#bG1!D BEA WebLogic Server P*,g{C'1SCJr(}
WebSEAL CJ3f1,+4=Kiv"z#
WebLogic Server WvZfl#
Jb:Wv java.lang.OutofMemory l##
5w:1KPs?D Access Manager for WebLogic Server a01,BEA WebLogic
Server I\aC!QUd#
bv=(:Z startWebLogic E>Pvs Java ibz(JVM)DnsQs!!n#}
g:
%JAVA_HOME%\bin\java -ms64m -mx128m -xms200m -xx:MaxPermSize=128m
ky]&CLre5a9"wz53OKPD{Ds?ZfDxLD}?T0 BEA
WebLogic Server Df>,N< BEA z7D5Tq!FvDQs!#&1T&CLr
xP?HbT,T7(kTd73D`&Qs!#
V^
1. Tivoli Access Manager for WebLogic ;'V]ii1Jq(iPDi)#
2. Tivoli Access Manager for WebLogic 'V`v Tivoli Access Manager r,+G?
vrD sec_master C'Xk;F* sec_master#4,TZ?v Tivoli Access Manager
r,10;PICZ|DKC'{D!n#
3. Z BEA WebLogic Server 8.1 P,IZZi{P;'V0-1V{,rK9C anyother
4zf any-other w*i{#
4. 1T Active Directory dC Tivoli Access Manager for WebLogic 1,IZ
administrators iQ-fZZ Active Directory PRdC+a'\,rKh*+
AdminGroupProp=Administrators hC|D*d|hC#ZdC Tivoli Access
Manager for WebLogic "4( Tivoli Access Manager for WebLogic r.04PK
YwGG#X*D#
5. 19C Tivoli Access Manager for WebLogic XF(44(G+M_T1,1d^
F;\'V#z;\,1+C'rimS=_TMG+#z;\ZG+M_T.d
9C0OR1,0AND1G;\'VD#
6. 1!ivB,Tivoli Access Manager _Y:fC'>$D1d* 2 !1#I(}|
B PdPerm.properties PD appsvr-credcache-life tT4dCK1d5#
7. ;'VS WebSEAL r Tivoli Access Manager Plug-in for Web Servers = WebLogic
Server XF()9D%cG<#+G,IZ WebLogic Server XF(TZSrXx
CJDC'(#G;ICD,rKb;GvsJb#
Z 5 B \mNq 35
Q*JbMd(=(
1. 1?p$i&CLr1,9C Active Directory C'"amxPD20I\av=J
b#KJbiLZ Administrator iM53C'D2`kG+3d#Z Active
Directory P,Administrator iM53C'<G$H(eD,R;\;}%#*}%
b)ms"7#+}7D2+TCZ$i&CLr,r`- certificate.war Web
&CLrD?phv{,}%b)3d,;smSk5JD Administrator iM53
C'`&D3d#
2. ;Jm Tivoli Access Manager for WebLogic SXF(4P_T|BDJbfZZ
BEA WebLogic Server V8.1 P#KJbD BEA WebLogic Server |Dks(CR)
E* CR125113#1=Z BEA WebLogic Server 8.1 service pack PTKJbxP
^)s,E'V9CXF(xP_T|B#
36 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
Z 6 B }%8>E"
>BhvgN}% IBM Tivoli Access Manager for WebLogic Server#
kjITBwZ.;PD8>E":
v :S Solaris }%;
v :S Windows }%;
v Z 38 3D:S AIX }%;
v Z 38 3D:S HP-UX }%;
S Solaris }%
ZLxxP Tivoli Access Manager for WebLogic D}%.0,7#Q>} Tivoli Access
Manager r"!{dC Tivoli Access Manager for WebLogic#PX4Pb)NqDj
8E",kNDZ 33 3D:>} Tivoli Access Manager r;MZ 34 3D:!{dC
Tivoli Access Manager for WebLogic;#
Z Solaris O9C pkgrm }% Tivoli Access Manager for WebLogic#kjITB8
>E":
1. w* root C'G<#
2. *}% Tivoli Access Manager for WebLogic,kdkTB|n:
# pkgrm PDWLS
T>a>,*sz7O}%!(m~|#dkV8 y#
3. T>/f,(*zZ}%}LPT,6C'mI(4PE>#dkV8 y#
+vV4,{"Pv?v}%DD~#Zs}%E>KP.s,+vV;u4,{
",8>QI&}%m~|#pkgrm 5CLrKv#
Tivoli Access Manager for WebLogic m~|D}%QjI#
g{k*}% IBM Tivoli Access Manager Base Hvu~(Tivoli Access Manager Base
runtime environment"Tivoli Access Manager Base Java runtime environment T0I!
D Tivoli Access Manager &CLr*"$_/),kq-6IBM Tivoli Access Manager
Base 208O7PD8>E"#
S Windows }%
ZLxxP Tivoli Access Manager for WebLogic D}%.0,7#Q>} Tivoli Access
Manager r"!{dC Tivoli Access Manager for WebLogic#PX4Pb)NqDj
8E",kNDZ 33 3D:>} Tivoli Access Manager r;MZ 34 3D:!{dC
Tivoli Access Manager for WebLogic;#
9C Windows0mS/>}Lr1<jgfI}% Tivoli Access Manager for WebLogic
D~#kjITB8>E":
© Copyright IBM Corp. 2003 37
1. w*_P\m1X(D Windows C'G<#
2. +wmS/>}Lr<j#
3. !q Access Manager for WebLogic Application Server#
4. %w|D/>}#
Tivoli Access Manager for WebLogic D~;}%#
+vV0,$jI1T0r#
5. %w7(#
Tivoli Access Manager for WebLogic D}%QjI#
g{k*}% IBM Tivoli Access Manager Base Hvu~(Tivoli Access Manager Base
runtime environment"Tivoli Access Manager Base Java runtime environment T0I!
D Tivoli Access Manager &CLr*"$_/),kq-6IBM Tivoli Access Manager
Base 208O7PD8>E"#
S AIX }%
ZLxxP Tivoli Access Manager for WebLogic D}%.0,7#Q>} Tivoli Access
Manager r"!{dC Tivoli Access Manager for WebLogic#PX4Pb)NqDj
8E",kNDZ 33 3D:>} Tivoli Access Manager r;MZ 34 3D:!{dC
Tivoli Access Manager for WebLogic;#
9C installp 5CLrI}% Tivoli Access Manager for WebLogic for AIX m~|#
g{k*}% IBM Tivoli Access Manager Base Hvu~(Tivoli Access Manager Base
runtime environment"Tivoli Access Manager Base Java runtime environment T0I!
D Tivoli Access Manager &CLr*"$_/),kq-6IBM Tivoli Access Manager
Base 208O7PD8>E"#
S HP-UX }%
ZLxxP Tivoli Access Manager for WebLogic D}%.0,7#Q>} Tivoli Access
Manager r"!{dC Tivoli Access Manager for WebLogic#PX4Pb)NqDj
8E",kNDZ 33 3D:>} Tivoli Access Manager r;MZ 34 3D:!{dC
Tivoli Access Manager for WebLogic;#
9C swremove I}% Tivoli Access Manager for WebLogic D~#kjITB8>
E":
1. w* root C'G<#
2. *}% Tivoli Access Manager for WebLogic,kdkTB|n:
# swremove PDWLS
+vV;5P4,{"#+vV;u4,{",8>VvWNQI&#swremove 5
CLr+S2L}% Tivoli Access Manager for WebLogic D~#
1}%YwjI1,swremove 5CLrKv#
Z HP-UX O}% Tivoli Access Manager for WebLogic VZQjI#
38 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
g{k*}% IBM Tivoli Access Manager Base Hvu~(Tivoli Access Manager Base
runtime environment"Tivoli Access Manager Base Java runtime environment T0I!
D Tivoli Access Manager &CLr*"$_/),kq-6IBM Tivoli Access Manager
Base 208O7PD8>E"#
Z 6 B }%8>E" 39
40 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
=< A. tTD~N<
ZdC Tivoli Access Manager for WebLogic "4(r1dkD}]f"ZtTD~P#
b)tTD~ICZ|D Tivoli Access Manager for WebLogic DP*#
tTD~fZZ java_home/amwls/wls_domain_name/wls_realm_name/ P#dP
wls_domain_name *zdCD BEA WebLogic Server r(domain)D{F,
wls_realm_name *Kr(domain)ZzdCD BEA WebLogic Server r(realm)D{
F#
P}vtTD~:
v amsspi.properties
|,X(Z BEA WebLogic Server D SSPI wv=fDdCtT#
v rbpf.properties
|, Tivoli Access Manager for WebLogic DdCtT,}g,_Y:fhC"G+
tTM Tivoli Access Manager \#$TsUd]w{#
v amwlsjlog.properties
KD~PDN}XF Tivoli Access Manager for WebLogic DU>G<MzY,|(
4PDzY/{"+]?#k"b$nzYaT Tivoli Access Manager for WebLogic
DT\zz0l#RG(iv1"T7(JbD-r1E$nzY#
TBwZ|,T?vtTD~PvVDN}Dhv#
jG{0***1m>;ZdC Tivoli Access Manager for WebLogic 1dkDtT#b
)tTZdC1;hC*1!5#g{zk*+b)5hC*;,Z1!5Dd|
5,rh*ZdC"4(r.0,Z`&D .in D~P|DtT5# config M
create_realm Yw9C .in D~PD544( ACL M Tivoli Access Manager \#
$Ts,rKZdCr4(rs;\|Db)5#TBwZP;PC0***1jGDt
TIZdCs\]WX|D#
.in D~IZ /pdwls_install_dir/etc PR=#
amsspi.properties>ZPv"hvK amsspi.properties D~PvVDtT#
com.tivoli.amwls.sspi.config.DeployerGroupProp***1!5* Deployers#1!ivB,BEA WebLogic Server P 4 v\mi,K
tTJmC'+ Deployers \miD{F|D*d|G Deployers D{F#
com.tivoli.amwls.sspi.config.MonitorGroupProp***1!5* Monitors#1!ivB,BEA WebLogic Server P 4 v\mi,K
tTJmC'+ Monitors \miD{F|D*d|G Monitors D{F#
com.tivoli.amwls.sspi.config.OperatorGroupProp***1!5* Operators#1!ivB,BEA WebLogic Server P 4 v\mi,K
tTJmC'+ Operators \miD{F|D*d|G Operators D{F#
© Copyright IBM Corp. 2003 41
com.tivoli.amwls.sspi.config.AdminGroupProp***1!5* Administrators#1!ivB,BEA WebLogic Server P 4 v\mi,
KtTJmC'+ Administrator \miD{F|D*d|G Administrators D
{F#IZ Windows Q-_P;v{* Administrators D\mi,KtTXk
|B,rKTZ9C Active Directory D53,KtTG\X*D#
com.tivoli.amwls.sspi.Authentication.GroupRegistryDelete1!5* true#KtT7(1>} Tivoli Access Manager i1Gq>}Wc?
<PDi#KtTkr*/XU -registry j>(19C pdadmin >}i1)
yp=DwCG`,D#
com.tivoli.amwls.sspi.Authentication.UserRegistryDelete1!5* true#KtT7(1>} Tivoli Access Manager C'1Gq>}Wc
?<PDC'#KtTkr*/XU -registry j>(19C pdadmin >}
C'1)yp=DwCG`,D#
com.tivoli.amwls.sspi.Authentication.ssoEnabled1!5* false#KtTtC/{CS WebSEAL r Tivoli Access Manager
Plug-in for Web Servers = BEA WebLogic Server D%cG<#
com.tivoli.amwls.sspi.Authentication.ssoTrustIdCZ("k WebSEAL r Tivoli Access Manager Plug-in for Web Servers D
ENX*44P%cG<DC'#
com.tivoli.amwls.sspi.Authentication.ssoPasswdExpiry1!5* 120(VS)#KtT8(_Y:f SSO ENj6O$D1d$H(T
VS*%;),;)KNax,rZB;N SSO "T1T Tivoli Access
Manager O$K SSO C'#
com.tivoli.amwls.sspi.RoleMapper.EnableWebProgRolecheck1!5* true#KtTtCr{C Web F.TG+li#KtT9C\m1\
;XU Web &CLrDF.T2+T#
com.tivoli.amwls.sspi.RoleMapper.EnableEjbProgRolecheck1!5* true#KtTtCr{C EJB F.TG+li#KtT9C\m1\
;XU EJB DF.T2+T#
com.tivoli.amwls.sspi.Authentication.GroupDNPrefixTZ LDAP,1!5* cn=#KtTJm\m1ZSXF()94(i1|D
0:#
com.tivoli.amwls.sspi.Authentication.UserDNPrefixTZ LDAP,1!5* cn=#KtTJm\m1ZSXF()94(C'1|
D0:#
rbpf.properties>ZPv"hvK rbpf.properties D~PvVDtT#
com.tivoli.pd.as.rbpf.ProductName1!5* PDWLS#KtTCZZ4( Tivoli Access Manager TsM ACL 1
D"MMhv#
com.tivoli.pd.as.rbpf.RoleContainerName***1!5* Roles#dCs,KtT|D*
42 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
Roles/$WLS_Domain_Name/$WLS_Realm_Name#dP WLS_Domain_Name *dC
D BEA WebLogic Server r(domain)D{F,WLS_Realm_Name *dCD
BEA WebLogic Server r(realm)D{F#
com.tivoli.pd.as.rbpf.ResourceContainerName***1 ! 5 * R e s o u r c e s # d C s , K t T | D *
Resources/$WLS_Domain_Name/$WLS_Realm_Name#dP WLS_Domain_Name *
dCD BEA WebLogic Server r(domain)D{F,WLS_Realm_Name *d
CD BEA WebLogic Server r(realm)D{F#
com.tivoli.pd.as.rbpf.PosRoot***1!5* WebAppServer#KtT* Tivoli Access Manager for WebLogic Py
PG+MJ4DTsUdDxTy#
com.tivoli.pd.as.rbpf.ProductId***1!5* WLS#KtTk PosRoot 5aOTNIyPG+MJ4DTsUd
Dy#
com.tivoli.pd.as.rbpf.AMActionGroup***1!5* WebAppServer#KtT*YwiD1!{F,KYwiCZf"Yw
T8 Tivoli Access Manager for WebLogic CJv(li#
com.tivoli.pd.as.rbpf.AMAction***1!5* i,TCZwC#1 Tivoli Access Manager for WebLogic 4PCJ
v(1liKYw,|+;mSA AMActionGroup#
com.tivoli.pd.as.cache.EnableDynamicRoleCaching1!5* true#KtTtCr{C/,G+_Y:f#/,G+_Y:fCZ_
Y:fyPU(DG+,4G\mG+DG+#|_Y:f}fM:fG+I
1#
com.tivoli.pd.as.cache.DynamicRoleCache1!5* com.tivoli.pd.as.cache.DynamicRoleCacheImpl#KtTGCZ4P/,
G+_Y:fD`#g{X*,I5VzT:D/,G+_Y:f#I(}5
V com.tivoli.pd.as.cache.IDynamicRoleCache SZ4o=K?D#
com.tivoli.pd.as.cache.DynamicRoleCache.NumBuckets1!5* 20#KtT8(Wc"Pm(K"PmCZf"/,G+_Y:fu
?)P&9CDf"xD}?#
com.tivoli.pd.as.cache.DynamicRoleCache.MaxUsers1!5* 100000#KtT*_Y:fPyPf"xDu?\}#+K}V}T
NumBuckets 47(?v%@Df"xDnss!#
com.tivoli.pd.as.cache.DynamicRoleCache.RoleLifetime1!5* 20#KtT8(}fM:f/,G+_Y:fv_Z_Y:fP#t
D1d$H(Tk*%;)#
com.tivoli.pd.as.cache.DynamicRoleCache.PrincipalLifeTime1!5* 10#KtT8(we>$f"Z Tivoli Access Manager for WebLogic
_Y:fPD1d$H(TVS*%;)#k"b,PdPerm.properties 5
(appsvr-credcache-life)7(Z PDJRTE P_Y:f>$D1d#Tivoli Access
Manager for WebLogic S PDJRTE q!yPD>$,rK,g{K5!Z
appsvr-credcache-life,rZ Tivoli Access Manager for WebLogic S PDJRTE
lw;_Y:fD>$1M2GKK5#
=< A. tTD~N< 43
com.tivoli.pd.as.cache.EnableStaticRoleCaching1!5* true#KtTtCr{C2,G+_Y:f#2,G+_Y:fCZ_
Y:f\mG+D}fM:fG+I1#}u?;}Zb,K_Y:fk/,
G+_Y:f`,#IZ\mG+DI1;&|D,bMa_Kb)G+DT
\#
com.tivoli.pd.as.cache.StaticRoleCache1!5* com.tivoli.pd.as.cache.StaticRoleCacheImpl#KtTGCZ4P2,G
+_Y:fD`#g{X*,I5VzT:D2,G+_Y:f#I(}5V
com.tivoli.pd.as.cache.IStaticRoleCache SZ4o=K?D#
com.tivoli.pd.as.cache.StaticRoleCache.Roles1!5* Admin, Operator, Monitor, Deployer#KtT]I;PT:EVtD
\mG+#+KPmPDG+I1mS=2,G+_Y:f(x;G/,G+
_Y:f)P#Z/,G+_Y:fP_Y:fyPd|G+I1#
com.tivoli.pd.as.cache.EnableObjectCaching1!5* true#KtTtCr{CTs_Y:f#Ts_Y:fCZ_Y:fy
P Tivoli Access Manager Ts,|(|GD)9tT#bMJmKD)G+D
_Y:f;Z(CJD) BEA WebLogic Server J4;rx{}K*?vJ4
ksi/ Tivoli Access Manager Authorization server Dh*#
com.tivoli.pd.as.cache.ObjectCache1!5* com.tivoli.pd.as.cache.ObjectCacheImpl#KtTGCZ4PTs_Y:
f D ` # g { X * , I 5 V z T : D T s _ Y : f # I ( } 5 V
com.tivoli.pd.as.cache.IObjectCache SZ4o=K?D#
com.tivoli.pd.as.cache.ObjectCache.NumBuckets1!5* 20#KtT8(Wc"PmPC4f"Ts_Y:fu?DDf"x
D}?#
com.tivoli.pd.as.cache.ObjectCache.MaxResources1!5* 10000#KtT8(_Y:fPyPf"xDu?\}#+K}V}T
NumBuckets 47(?vf"xDnss!#
com.tivoli.pd.as.cache.ObjectCache.ResourceLifeTime1!5* 20#KtT8(Ts#tZTs_Y:fPD1d$H(TVS*%
;)#
com.tivoli.pd.as.rbpf.UncheckedRoles1!5* Unchecked, AmasUnckeched, Anonymous#KtT8(;PT:EVt
D J2EE 4liG+#g{Z(PvG+PDNN;vCJ BEA WebLogic
Server J4,r;[,SDGD)U(G+,<aZ(yPC'CJKJ4#;
\+C'MimS=b)G+#b)G+zmK;V*yPC'(|(4O$
DC')Z(CJX(J4DP'==#IZ Tivoli Access Manager for
WebLogic dC+ Anonymous G+mSx8vy> BEA WebLogic Server J
4,rKC4liDG+&\GtZKPmP#KtT;h*ZdC0hC,
+G;)hCKM;I|D#
com.tivoli.pd.as.rbpf.ExcludedRoles1!5* Excluded, AmasExcluded#KtT8(;PT:EVtD J2EE E}
G+#rK,g{+b)G+PNN;v,S=3vJ4,r;[,SDGD
44 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
)U(G+,;PC'a;Z(CJKJ4#b) J2EE E}G+zmK;V
\xyPC'CJX(J4DP'==#KtT;h*ZdC0hC,+G;
)hCKM;I|D#
com.tivoli.pd.as.rbpf.GrantUnprotectedAccess1!5* true#KtT8(GZh9G\xT;ksJ4(CJ4;\#$)D
CJ;4,;P;ZhNNG+DTs#
com.tivoli.pd.as.rbpf.CopyParentRole***1!5* false#KtTJm\m18(Z4(&Z|X(6pDG+(}g,
Z&CLr6pDG+)1Gq&4FZO_6p(}g,+VG+)(eD
G+I1#Z Tivoli Access Manager P,bf0=+,SD ACL(Z+V6
pO)DyPI14F=,S=TsD ACL(Z&CLr6pO)#KtTxh
\m1Z4(BG+1+LPEn&CZG+I1D\&#(#KtT5&h
C*k PropogateChileRole `,D5#
com.tivoli.pd.as.rbpf.PropagateChildRole***1!5* false#KtTJm\m18(GqTSG+(}g,Z&CLr6p
DG+)wvkZO_6p(}g,+VG+)(eDG+I1,yD|D#
2MG5,+ userA mSx+VG+ RoleA D,1,2+ userA mSxK&
CLr6pD RoleA#KtTZ|BG+I11v?K CopyParentRole "x
;=&CKG+I1LP#(#,KtT5&hC*k CopyParentRole `,
D5#
com.tivoli.pd.as.rbpf.UseEntitlements1!5* false#KtT8> Tivoli Access Manager Authorization Server PD
Z(~qGq&CZU/PXD)G+;Z(CJD)J4DE"#K1!5
* false,rKzIThC9 Tivoli Access Manager for WebLogic KPD Tivoli
Access Manager ~qDn!}?#+G,IZTZ Tivoli Access Manager Policy
Server P%;JOc,rKKtTZbT73Pv\hC* false#KZ(~q
2ZyZZ?Ts_Y:fDO_6pO4P#rK,Zzz73PK5&\
GhC* true#
com.tivoli.pd.as.rbpf.EntitlementsUser1!5* Tivoli Access Manager for WebLogic remote-acl-user#KtT]IC
49CZ(~q4PTsiRDC'#KZ(~q7#}ZS Tivoli Access
Manager \#$TsUdksTsDC';Zh Server Admin Generic0s1m
I(#Z config }LP,+ remote-acl-user mS= iv-admin i,"+KmI
(Zh|#I(}|D}ZksTsDC'4|B|,+G,zh*7#Z
Tivoli Access Manager \#$TsUdPD Resources ]wOZhKBC'0s1
mI(#
com.tivoli.pd.as.rbpf.IgnorePasswordPolicyOnUserCreate1!5* false#KtTJm\m1Z(} BEA WebLogic Server XF(4(
B Tivoli Access Manager C'1vT\k_T#
com.tivoli.pd.as.rbpf.DeleteBaseRoleRecursive1!5* true#KtT8>Z>}8G+1Gq>}yPSG+#
amwlsjlog.propertiesamwlsjlog.properties D~*j< JLog tTD~#|CZXF Tivoli Access Manager
for WebLogic T0 PDJRTE PD{"+]MzY#
=< A. tTD~N< 45
IZ amwlsjlog.properties D~P|,Ds`}tTkRGD?D^X,rK>Z;
PPvyPtT#+G,}GSKD~tCr{C{"+]MzY#
amwlsjlog.properties D~PDu?Z>JOGVcD#I"4*}vi~r*U>G
<,2I*%vi~r*U>G<#
*r*U>G<,;h*+ isLogging tTmS=zk**.tCU>G<Di~#
TBPvDi~* Tivoli Access Manager for WebLogic 'VDyPzYM{"+]i
~#I*b)PvDtT.;tCzY/{"+],2I*yPtTtCzY/{"
+]#TB*?vi~y4PDYwDrLhv#
i~ hv
zY
AmasRBPFTraceLogger T Tivoli Access Manager for WebLogic Z?
YwDzY#
AmasCacheTraceLogger TyP Tivoli Access Manager for WebLogic _
Y:fDzY#
AMSSPICfgTraceLogger T Tivoli Access Manager for WebLogic D
config Yw(}g,G+4()DzY#
AMSSPIAuthzTraceLogger T Tivoli Access Manager for WebLogic DZ
(a)LrDzY#
AMSSPIAuthnTraceLogger T Tivoli Access Manager for WebLogic DO
$a)LrDzY#
AMSSPIRoleMapperTraceLogger T Tivoli Access Manager for WebLogic DG
+3da)LrDzY#
AMSSPIResourceManagerTraceLogger
T Tivoli Access Manager for WebLogic ZJ
4\mwDzY#
{"+]
AmasCacheMessageLogger Tivoli Access Manager for WebLogic Z?Yw
D{"+]#
AmasRBPFMessageLogger yP Tivoli Access Manager for WebLogic _
Y:fD{"+]#
AMSSPICfgMessageLogger Tivoli Access Manager for WebLogic D configYw(}g,G+4()D{"+]#
AMSSPIAuthzMessageLogger Tivoli Access Manager for WebLogic DZ(a
)LrD{"+]#
AMSSPIAuthnMessageLogger Tivoli Access Manager for WebLogic DO$a
)LrD{"+]#
AMSSPIRoleMapperMessageLogger
Tivoli Access Manager for WebLogic DG+3
da)LrD{"+]#
AMSSPIResourceManagerMessageLogger
Tivoli Access Manager for WebLogic ZJ4\
mwD{"+]#
TO?vi~)9K baseGroup traceLogger M baseGroup messageLogger#r
K,ZtTD~P,|GDtT+aMK>}`F:
baseGroup.AMSSPIAuthnMessageLogger.isLogging=true
46 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
TO>}tCK Tivoli Access Manager for WebLogic DO$a)Lr?VD{"+]#
g{k*T}Z(a)LrbDyPi~tCzY,&mSTBP:
baseGroup.TraceLogger.isLogging=truebaseGroup.AMSSPIAuthzMessageLogger.isLogging=false
4,d|yPzYi~+Sy>G<wr%LP true 5#+GZ(G<waC false 5
2G ture 5#
=< A. tTD~N< 47
48 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
=< B. |nlYN<
© Copyright IBM Corp. 2003 49
AMWLSConfigure –action configdC Tivoli Access Manager for WebLogic Server#
o(
AMWLSConf igure –act ion conf ig –domain_admin doma in_admin
–domain_admin_pwd domain_admin_password –remote_acl_user remote_acl_user
–sec_master_pwd sec_master_pwd –pdmgrd_host pdmgrd_host –pdacld_hostpdacld_host [–deploy_extension {true|false}] [–wls_server_url wls_server_url][–am_domain am_domain] [–pdmgrd_port pdmgrd_port] [–pdacld_port pdacld_port][–amwls_home amwls_home] [–verbose {true|false}]
N}
–am_domain am_domain
8( Tivoli Access Manager rD{F#1!r* Default#
–amwls_home amwls_home
8(= Tivoli Access Manager for WebLogic Server 20?<D76#
–deploy_extension {true|false}1hC* true 1,?p Tivoli Access Manager Web Logic Server V5.1 XF()
9#1!5* true#
–domain_admin domain_admin
8( WebLogic r\m1#
–domain_admin_pwd domain_admin_password
8( WebLogic r\m1\k#
–pdacld_host pdacld_host
8( Tivoli Access Manager authorization server wz{#
–pdacld_port pdacld_port
8( Tivoli Access Manager authorization server KZE#1!KZE* 7136#
–pdmgrd_host pdmgrd_host
8( Tivoli Access Manager policy server wz{#
–pdmgrd_port pdmgrd_port
8( Tivoli Access Manager policy server KZE#1!KZE* 7135#
–remote_acl_user remote_acl_user
8(* authorization server 4(D Tivoli Access Manager we#
–sec_master_pwd sec_master_pwd
8( Tivoli Access Manager \mC'\k((#G sec_master)#
–verbose {true|false}1hC* true 1,tCj8dv#1!5* false#
–wls_server_url wls_server_url
8(>X WebLogic Server D URL#1!5*
t3://localhost:7001
50 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwls/sbin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwls\sbin\
1!qKG1!?<D20?<1,K5CLr;Z20?<BD sbin ?<P(}g,
install_dir\sbin\)#
5Xk
I5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\s,T>;ums{"#PXJbD|`j8hv,kND IBM Tivoli
Access Manager Error Message Reference#
=< B. |nlYN< 51
AMWLSConfigure –action unconfig!{dC Tivoli Access Manager for WebLogic Server#
o(
AMWLSConfigure –action unconfig –domain_admin_pwd domain_admin_pwd
–sec_master_pwd sec_master_pwd [–verbose {true|false}]
N}
–domain_admin_pwd domain_admin_pwd
8( Tivoli Access Manager for WebLogic Server r\m1\k#
–sec_master_pwd sec_master_pwd
8( Tivoli Access Manager \mC'\k((#G sec_master)#
–verbose {true|false}1hC* true 1,tCj8dv#1!5* false#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwls/sbin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwls\sbin\
1!qKG1!?<D20?<1,K5CLr;Z20?<BD sbin ?<P(}g,
install_dir\sbin\)#
5Xk
I5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\s,T>;ums{"#PXJbD|`j8hv,kND IBM Tivoli
Access Manager Error Message Reference#
52 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
AMWLSConfigure –action create_realmZ WebLogic Server P4(2+r#
o(
AMWLSConfigure –action create_realm –realm_name realm_name
–domain_admin_pwd domain_admin_pwd –user_dn_suffix user_dn_suffix
–group_dn_suffix group_dn_suffix –admin_group admin_group [–user_dn_prefixuser_dn_prefix] [–group_dn_prefix group_dn_prefix] [–sso_enabled {true|false}][–sso_user sso_user] [–sso_pwd sso_pwd] [–verbose {true|false}]
N}
–admin_group admin_group
8(CZZ?dC?DD Tivoli Access Manager i#
–domain_admin_pwd domain_admin_pwd
8( WebLogic r\m1\k#
–group_dn_prefix group_dn_prefix
8(Z4(i1*9CD(P{F(DN)0:#
–group_dn_suffix group_dn_suffix
8(Z4(i1*9CD(P{F(DN)s:#
–realm_name realm_name
8(}Z4(D WLS rD{F#
–sso_enabled {true|false}1hC* true 1,tC%cG<'V#1!5* false#
–sso_pwd sso_pwd
*%cG<C'(sso_user)8(\k#
–sso_user sso_user
8(CZ4(k Tivoli Access Manager D%cG<ENX*DC'#
–user_dn_prefix user_dn_prefix
8(Z4(C'1*9CD(P{F(DN)0:#
–user_dn_suffix user_dn_suffix
8(Z4(C'1*9CD(P{F(DN)s:#
–verbose {true|false}1hC* true 1,tCj8dv#1!5* false#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwls/sbin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwls\sbin\
=< B. |nlYN< 53
1!qKG1!?<D20?<1,K5CLr;Z20?<BD sbin ?<P(}g,
install_dir\sbin\)#
5Xk
I5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\s,T>;ums{"#PXJbD|`j8hv,kND IBM Tivoli
Access Manager Error Message Reference#
54 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
AMWLSConfigure –action delete_realmS WebLogic Server >}2+r#
o(
AMWLSConfigure –action delete_realm –domain_admin_pwd domain_admin_pwd
[–registry_clean {true|false}] [–verbose {true|false}]
N}
–domain_admin_pwd domain_admin_pwd
8( WebLogic r\m1\k#
–registry_clean {true|false}}%ZdC}LP4(DC'Mi#1!5* false#
–verbose {true|false}1hC* true 1,tCj8dv#1!5* false#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwls/sbin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwls\sbin\
1!qKG1!?<D20?<1,K5CLr;Z20?<BD sbin ?<P(}g,
install_dir\sbin\)#
5Xk
I5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\s,T>;ums{"#PXJbD|`j8hv,kND IBM Tivoli
Access Manager Error Message Reference#
=< B. |nlYN< 55
56 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
=< C. yw
>E"G*Z@za)Dz7M~q`4D#IBM I\Zd{zRrXx;a)>D5
PV[Dz7"~qr&\XT#PXz10yZxrDz7M~qDE",krz
1XD IBM zmI/#NNT IBM z7"Lrr~qD}C"GbZw>r5>;
\9C IBM Dz7"Lrr~q#;*;V8 IBM D*6z(,NN,H&\Dz
7"Lrr~q,<ITzf IBM z7"Lrr~q#+G,@@Mi$NNG IBM
z7"Lrr~q,rIC'TP:p#
IBM +>I\Q5Pr}Zjkk>D5yvZ]PXDwn({#a)>D5"4Z
hC'9Cb)({DNNmI#zITCif==+mIi/Dy:
IBM Director of Licensing
IBM Corporation
500 Columbus Avenue
Thornwood, NY 10594
U.S.A
PX+VZ(DBCS)E"DmIi/,kkzyZzRrXxD IBM *6z(?E*
5,rCif==+i/Dy:
IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106, Japan
>un;JC"zrNNbyDunk1X(I;;BDzRrXx:International
Business Machines Corporation04V41a)>vfo,;=PNNV`D(^[Gw
>D9G5,D)#$,|(+;^Z5,DPXGV("JzMJCZ3VX(C
>D#$#3)zRrXxZ3);WP;Jmb}w>r5,D#$#rK>un
I\;JCZz#
>E"PI\|,<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b
)|D+`k>vfoDBf>P#IBM ITf1T>vfoPhvDz7M/rLr
xPDxM/r|D,x;mP(*#
>E"PTG IBM Web >cDNN}C<;G*K=cp{Ea)D,;TNN==
d1TG) Web >cD#$#G) Web >cPDJO;G IBM z7JOD;?V,
9CG) Web >cx4DgU+IzTPP##
IBM IT4|O*J1DNN==9CrV"zya)DNNE"x^kTzP#NN
pN#
>LrD;mI=g{*KbPXLrDE"To=gB?D:(i)JmZ@"4(
DLrMd{Lr(|(>Lr).dxPE";;,T0(ii)JmTQ-;;DE
"xP`%9C,kkBPX7*5:
© Copyright IBM Corp. 2003 57
IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX 78758
USA
;*qXJ1Du~Mun,|(3)iNBD;(}?D6Q,<IqCb=fD
E"#
>JOPhvDmILr0dyPICDmIJOyI IBM @] IBM M'-i"IBM
zJm~mI-irNN,H-iPDuna)#
K&|,DNNT\}]<GZ\X73PbCD#rK,Zd{Yw73PqCD
}]I\aPwTD;,#P)b?I\GZ*"6D53OxPD,rK;#$k
;cIC53OxPDb?a{`,#Kb,P)b?G(}Fcx@FD,5Ja
{I\aPnl#5Ja{IkK;,#>D5DC'&1i$dX(73DJC}
]#
f0G IBM z7DE"ISb)z7D)&L"dvf5wrd{I+*qCDJO
Pq!#IBM ;PTb)z7xPbT,2^(7OdT\D+7T"f]TrNNd
{XZG IBM z7Dyw#PXG IBM z7T\DJb&1rb)z7D)&La
v#
yPXZ IBM 44=rrbrDyw<If1|DrUX,x;mP(*,|Gvv
m>K?jMb8xQ#
>E"|,U#L5KwP9CD}]M(fD>}#*!I\mvj{,b)>}
|,vK"+>"7FMz7D{F#yPb){V<Gi9D,g{k5JL5s
59CD{FMX7PNN`F.&,?tIO#
g{z}Tm=4q=i4>E",<,MJ+<}I\^(T>#
Lj
TBuoG International Business Machines Corporation Z@zM/rd{zRrXx
DLjr"aLj:
AIX
DB2
IBM
IBM Uj
SecureWay
Tivoli
Tivoli Uj
Microsoft"Windows"Windows NT M Windows UjG Microsoft Corporation Z@z
M/rd{zRrXxDLj#
Java MyPyZ Java DLjMUjG Sun Microsystems,Inc. Z@zMd{zRrX
xDLjr"aLj#
58 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
UNIX G The Open Group Z@zMd{zRrXxD"aLj#
d{+>"z7M~q{FI\Gd{+>DLjr~qjG#
=< C. yw 59
60 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
Jcm
2A3
2+\m(security management): ;V\m<x,+
3i/D\&/PZXFTCi/DI&\X|D&CL
rM}]yxPDCJ#
2+WSVc(secure sockets layer,SSL): a)(
E#\TD;V2+T-i#SSL 9M'z/~qw&C
Lr\;T3VhFC4@9T}"\DM1l{"D=
=xP(E#SSL GI Netscape Communications Corp. M
RSA Data Security, Inc *"D#
2B3
s((bind): 9j6kLrPDm;vTs`X;}
g,9j6k3v5"X7rm;vj6`X,r_9N
=N}k5JN}`X*#
#$6p(quality of protection): }]2+TD6
p,IO$"j{TM#\Tu~DiO7(#
2C3
Yw(action): ;VCJXFm(ACL)mI(tT#
m{CJXFm(access control list,ACL)#
_T(policy): &CZ\\J4D;ifr#
, D > + d - i ( h y p e r t e x t t r a n s f e rprotocol,HTTP): rXx-i/PCZ+d"T>,D
>D5D-i#
2D3
%cG<(single signon,SSO): C'G<;NM\
CJ`v&CLr"x^hVpG<=?v&CLrD\
&#m{+V"a(global signon)#
]}=O$(step-up authentication): ;V\#$T
s_T(POP),|@5Z$HdCDO$6pcNa
9,"y]J4OhCD_T5)X(6pDO$#]}
=O$ POP ;?FC'9C`vO$6pxPO$SxC
JNNx(J4,+*sC'AY9Ck#$CJ4D_
Ty*sD,HO$6pxPO$#
`74CzmLr(multiplexing proxy agent,MPA):
a)`vM'zCJD;VxX#1`vM'z9C WAP
CJ32+r1,b)xXP1;F*^_CJ-i
(Wireless Access Protocol,WAP)xX#xX("(r4
~qwD%vO$(@,"(}K(@dMyPM'zk
sMl&#
`rSO$(multi-factor authentication): ?FC'
9C=vr`vO$6pxPO$D;V\#$Ts_T
(POP)#}g,T3\#$J4DCJXFIT*sC
',19CC'{/\kMC'{/nF(PzkxPO
$#m{\#$Ts_T(protected object policy)#
2F3
CJXFm(access control list,ACL): ZFcz2
+TPk3vTs`X*D;vPm,|8vG)\;C
JCTsDyPweT0|GDCJ(#}g,CJXF
mG;vk3vD~`X*DPm,|8vITCJCD
~DC'"8vC'TCD~DCJ(#
CJXF(access control): ZFcz2+TP,7#
Fcz53DJ4;\IZ(C'TZ(==CJD}
L#
CJmI((access permission): JCZ{vTsD
CJX(#
~q(service): I~qwy4PDYw#~qITGT
*"Mrf"D}]xPDr%ks(}gTD~~q
w"HTTP ~qw"gSJ~~qwM8k~qwDk
s),2ITG|*4SDYw,}gr!~qwrxL
~qwDYw#
1>~qw(replica): |,m;v~qw;vr`v?
<D1>D~qw#1>~qw8]w~qw,Tcv?
T\ruLl&1d,"7#}]j{T#
2G3
+2xXSZ(common gateway interface,CGI): (
eX(E>DrXxj<,b)E>(} HTTP ksS
Web ~qwr&CLr+ME",4.`;# CGI E>G
;vCng PERL .`DE>`FoT`4D CGI Lr#
+C\?(public key): Fcz2+TPyPK<IC
D;V\?#k(C\?(private key)`T#
\m~q(administration service): ;VZ( API K
P1e~,IC4T Tivoli Access Manager J4\mw&
CLr4P\mks#\m~q+l& pdadmin |n"v
D6Lks,T4PngZ\#$TswPPvX(Zc
© Copyright IBM Corp. 2003 61
B D T s . ` D N q # M ' I T 9 C Z (
ADK(Authorization ADK)*"b)~q#
\mr(management domain): ;v1!r,dP
Tivoli Access Manager ?F4PO$"Z(MCJXFD
2+_T#Cr4(ZdC policy server 1#m{r
(domain)#
fr(rule): ;ur`u_-od,b)od9B~~
qw\;6pB~.dDX5(B~`X),T0`&X
4PT/l&#
2H3
s:(suffix): j6>X#fD?<cNa9P%cu?
D;V(P{F#IZa?6?<CJ-i(LDAP)P
y9CD`T|{#=,Ks:JCZC?<cNa9P
D?vd|u?#;v?<~qwIT_P`vs:,?
;vs:<j6>X#fD?<cNa9#
2J3
y>O$(basic authentication): ;VO$=(,Z
ZhC'T32+Z_J4DCJ(.0*sC'dkP
'DC'{M\k#
yZxgDO$(network-based authentication): y
]C'DxJ-i(IP)X7XFTTsDCJD;V\
#$Ts_T(POP)#m{\#$Ts_T(protected
object policy)#
S\(encryption): ZFcz2+TP+}]*;*;
V^(bADN=D}L,9CK=(+^(q!-<}
]r_vI9Cb\}Lq!-<}]#
G+$n(role activation): TG+&CCJmI(D
}L#
G+8((role assignment): *C'8(G+D}L,
Sx9CC'_PTCG+y(eTsD`&DCJmI
(#
xLd(E(interprocess communication,IPC): (1)
Lrd%`(E",=dn/yhzDxL#Ej"EE
MZ?{"SPGxLd(ED#{=(# (2) ;VYw5
3zF,|CxL\;Z,;FczZr(}xgZ`%
.dxP(E#
2,20(silent installation): ;rXF("M{",
xGZU>D~Pf"{"MmsD;V20#Kb,2
,20IT9Cl&D~w*}]dk#m{l&D~
(response file)#
2K3
IluT(scalability): xg53T;Ov$DCJJ
4DC'}wvl&D\&#
IEy(trusted root): 2+WSVc(SSL)PO$P
D(CA)D+C\?T0X*D(P{F#
grO$~q(cross domain authent ica t ionservice,CDAS): a)2mbzFD;V WebSEAL ~
q,9z\;+1!D WebSEAL O$zFf;*r
WebSEAL 5X Tivoli Access Manager m]D(FxL#
m{ WebSEAL#
g r 3 d r \ ( c r o s s d o m a i n m a p p i n gframework,CDMF): ;V`LSZ,9*"_Z9C
WebSEAL gSgx SSO &\1\;TC'm]D3dT
0C'tTD&mxP(F#
2L3
,S(connection): (1) Z}](EP,("Z&\%
*.dCZ+ME"D;VX*# (2) Z TCP/IP P,Z
=v-i&CLr.da)I?}]w+]~qD;V7
6#ZrXxP,,SS;v53OD TCP &CLrSl
=m;v53OD TCP &CLr# (3) Z53(EP,I
TZ=v53.dr53kh8.d+]}]D;V_
7#
*a(junction): 0K WebSEAL ~qwMsK Web
&CLr~qw.dD;V HTTP r HTTPS ,S#
WebSEAL 9C*a4zmsK~qwa)#$TD~q#
nF(token): (1) VrxPD;V(^{E,|S;v
}]>,x+]=m;v>,T8>C>]1XF+di
J#?v}]><Pzaq!"9CnFTXFiJ#n
FGm>}+MmI(D;uX({"r;#=# (2) Vr
x(LAN)PX+diJS;vh8+]=m;vh8D
;rP#1nFs7S}]1,nFMI*!#
7ID~(routing file): |,XF{"dCD|nD;
V ASCII D~#
V/(polling): ;vxL,(}KxL(Z/J}]
b,T7(Gqh*+M}]#
2M3
E'x>(portal): ;V/ID Web >c,|y]X(
C'DCJmI(,/,zIICZCX(C'D Web J
4(}g4S"Z]r~q)D(FPm#
\k(cipher): ;VS\}],Z9C\?+d*;*
wk}](b\).0;IA#
62 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
\?T(key pair): Fcz2+TPD+C\?M(C
\?#1\?TCZS\1,"M=+9C+C\?TE
"xPS\,xSU=+9C(C\?TCE"xPb
\#1\?TCZ){1,){=+9C(C\?TE"
D3Vm>xPS\,xSU=+9C+C\?TCE"
DKVm>xPb\,Sxi$){#
\?7(key ring): Fcz2+TPD;VD~,|,
+C\?"(C\?"IEyM$i#
\?}]bD~(key database file): N{\?7(key
ring)#
\?D~(key file): N{\?7(key ring)#
\?(key): Fcz2+TPD;V{ErP,CZT}
]xPS\rb\D\kc(#N{(C\?(private
key)M+C\?(public key)#
#=(schema): T}](eoTm>D;iod,b)
odj{Xhv}]bDa9#ZX5}]bP,#=(
eKm"?vmPDVNMVNkm.dDX5#
?<#=(directory schema): ITZ?<PvVDP
'DtT`MMTs`#b)tT`MMTs`(eC?
<DtT5Do("XkfZDtTT0I\fZDt
T#
2P3
dC(configuration): (1) E"&m53Dm2~Di
/k%,==# (2) iI53"S53rxgDzw"h8
MLr#
>$^)~q(credentials modification service): ;
VIC4^D Tivoli Access Manager >$DZ( API K
P1e~#IM'Zb?*"D>$^)~qv^ZS>
$tTPm4PmSr}%Yw,"Rv^ZG)O*I
^DDtT#
>$(credential): ZO$}LPqCDj8E",hv
C'"NNiX*T0d|k2+T`XDm]tT#>
$ITCZ4Ps?~q,}gZ("sFM/I#
2Q3
(F(migration): 203LrDBf>rB"PfSx
f;OgDf>r"Pf#
a ? 6 Z } = O $ ( l i g h t w e i g h t t h i r d p a r t yauthentication,LTPA): ;VO$r\,JmZrXx
rPD;i Web ~qwZxP%cG<#
a?6?<CJ-i(lightweight directory accessprotocol,LDAP): {OTBu~D*E-i:(a)9
C TCP/IP a)T'V X.500 #MD?<DCJ,R(b)
;}"T|*4SD X.500 ?<CJ-iDJ4*s#9
C LDAP D&CLr(F*tC?<D&CLr)IT+
?<w*+2}]f"9C,2IT+dCZlwXZv
Kr~qDE",}ggSJ~X7"+C\?rX(Z
~qDdCN}#LDAP nuGZ RFC 1777 P8(D#
LDAP V3 GZ RFC 2251 P8(D,R IETF 9ZLx
*"=SDj<&\#3) IETF (eD LDAP j<#=
ITZ RFC 2256 PR=#
+V"a(global signon,GSO): ;VinD%cG
<bv=8,9C'\rsK Web &CLr~qwa)8
CC'{M\k#+V"a+Z(C'(}%;G<CJ
QZ(d9CDFcJ4# GSO G*3)sMs5hF
D,b)s5I&Zl9DV<=Fc73D`v53M
&CLr9I,GSO 9C';X\m`vC'{M\k#
m{%cG<(single signon)#
2R3
O$PD(certificate authority,CA): )"$iDi
/#O$PDT$iyP_m]T0Z(CyP_9CD
~qxPO$")"B$i"x)VP$i,T07zt
Z;YZ(dLx9C$iDC'D$i#
O$(authentication): (1) ZFcz2+TP,TC'
m]rC'CJTsDJqDi$# (2) ZFcz2+T
P,i${"GqP4|Drp5# (3) ZFcz2+T
P,CZi$E"53r\#$J4DC'D}L#m{
`rSO$(multi-factor authentication)"yZxgDO$
(network-based authentication)M]}=O$(step-up
authentication)#
]wTs(container object): +TsUdi/*;,
D&\xrDa9/8(#
2S3
X$xL(daemon): ;v^KU\KPDLr,CZ
4P,xDr\ZTD"536'ZDNq,gxgX
F#P)X$xL\T/%"4PdNq;xP)r\Z
TKw#
\#$Ts_T(protected object policy,POP): ;
V2+_T,+=Su~?SZ ACL _TJmDYw,T
CJ\#$DTs#J4\mw:p?F4P POP u~#
m{CJXFm(access control list,ACL) "\#$Ts
(protected object)M\#$TsUd(protected object
space)#
Jcm 63
\#$TsUd(protected object space): 5J53
J4DibTsm>,|CZ&C ACL M POP T0Z(
C'CJ#m{\#$Ts(protected object)M\#$T
s_T(protected object policy)#
\#$Ts(protected object): 5J53J4D_-
m>,|CZ&C ACL M POP T0Z(C'CJ#m{
\#$Ts_T(protected object policy)M\#$TsU
d(protected object space)#
Z(~qe~(authorization service plug-in): ;v
I/,0kDb(DLL r2mb),ITI Tivoli Access
Manager Z( API KP1M'zZu</WN0k,T4
PZZ( API P)9~qSZDYw#10ICD~qS
Z|(\m"b?Z(">$^D"Z(M PAC &mS
Z#M'IT9CZ( ADK(Authorization ADK)*"b
)~q#
Z(~q(entitlement service): ;VICZSwer
u~/Db?45XZ(DZ( API KP1e~#Z((
#GX(Z&CLrD}],|+IJ4\mw&CLr
T3VN=9C,rmSAweD>$P,TcZZ(x
LPx;=9C#M'IT9CZ( ADK(Authorization
ADK)*"b)~q#
Z(fr(authorization rule): kNDfr(rule)#
Z((authorization): (1) ZFcz2+TP,ZhC
'k3Fcz53(Er9C3Fcz53D(^# (2) Z
hC'T3vTs"J4r&\Dj+r^FCJ(D}
L#
Z((entitlement): |,_e/D2+_TE"D}]
a9#Z(|,9CX(&CLrImbD==xPq=
/D_T}]M\&#
tTPm(attribute list): |,CZxPZ(v_D)
9E"D4SPm#tTPmGI;i name = value Ti
ID#
}V){(digital signature): ZgSLqP7S=3
}]%*rG3}]%*-}\k*;xID;V}],
9C}]%*DSU=\;i$C%*D4Mj{T"6
pI\vVD1l}]#
2T3
X(tT$i~q(privilege attribute certificateservice): +$(q=D PAC *;* Tivoli Access
Manager >$(4.`;)D;VZ( API KP1M'z
e~#b)~q2ITCZ*+d=2+rDd|I1x
T Tivoli Access Manager >$xPb0r}]`k#M'
IT9CZ( ADK(Authorization ADK)*"b)~q#
m{X(tT$i(privilege attribute certificate)#
X(tT$i(privilege attribute certificate): |,
weDO$"Z(tTMwe\&D}VD5#
3;J4j6(uniform resource identifier,URI): C
ZZrXxOj6Z]DV{.,|(J4{F(?<{
MD~{)"J4;C(?<{MD~{yZDFcz)
T0gNCJJ4(-i,}g HTTP)# URI D>}G
3;J4(;w,r URL#
3;J4(;w(uniform resource locator,URL):
m>FczOrxg(}grXx)PE"J4DV{r
P#KV{rP|,:(a)CZCJCE"J4D-i
Dr4{F,T0(b)C-iCZ(;KE"J4DE
"#}g,ZrXxOBDP,TBb)GCZCJwV
E " J 4 D 3 ) - i D r 4 { F :
http"ftp"gopher"telnet M news;xTBbvrG IBM w
3D URL:http://www.ibm.com#
2W3
b?Z(~q(external authorization service): ;V
Z( API KP1e~,IC49X(Z&CLrr73D
Z(v_I* Tivoli Access Manager Z(v_4D;?
V#M'IT9CZ( ADK(Authorization ADK)*"b
)~q#
xJ-i(Internet Protocol,IP): rXx-i/PD
;V^,S-i,(}xgr%,xg7I}],"d1
O_-ickomxg.dD=i#
D~+d-i(file transfer protocol,FTP): ZrX
x-i/P,9C+dXF-i(TCP)M Telnet ~qZ
zwrwz.d+dz?}]D~D;V&CLrc-
i#
2X3
l&D~(response file): |,TLryaJbD;i
$(eXpDD~,9CKD~M^h?NdkG)5P
.;#
ibw\(virtual hosting): Web ~qwD;V\&,
9d\;TrXxmV*`vwz#
mI((permission): CJ\#$Ts(}gD~r?
<)D\&#TsmI(D}?M,eGICJXFm
(ACL)(eD#m{CJXFm(access contro l
list,ACL)#
2Y3
5qZ((business entitlement): C'>$D9dt
T,CtThvICZTJ4DZ(ksD+8u~#
64 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
rXx-i/(Internet suite of protocols): *Zr
XxO9Cx*"D;i-i,(}rXx$LNqi/
(Internet Engineering Task Force,IETF)Tj<]8
(RFC)D=="<#
C'"am(user registry): N{"am(registry)#
C'(user): 9CId|Tsya)~qDNNvK"
i/"xL"h8"Lr"-ir53#
r{(domain name): rXx-i/Pwz53D{
F#r{I;PT(gV{VtDS{iI#}g,g{
w z 5 3 D + ^ ( r { ( F Q D N ) G
as400.rchland.vnet.ibm.com,rTB?v{F<Gr{:
as400.rchland.vnet.ibm.com"vnet.ibm.com"ibm.com#
r(domain): (1) 2m+2~qR(#p+2C>wC
DC'"53MJ4D_-Vi# (2) FczxgD;?
V , Z d P } ] & m J 4 S \ + 2 X F # m { r {
(domain name)#
*}](metadata): hvyf"}]DXwD}]#
KP1(run time): 4PFczLrD1dN#KP1
73G;V4P73#
2Z3
$i(certificate): Fcz2+TPD;V}VD5,|
++C\?s(=$iyP_m],Sx9$iyP_\
;;O$#$iGIO$PD)"D#
wz(host): ,S=3vxg(}grXxr SNA x
g)"a)=CxgDCJcDFcz#Kb,wzIT
y]73a)TxgD/PXF#wzITGM'z"~
qwr,1w*M'zM~qw#
"am(registry): |,C'"53Mm~DCJ0dC
E"D}]f"#
(C\?(private key): Fcz2+TPvyP_*~
D;V\?#k+C\?(public key)`T#
(P{F(distinguished name,DN): (;j6?<
Pu?D{F#(P{FItT:5TiI,ddC:EV
t#
J4Ts(resource object): 5JxgJ4(}g~
q"D~MLr)Dm>#
T"a(self-registration): G;V}L,ZdPC'I
Tdk*sD}]"I* Tivoli Access Manager D"aC
',x^h\m1DNk#
A
ACL: N{CJXFm(access control list,ACL)#
B
BA: N{y>O$(basic authentication)#
blade: a)X(Z&CLrD~qMi~D;Vi~#
C
CA: N{O$PD(certificate authority)#
CDAS: N{grO$~q(Cross Domain Authentication
Service)#
CDMF: N{gr3dr\(Cross Domain Mapping
Framework)#
CGI: N{+2xXSZ(common gateway interface)#
cookie: ~qwf"ZM'zORZfsDa0}LPC
JDE"#cookie 9~qw\;G!XZM'zDX(E
"#
D
DN: N{(P{F(distinguished name)#
E
EAS: N{b?Z(~q(External Authorization
Service)#
G
GSO: N{+V"a(global signon)#
H
HTTP: N{,D>+d-i(Hypertext Transfer
Protocol)#
I
IP: N{xJ-i(Internet Protocol)#
IPC: N{xLd(E(Interprocess Communication)#
Jcm 65
L
LDAP: N{a?6?<CJ-i(Lightweight Directory
Access Protocol)#
LTPA: N{a?6Z}=O$(lightweight third party
authentication)#
M
management server: QOz#N{ policy server#
P
PAC: N{X(tT$i(privilege attribute certificate)#
policy server: ,$XZ2+rPd|~qwD;CE"
D Tivoli Access Manager ~qw#
POP: N{\#$Ts_T(protected object policy)#
R
RSA S\(RSA encryption): CZS\MO$D+C
\?S\53#K53GI Ron Rivest"Adi Shamir M
Leonard Adleman Z 1977 j"wD#K53D2+T!v
Z+=vsJ}DK}Vb*rSDQH#
S
SSL: N{2+WSVc(Secure Sockets Layer)#
SSO: N{%cG<(Single Signon)#
U
URI: N{3;J4j6(uniform resource identifier)#
URL: N{3;J4(;w(uniform resource locator)#
W
Web Portal Manager(WPM): ;VyZ Web D<N
&CLr,CZZ2+rP\m Tivoli Access Manager
Base M WebSEAL 2+T_T# pdadmin |nPgfD
fzgf,K GUI 'V6L\m1CJ,"9\m1\;
4(/IDC'r,"8(/I\m1xb)r#
WebSEAL: ;V Tivoli Access Manager blade Lr#
WebSEAL G;V_T\"`_LD Web ~qw,|+2
+T_T&C=\#$TsUd#WebSEAL \;a)%c
G<bv=8,"+sK Web &CLr~qwJ4iO=
2+T_TP#
WPM: N{ Web Portal Manager#
66 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
w}
[A]20 14
Z AIX O 14
Z HP-UX O 14
Z Solaris O 15
Z Windows O 16
[C]_T
G< 32
}%8>E"
AIX 38
HP-UX 38
Solaris 37
Windows 37
}% Tivoli Access Manager for WebLogic
gN 37
4(
WebSEAL ac
9C pdadmin 24
EL*s 9
[D]%cG< 10
9C]>&CLrbT 32
G<_T 32
[G]JOoO
Zf;cJb 35
O$ 34
[J]y>O$
QdCC' 5
F.TZ( 30
ac
dC 24
V^
\m J2EE J4 35
iPDi 35
java.security.ACL SZ 35
[N]Zf*s 9
[R]O$
;9C WebSEAL 6
9C WebSEAL 5
b?C' 5
Access Manager 5
[S]ywTZ( 30
5CLr
AMWLSConfigure -action config 50
AMWLSConfigure -action create_realm 53
AMWLSConfigure -action delete realm 55
AMWLSConfigure -action unconfig 52
9C<I 32
Z(
F.T 30
ywT 30
\'V=( 9
[W]Jb7( 34
[X]Hvu~
m~ 10
`Xvfo viii
[Y]]>&CLr 30
QdCC' 5, 32
oT|
G"o 19
AAccess Manager
2+T#M 1
Java runtime environment 11, 17
pdjrtecfg 17
© Copyright IBM Corp. 2003 67
Access Manager (x)
policy server 10
WebSEAL 10
AIX
20 14
}% 38
AMWLSConfigure -action config 50
AMWLSConfigure -action create_realm 53
AMWLSConfigure -action delete realm 55
AMWLSConfigure -action unconfig 52
CCLASSPATH
*0PoT|D startWebLogic hC 19
* startWebLogic hC 18
HHP-UX
20 14
}% 38
Iinstallp 14
JJava
AIX ODKP1 11
Ppdadmin
4( WebSEAL ac 24
pdjrtecfg
|nP 17
pkgadd 15
pkgrm 37
policy server 10
SSMIT 38
Solaris
20 15
}% 37
startWebLogic
|n;C 19
startWebLogic,hC CLASSPATH 18
swinstall 14
swremove 38
WWebLogic Server
~q| 9
f]T== 9
Security Service Provider Interface 9
V7.0 'V 9
WebSEAL 1, 10
%cG< 10, 24
O$ 5
QdCC' 5
WebSEAL ac
dC 24
Windows
20 16
}% 37
68 IBM Tivoli Access Manager for e-business: BEA WebLogic Server /I8O
���
Pz!"
S152-0811-00
![BEA WebLogic Server XΓU - IBMpublib.boulder.ibm.com/tividd/td/ITAME/SC32-1366-01/zh_TW/PDF/am51_wls_guide.pdfw∩ ® IBM ®Tivoli Access Manager for BEA WebLogic Server®]HU Tivoli](https://img.pdfslide.net/doc/110x75/5e87e582a374bd0c512bcb77/bea-weblogic-server-xu-wa-ibm-tivoli-access-manager-for-bea-weblogic.jpg)
