Embed Size (px)
Citation preview
Tivoli® Access Manager for Enterprise Single Sign-On
DPRA Installation and Setup Guide
Version 6.0
SC32-1994-00
���
Tivoli® Access Manager for Enterprise Single Sign-On
DPRA Installation and Setup Guide
Version 6.0
SC32-1994-00
���
Note:
Before using this information and the product it supports, read the information in “Notices,” on page 17.
First Edition (September 2006)
This edition applies to version 6, release 0, modification 0 of IBM Tivoli Access Manager for Enterprise Single
Sign-On (product number 5724-N70) and to all subsequent releases and modifications until otherwise indicated in
new editions.
© Copyright International Business Machines Corporation 2006. All rights reserved.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Table of Contents
Installing TAM E-SSO: Desktop Password Reset Adapter Service ....................... 3 System platform requirements........................................................................... 3 Installation Steps ............................................................................................. 4 Step by step: Install TAM E-SSO: Desktop Password Reset Adapter......................... 6 Step-by-Step: Assign password reset permission to Reset Service........................... 8 Step-by-Step: Restrict Management Console Access ............................................. 8
Installing the TAM E-SSO: Desktop Password Reset Adapter Client.................... 9 Client system requirements ............................................................................... 9 Client installation settings ................................................................................. 9 Installing the client at the command line ............................................................10
Reference and Troubleshooting ........................................................................ 11 Installation and Configuration Notes ..................................................................11 Compatability Issues .......................................................................................12 TAM E-SSO: Desktop Password Reset Adapter Registry Settings ............................13 Additional Procedures ......................................................................................14
Inst
all
ati
on
& S
etu
p
3
Installing TAM E-SSO: Desktop Password Reset Adapter Service
System platform requirements
The following products must be installed on one or more physical servers running Windows 2000 or 2003 server, with Microsoft .NET Framework version 2.0 or later.
• One of the following for the TAM E-SSO: Desktop Password Reset Adapter repository:
TAM E-SSO: Desktop Password Reset Adapter can use one of the following as the repository for the password-reset challenge questions, and the enrolled users, and their responses.
− Microsoft Active Directory® or Active Directory Application Mode (ADAM). The Active Directory server or ADAM instance (that is, Active Directory running as a user service) can be on any server and in any domain, see the Note below. Also see Step by step: Install an ADAM instance on page 14 for more information.
− Microsoft SQL Server® 2000
− Oracle Database®. The .Net Framework Data Provider for Oracle enables data access to Oracle data sources through Oracle client connectivity software. The data provider supports Oracle client software version 10g and later. The .NET Framework Data Provider for Oracle requires that Oracle client software (version 10g or later) be installed on the system before you can use it to connect to an Oracle data source. The .NET Framework Data Provider for Oracle requires the installation of MDAC 2.6 or later. The necessary connection strings need to be formatted as follows: Oracle Provider: Provider=OraOLEDB.Oracle;Data Source=MyOracleDB;User
Id=myUsername;Password=myPassword
• For the TAM E-SSO: Desktop Password Reset Adapter Service Microsoft Internet Information Server (IIS), version 5.0 or later. TAM E-SSO: Desktop Password Reset Adapter uses the IIS Web server to provide a browser-based interface for user enrollment, password-reset challenge, and general setup and administrative tasks. The TAM E-SSO: Desktop Password Reset Adapter server application and IIS must reside on the same server.
Note: If IIS and Active Directory (or the ADAM-instance) are on different computers, then the Anonymous Logon for IIS Web Services (Step 2 below) must be
− a user account in the same domain as (or a trusted domain of) Active Directory or the ADAM instance, and
− provided with read/write access to Active Directory or the ADAM instance.
Installer Requirements To install TAM E-SSO: Desktop Password Reset Adapter, you will need to have Administrative privileges for the TAM E-SSO: Desktop Password Reset Adapter/IIS server.
You will need to provide the following information to configure ADAM:
localhost The host name of the server for Active Directory the ADAM instance
port the port number of Active Directory or he ADAM instance
name1[.name2.name3] The distinguished name of the AD/ADAM domain root.
Inst
all
ati
on
& S
etu
p
4
Installation Steps Follow these steps to install and configure the TAM E-SSO: Desktop Password Reset Adapter service. Refer to the detailed, step-by-step instructions for more information.
Step 1. Install the TAM E-SSO: Desktop Password Reset Adapter server program files
Run one of the TAM E-SSO: Desktop Password Reset Adapter Server installers: TAM E-SSO Desktop Password Reset Adapter Server.exe (or .msi).
See step by step instructions, page 6.
Step 2. Create or identify a user account for Anonymous logon
Create or identify a user account that will be the dedicated Anonymous User account through which TAM E-SSO: Desktop Password Reset Adapter users and administrators access TAM E-SSO: Desktop Password Reset Adapter Web Services. This Anonymous User account, referred to in this guide as SSPRweb, should be a member of the Administrators group.
Notes:
• Because the default Anonymous User account for a Web services, IWAM (for Windows 2000) or IUSER (Windows 2003), is not a member of the Administrator group, you must create or choose a domain user account that is an Administrator; this will allow the account to perform these tasks:
− Start, stop, and change services.
− Read from/write to Active Directory, ADAM-instance, SQL Server, or Oracle database.
− Write to the local-machine registry (HKLM).
• To create a new user account or assign Administrator rights to an existing account, use the Active Directory Users and Computers console (for an Active Directory domain) or the Computer Management console (for non-AD domains).
• The user account you create or choose is specified as the Anonymous User dialog of the Services tool when you complete Step 4 below.
Step 3. Create or identify a user account for the Password and Reset Service
Create or identify a Service Account; this is the domain account that the TAM E-SSO: Desktop Password Reset Adapter uses to log on as a service. The Reset Service user account, referred to in this guide as SSPRadmin, must have password-reset permission.
Notes:
• Because the default user account for a service, typically "LocalSystem," does not have password-change permission, you must create or select a domain user account that does have this permission. This can be an Administrator account (with full permissions) or a non-Administrator user account with this specific permission only. To grant this permission to a non-Administrator account, see Step-by-Step: Assign password reset permission to Reset Service on page 8
• To create a new user account or assign Administrator rights to an existing account, use the Active Directory Users and Computers console (for an Active Directory domain) or the Computer Management console (for non-AD domains).
• The user account you create or specify appears in the Log On As column of the Services tool when you complete Step 4 below.
Inst
all
ati
on
& S
etu
p
5 of 5
Step 4. Configure the Reset Service
Open Internet Explorer and enter this address:
http://serverhost/vgoselfservicereset/managementclient/webservice.aspx
The TAM E-SSO: Desktop Password Reset Adapter Management Console opens, displaying the
Web Service Account dialog page. (Within the Management Console, click the System tab
to display this dialog page).
Type the User Name and Password of the Anonymous Logon account you created or identified
in Step 2.
Type the password again to Confirm, then click Submit.
Click Storage.
Enter the requested connection information for Active Directory, ADAM, SQL Server, or Oracle
Database.
Select Initialize Storage for SSPR.
For Connect As, type the user name of an administrator of the directory server.
Type the administrator password and click Submit.
Click Reset Service.
Type the User Name and Password of the Reset Service user account you created or identified
in Step 3.
Type the password again to Confirm, then click Submit.
Step 5. Restrict Management Console access - optional
Set the access permission for the folder \Program Files\v-GO SSPR\Management Client to only those users who should have administrative rights to TAM E-SSO: Desktop Password Reset Adapter Management Console.
See step by step instructions, page 8.
Step 6. Deploy the TAM E-SSO: DESKTOP PASSWORD RESET ADAPTER client software
See step by step instructions, page 9.
Inst
all
ati
on
& S
etu
p
6
Step by step: Install TAM E-SSO: Desktop Password Reset Adapter
1. Double click the Setup icon TAM E-SSO Destop Password Reset Adapter Client.exe (or .msi):
2. Click [Next].
3. Select I accept the terms in the license agreement and click [Next].
4. Click [Next].
Inst
all
ati
on
& S
etu
p
7
5. Click [Next].
6. Click [Install]. When the installation is complete, click [Finish].
Inst
all
ati
on
& S
etu
p
8
Step-by-Step: Assign password reset permission to Reset Service
1. Open the Active Directory Users and Computers console snap-in.
2. Right-click Users in the left pane and select Delegate Control from the shortcut menu. The Delegation of Control Wizard appears. Click [Next].
3. The Users or Groups page appears. Click [Add] to display the Select Users or Groups dialog box.
4. Select SSPR Admin from the list box and click [Add], then click [OK] to close the Select Users dialog box. Click [Next].
5. For Active Directory Object Type, select Only the objects in the folder, then select User objects from the list. Click [Next].
6. For Permissions, select General, then select Reset Password from the list. Click [Next].
7. Click [Finish] to complete the Wizard.
Step-by-Step: Restrict Management Console Access
1. Open Windows Explorer and navigate to %TAM E-SSO: Desktop Password Reset Adapter home%\
2. Right-click the Management Client and select Properties from the shortcut menu.
3. In the Properties dialog, Click the Security tab.
4. Click [Advanced]
5. Click Inheritable rights for Users to clear the selection. A dialog appears.
6. Click Copy then click [OK]
7. In the Security tab, remove unauthorized users, then click [OK]
8. Click [Add].
9. Select Object Type [Users, Groups, or Built-in security principle]
10. Select From this Location [the server name] and click [OK]
11. Choose an Advanced search and select IIS_WPG (for Windows 2003) or IIS_WAM (for Windows 2000). Click [OK]
Note: All permissions except Full should be checked under the Allow column.
Inst
all
ati
on
& S
etu
p
9
Installing the TAM E-SSO: Desktop Password Reset Adapter Client
The TAM E-SSO: Desktop Password Reset Adapter Client Installer supplies the components needed to run TAM E-SSO: Desktop Password Reset Adapter through the Windows interface. It also sets the registry values that point the TAM E-SSO: Desktop Password Reset Adapter client to the enrollment and reset service and, optionally, offers or obliges workstation users to enroll in the password reset service. Installation can be performed with the Windows Install Wizard or at the command line. The installer package sspr_client.msi can also be customized with site-specific settings using any standard MSI package editor, such as InstallShield AdminStudio or Wise Package Studio.
Client system requirements
Windows 2000 or XP Professional, with Internet Explorer 6.0 SP1 or later.
Client installation settings
The settings Enroll URL, Reset URL, Check Enroll URL, and Status URL must be set during installation. These settings are URLs that point the TAM E-SSO: Desktop Password Reset Adapter client to the appropriate Web service resources for enrollment and password reset.
The optional settings, Automatic Enroll and Force Enrollment, control whether a workstation user is asked or required to enroll in the password reset service at their next logon. These optional values can be set using command-line installation or by modifying the installer package; they are not added by the Install Wizard on the client.
Setting
Check Enroll URL Type the URL of the Enrollment check service (checks if user is enrolled)
http://host/vgoselfservicereset/resetclient/checkenrollment.aspx
Check ForceEnroll URL Type the URL of the Enrollment check service (checks if user is enrolled)
http://host/vgoselfservicereset/resetclient/checkforceenrollment.aspx
Enroll URL Type the URL of the Enrollment service default page
http://host/vgoselfservicereset/enrollmentclient/enrolluser.aspx
Reset URL Type the URL of the reset service default page
http://host /vgoselfservicereset/resetclient/default.aspx
Status URL
Type the URL of the status check service (checks for TAM E-SSO: DESKTOP PASSWORD RESET ADAPTER service availability)
http://host /vgoselfservicereset/resetclient/checkstatus.aspx
Automatic Enroll Set to 1 to offer enrollment option to unenrolled user at next logon. Set to 0 (default) not to offer enrollment upon logon.
Force Enrollment Set to 1 to require unenrolled user to enroll at next logon. Set to 0 (default) not to require enrollment upon logon. If set to 1 this option overrides AutomaticEnroll.
Inst
all
ati
on
& S
etu
p
10
Installing the client at the command line
TAM E-SSO: Desktop Password Reset Adapter Client can be installed as a DOS command, using the following command syntax:
msiexec /i [/q] c:\sspr_client.msi programURLs [enrollOption]
/q Quiet mode: suppress all installer user interface messages. Refer to the description of other Windows Installer command line options for msiexec at http://msdn.microsoft.com.
Using the command line below, silent installs without a reboot of the PC can be achieved. It is assumed that the user’s Windows directory is "Windows" and the SSPR.msi is named "v-go self-service password reset via email.msi":
c:\windows\system32\msiexec.exe /i "C:\support\passlogix\v-go self-service password reset via email.msi" REBOOT=ReallySuppress /q
Note: The full path to the installer .msi must be typed out, as in the example above.
programURLs (required):
REG_CHECKENROLLURL=" http://host/vgoselfservicereset/resetclient/checkenrollment.aspx"
REG_ENROLLURL="http://host/vgoselfservicereset/enrollmentclient/enrolluser.aspx"
REG_RESETURL=" http://host /vgoselfservicereset/resetclient/default.aspx"
REG_CHECKSTATUSURL="http://host /vgoselfservicereset/resetclient/checkstatus.aspx"
where: host is the server name (or domain name/IP address) and path of the folder that holds the TAM E-SSO:
Desktop Password Reset Adapter service root folder.
enrollOption (select one)
REG_ AUTOMATICENROLL={1 | 0} 1 Set AutomaticEnroll on (to offer enrollment in the password reset service to user at the next system logon).
0 Set AutomaticEnroll off (default, no enrollment offered).
REG_ CHECKFORCEENROLLURL={1 | 0} 1 Set ForceEnrollment on (to require users to enroll in the password reset service at their next logon).
0 Set ForceEnrollment off (default, no enrollment required). If selected, this option overrides AutomaticEnroll.
Example: The following command (on a single line) installs the client and points it to the password reset service. It also requires end users at this workstation to enroll the next time they logon.
msiexec /i c:\sspr_client.msi REG_CHECKENROLLURL="http://sspr.passlogix.com/vgoselfservicereset/
resetclient/checkenrollment.aspx"REG_ENROLLURL="http://sspr.passlogix.com/vgoselfservicereset/
enrollmentclient/enrolluser.aspx"REG_RESETURL="http://sspr.passlogix.com/vgoselfservicereset/ resetclient/default.aspx"REG_STATUSURL="http://sspr.passlogix.com/vgoselfservicereset/resetclient/
checkstatus.aspx"REG_FORCEENROLLMENT=1
Inst
all
ati
on
& S
etu
p
11
Reference and Troubleshooting
Installation and Configuration Notes
Using AD/ADAM and IIS Web Services on different servers If IIS and Active Directory or the ADAM-instance are on different computers, then you must provide the IIS Web services with a user account that is in the same domain as (or a trusted domain of) AD/ADAM, and that is provided with read/write access to the directory.
Installing ASP.NET 2.0 with Windows 2000 SP4: "Access is Denied" error When you install ASP.NET 2.0 on a computer running on a Windows 2000 Server domain controller with Service Pack 4 (SP4) installed, the built-in IWAM user account (used by IIS Web services with ASP) is not granted "Impersonate User" rights for ASP.NET 2.0. A request for any ASP resources, including TAM E-SSO: Desktop Password Reset Adapter can produce an "Access is denied" error message. Microsoft has acknowledged that this is an issue in SP4 (Knowledge Base article 824308), and provides the following workaround to manually assign "Impersonate a client after authentication" to the IWAM account:
1. Click Start, point to Programs, point to Administrative Tools, and then click Domain Controller Security Policy.
2. Click Security Settings.
3. Click Local Policies, and then click User Rights Assignment.
4. In the right pane, double-click Impersonate a client after authentication.
5. In the Security Policy Setting window, click Define these policy settings.
6. Click Add, and then click Browse.
7. In the Select Users or Groups window, select the IWAM account name, click Add, and then click OK.
8. Click OK, and then click OK again.
9. To enforce an update of computer policy, type the following command: secedit /refreshpolicy machine_policy /enforce
10. At a command prompt, type iisreset.
Server Error in '/vGOSelfServiceReset/ManagementClient' Application When you install .NET 2.0 on a computer running a newly installed Operating System, the NETWORK SERVICE account must be granted Read/Write access or a server error will be encountered when accessing the TAM E-SSO: Desktop Password Reset Adapter 6.0 Management Console.
To do this, grant the NETWORK SERVICE account Read/Write access to the following folder:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
Note: This is not a TAM E-SSO: Desktop Password Reset Adapter specific issue. All ASP.NET applications will receive this error if the configuration is not correctly set.
Windows Installer Error 1720 Error 1720 occurs during TAM E-SSO: Desktop Password Reset Adapter client software installation when the logged-on user does not have sufficient rights to install software on the workstation. You must log on to workstation as a user with Administrator rights or contact support personnel.
Inst
all
ati
on
& S
etu
p
12
Group Security Policy: Password History setting should be increased TAM E-SSO: Desktop Password Reset Adapter makes use of the password history setting of the Windows 2000 Group Security Policy. You should allow for one additional prior password in addition to the Enforce password history setting. For example, if the setting is 3 (ensuring that a user’s last three prior passwords cannot be reused), TAM E-SSO: Desktop Password Reset Adapter uses one of these, so the actual setting is 2. A higher setting for Enforce password history is recommended for optimal security.
Internet Security settings (Windows 2003 users) The default settings for Windows 2003 Internet Security settings are more stringent than those for Windows 2000 and XP. You must add the TAM E-SSO: Desktop Password Reset Adapter Web service to the workstation's Trusted Sites Internet zone or the Local Intranet zone in order to use TAM E-SSO: Desktop Password Reset Adapter as a Windows 2003 client.
Internet Security settings (Windows Domain and Citrix MetaFrame® users) In order for Windows domain users and Citrix MetaFrame users to access TAM E-SSO: Desktop Password Reset Adapter, you must add the TAM E-SSO: Desktop Password Reset Adapter Web service to the workstation's Local Intranet zone.
Compatability Issues
Fast User Switching not available (Windows XP users only) Installing the TAM E-SSO: Desktop Password Reset Adapter client on Windows XP disables the Fast User Switching feature, which allows multiple users to be logged on to a computer at the same time and to switch among logons by pressing +L. This feature is unavailable because TAM E-SSO: Desktop Password Reset Adapter utilizes a custom GINA (Graphical Identification and Authentication) component that replaces the Microsoft default GINA dynalink library (Msgina.dll). To change logons on a Windows XP computer, a user must log off to allow the next user to logon. To do this, open Task Manager (CTRL+ALT+DELETE), and click Log off.
Inst
all
ati
on
& S
etu
p
13
TAM E-SSO: Desktop Password Reset Adapter Registry Settings
TAM E-SSO: Desktop Password Reset Adapter Server Registry Under HKLM\Software\Passlogix\SSPR
Key Value Name Data Type Data
Storage StorageOrder string (REG_SZ) AD or ADAM
Extensions
Under HKLM\Software\Passlogix\SSPR\Storage\Extensions\
Key Value Name Data Type Data
ADAM Root string (REG_SZ) ADAM partition root
Classname string (REG_SZ) adam
Under HKLM\Software\Passlogix\SSPR\Storage\ Extensions\ADAM\
Key Value Name Data Type Data
Servers Server1 string (REG_SZ) server:port (of the ADAM instance)
Under HKLM\Software\Passlogix\SSPR\Storage\Extensions\
AD Root string (REG_SZ) AD root
Classname string (REG_SZ) ad
Under HKLM\Software\Passlogix\SSPR\Storage\ Extensions\AD\
Key Value Name Data Type Data
Servers Server1 string (REG_SZ) server:port
TAM E-SSO: Desktop Password Reset Adapter Client Registry Under HKLM\Software\Passlogix\SSPR
Key Value Name Data Type Data [URLRoot] : http://[host]/vgoselfservicereset
WindowsInterface EnrollURL string (REG_SZ) URL of the Enrollment service default page: [URLroot]/enrollmentclient/enrolluser.aspx
ResetURL string (REG_SZ)
URL of the reset service default page: [URLroot]/resetclient/default.aspx
StatusURL string (REG_SZ)
URL of the checkstatus page (notifies reset client that reset service is available: [URLroot]/resetclient/checkstatus.aspx
CheckEnrollURL string (REG_SZ)
URL of Enrollment check service (checks if user is enrolled in service): [URLroot]/resetclient/checkenrollment.aspx
AutomaticEnroll dword (REG_DWORD)
Set to 1 to offer enrollment option to unenrolled user at next logon. Set to 0 (default) not to offer enrollment upon logon.
ForceEnrollment dword (REG_DWORD)
Set to 1 to require unenrolled user to enroll at next logon. Set to 0 (default) not to require enrollment upon logon. If set to 1 this option overrides AutomaticEnroll.
CheckForceEnrollment string (REG_SZ)
URL of Enrollment check service (sets number of times user can bypassForce Enrollment): [URLroot]/resetclient/checkforceenrollment.aspx
Inst
all
ati
on
& S
etu
p
14
WindowHeight
DWORD (REG_DWORD)
Adjusts TAM E-SSO: Desktop Password Reset Adapter’s browser window height.
WindowWidth
DWORD (REG_DWORD)
Adjusts TAM E-SSO: Desktop Password Reset Adapter’s browser window width.
Additional Procedures
Install an ADAM instance
1. Start “ADAMSetup.exe
2. Select “A unique instance” and click [Next]
3. Provide your Instance name and click [Next]
4. Specify port numbers of 10000 and 10001 (Ten thousand range, for easy recall) and click [Next]
Inst
all
ati
on
& S
etu
p
15
5. Specify the root DN (e.g., “DC=SSPR, DC=Passlogix,DC=Com”) and click [Next].
6. Specify an easy-to-find base location (e.g.; “%RootDrive%\ADAM\Instance”) and click [Next]
7. Specify the run privileges and click [Next]
8. Specify the Administrative Permissions and click [Next]
Inst
all
ati
on
& S
etu
p
16
9. Select “Do not import LDIF files for this instance of ADAM” and click [Next]
10. Click [Next] as requested to proceed.
11. Click [Finish].
Appendix. Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM® representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user’s responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not give you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM
Intellectual Property Department in your country or send inquiries, in writing, to:
IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106-0032, Japan
The following paragraph does not apply to the United Kingdom or any other
country where such provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS
PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or
implied warranties in certain transactions, therefore, this statement may not apply
to you.
This information could include technical inaccuracies or typographical errors.
Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
© Copyright IBM Corp. 2006 17
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged should contact:
IBM Corporation
2ZA4/101
11400 Burnet Road
Austin, TX 78758
U.S.A.
Such information may be available, subject to appropriate terms and conditions,
including in some cases, payment of a fee.
The licensed program described in this information and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement, or any equivalent agreement
between us.
Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating environments may
vary significantly. Some measurements may have been made on development-level
systems and there is no guarantee that these measurements will be the same on
generally available systems. Furthermore, some measurements may have been
estimated through extrapolation. Actual results may vary. Users of this document
should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of
those products, their published announcements or other publicly available sources.
IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
Trademarks
The following terms are trademarks or registered trademarks of International
Business Machines Corporation in the United States, other countries, or both:
AIX
DB2
developerWorks
eServer
IBM
iSeries
Lotus
Passport Advantage
pSeries
RACF
Rational
Redbooks
Tivoli
WebSphere
zSeries
Microsoft®, Windows®, Windows NT®, and the Windows logo are trademarks of
Microsoft Corporation in the United States, other countries, or both.
18 IBM Tivoli Access Manager for Enterprise Single Sign-On: DPRA Installation and Setup Guide
Intel®, Intel Inside® (logos), MMX and Pentium® are trademarks of Intel
Corporation in the United States, other countries, or both.
UNIX® is a registered trademark of The Open Group in the United States and
other countries.
Linux® is a trademark of Linus Torvalds in the U.S., other countries, or both.
Java™ and all Java-based trademarks are trademarks of Sun
Microsystems, Inc. in the United States, other countries, or
both.
Other company, product, and service names may be trademarks or service marks
of others.
Appendix. Notices 19
20 IBM Tivoli Access Manager for Enterprise Single Sign-On: DPRA Installation and Setup Guide
����
Printed in USA
SC32-1994-00
