The following procedure describes the general configuration steps to use Tivoli Access Manager as the Web Access Control for Identity Manager. Some of the following steps require detailed knowledge of the Tivoli Access Manager software.
Install and configure IBM Tivoli Access Manager Java Runtime Component on the Identity Manager server.
Configure the JDK Security Settings on the Identity Manager server.
Create the Access Manager SSL Config files on the Identity Manager server.
Create a Junction in Access Manager for the Identity Manager URLs. Refer to the Tivoli Access Manager product documentation for more details.
The following example pdadmin command illustrates how to create a junction:
pdadmin server task WebSealServer create -t Connection / -p Port -h Server -c ListOfCredentials -r -i JunctionName
Configure the Identity Manager Base HREF property for the WebSeal Proxy Server.
Set up the Access Manager resource adapter.
Load the Access Manager users into Identity Manager.
Configure pass-through authentication for Access Manager in Identity Manager.
When a user attempts to access the Identity Manager URLs through Access Manager, the user’s identity is passed in the HTTP header to Identity Manager. Identity Manager then uses that identity to verify the user exists in Access Manager and in Identity Manager. If the user is trying to access the Identity Manager Administrator interface, Identity Manager checks the Identity Manager Security configuration for the user to make sure they have Identity Manager administrative rights. End users are also verified against Access Manager, and whether they have a Identity Manager account.