Follow these steps when setting up the IBM Tivoli Access Manager resource for use with Waveset:
Install the IBM Tivoli Access Manager Java Runtime Component on the Waveset server.
Set your PATH variable to include the path to the JVM for your application server.
Run the pdjrtecfg -action config command to install the following Access Manager .jar files to the JRE’s lib/ext directory:
Remove the following jar files from the InstallDir\idm\WEB-INF\lib directory (depending on your application server, these files may have been removed during the Waveset product installation):
Add the following lines to the java.security file, if they do not already exist:
security.provider.2=com.ibm.crypto.provider.IBMJCEsecurity.provider.3= com.ibm.net.ssl.internal.ssl.Provider |
The number that follows security.provider in each line specifies the order in which Java consults security provider classes and should be unique. The sequence numbers may vary in your environment. If you already have multiple security providers in the java.security file, insert the new security providers in the order given above and renumber any existing security providers. Do not remove the existing security providers and do not duplicate any providers.
Add the VM parameter to the application server:
-Djava.protocol.handler.pkgs=com.ibm.net.ssl.internal.www.protocol |
If necessary, you can add multiple packages by delimiting with a | (pipe symbol). For example:
-Djava.protocol.handler.pkgs=sun.net.www.protocol| \ com.ibm.net.ssl. internal.www.protocol |
Make sure the IBM Tivoli Access Manager Authorization Server is configured and running.
Run theSvrSslCfg command:
For example:
java com.tivoli.pd.jcfg.SvrSslCfg -action config \ -admin_id sec_master -admin_pwd secpw \ -appsvr_id PDPermissionjapp -host amazn.myco.com \ -mod local -port 999 -policysvr ampolicy.myco.com:7135:1 \ -authzsvr amazn.myco.com:7136:1 -cfg_file c:/am/configfile \ -key_file c:/am/keystore -cfg_action create |
The am directory must already exist. Successful completion creates these files in the c:\am directory: