Open the Tivoli Authorization screen, and configure the following fields:
Name:
Enter a name for the Tivoli filter here.
Object Space:
The object space represents the resource for which the client must be authorized.
Enter the name of the resources in the Object Space field.
You can also enter properties that represent the values of message attributes.
At runtime, the Enterprise Gateway expands the property to the current value of the
corresponding message attribute.
Properties have the following format:
${message.attribute}
For example, to specify the original path on which the request was received by
the Enterprise Gateway as the resource, enter the following property:
${http.request.uri}
Access Method:
Clients can access a resource with a number of permissions such as read,
write, execute and so on. A client is only authorized to access the
requested resource if he has the relevant permissions checked in the
Access Types listbox.
Tivoli Connection Settings:
You must enter details on how the Enterprise Gateway should connect to the Tivoli Access
Manager in this section. The Enterprise Gateway must have been added to Tivoli as a user
for it to connect to the Access Manager. Consult your Tivoli administrator for more
information on how to do this.
Important Note:
You must never allow more than one the Enterprise Gateway instance use
the same account with the Tivoli server.
-
In the Username field, enter the username that
the Enterprise Gateway uses to connect to the Tivoli server. This is the
distinguished name of the Enterprise Gateway's X.509 certificate. You can use
%IP% and %HOSTNAME% to generically represent
the IP and hostname of the Enterprise Gateway instance. For example, the
following entries are both valid:
cn=PdPermission/%IP%, o=Company, c=ie
cn=PdPermission/%HOSTNAME%, o=Company, c=ie
This means that multiple the Enterprise Gateway instances, each of which has
been set up as a Tivoli user, can share this global setting. For
example, one the Enterprise Gateway installation with
cn=10.10.10.10 and another with
cn=20.20.20.20 , can both be represented by
cn=PdPermission/%IP% in the Tivoli Username.
Similarly, an Enterprise Gateway instance with cn=VS_1 and another
with cn=VS_2 can both be represented by
cn=PdPermission/%HOSTNAME% .
-
In the Security Master Password field, enter the
master password.
-
In the Management Server field, enter the IP
address or hostname of the Tivoli Management Server.
-
In the Authorization Server field, enter the IP
address or hostname of the Tivoli Authorization Server.
|