IBM BS029ML Self Help Guide - Page 115
Con s the WebSEAL TAI in WebSphere Application Server and enables it.
![]() |
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 115 highlights
client certificate permits portal server to use TAM authentication services. The default expiration date of this client certificate is 365 days. Important: If the TAM runtime is not configured before, run-svrssl-config should be run first to set up the environment. Important: Update the client certificate before it expires. Otherwise, it may bring the entire site down. The portal configuration tasks cannot be used to reconfigure the client certificate. You have to run the following commands from the PDadmin command line: # unconfig java.com.tivoli.pd.jcfg.SvrSslCfg -action unconfig \ -admin_id sec_master -admin_pwd \ -appsvr_id \ -policysvr policyserver.acme.com:7135:1 \ -cfg_file /jre/PdPerm.properties and # config java.com.tivoli.pd.jcfg.SvrSslCfg -action config \ -admin_id sec_master -admin_pwd \ -appsvr_id -port 7223 \ -policysvr policyserver.acme.com:7135:1 \ -authzsvr authzserver.acme.com:7136:1 \ -cfg_file /jre/PdPerm.properties \ -key_file /jre/pdperm.ks \ -cfg_action replace where is the server host name you used to run SvrSslCfg to register with the TAM Policy Server, is where Java is installed under WebSphere Application Server, and "authzserver" is the TAM Authorization server. It is crucial to make sure the entries you entered into wpconfig.properties are correct. The configuration tasks in WebSphere Portal take the values of the parameters in the file to assemble and issue PDadmin commands based on the parameters to create the corresponding TAM components. enable-tam-tai: This task does three things: - Takes the parameters in wpconfig.properties and creates the WebSEAL TAI junction. - Configures the WebSEAL TAI in WebSphere Application Server and enables it. - Updates "WP ConfigService" to add timeout.resume.session and set it to true. enable-tam-authorization: This task consists of the following sub-tasks: - Creates the TAM JAAS Login Modules WSLoginModule and PDLoginModule. - Creates the property file "callbackheaderslist.properties" with iv-user and iv-creds. - Updates "WP ExternalAccessControlService" to set up properties for WebSphere Portal to communicate with the TAM Policy Server. - Updates "WP AccessControlDataManagementService" to set the external cache timeout to 300 and whether the roles are reordered for easier reading. - Updates "WP AccessControlService" to enable Externalization. Chapter 4. WebSphere Portal security 101
![](/manual_guide/products/ibm-bs029ml-self-help-guide-6d3dd71/115.png)