Removing Tivoli Access Manager from the Lotus Quickr environmentAdded by IBM on June 11, 2010 | Version 1 (Original)
|This file explains how to remove IBM® Tivoli® Access Manager for e-business from the IBM Lotus® Quickr™ for WebSphere Portal environment.
This file explains how to remove IBM® Tivoli® Access Manager for e-business from the IBM Lotus® Quickr™ for WebSphere Portal environment.
Follow these steps to remove IBM Tivoli Access Manager for e-business from the IBM Lotus Quickr for WebSphere Portal environment. After performing this procedure, the following changes occur:
- IBM WebSphere® Application Server handles authentication for Lotus Quickr
- Lotus Quickr handles authorization for its resources
- If you used the credential vault adapter for Tivoli Access Manager, remove the vault adapter and its associated segments. You must perform these steps in the specified order:
- Use the Credential Vault portlet to remove any segments added since installation.
Note: Do not remove DefaultAdminSegment.
- See the Credential Vault portlet help for information.
- In the credential vault manager configuration, remove the Vault.AccessManager Credential Vault Adapter implementation properties, including class, config, manager, and readonly, as described in Setting configuration properties: qp85.
Note: The systemcred.dn property cannot be removed.
- Remove the file named accessmanagervault.properties from the quickr_server_root/base/wp.base/shared/app/config directory.
- If you used Tivoli Access Manager for authorization, use the following steps:
- Change the authentication.execute.portal.jaas.login property to false in authentication service, as described in Setting configuration properties: qp85.
- Change the enableExternalization property to false in Access Control Config Service, as described in Setting configuration properties: qp85. This will prevent the Externalize/Internalize icon from appearing in the Administrative Access portlet once Tivoli Access Manager is removed.
- Use either the Resource Permissions portlet or the XML configuration interface to internalize any resources managed by Tivoli Access Manager.
- Edit the services.properties file found in the quickr_server_root /shared/app/config directory, find the value com.ibm.wps.services.ac.ExternalAccessControlService, and modify it to be com.ibm.wps.ac.impl.ExternalAccessControlDefaultImpl.
- If you previously disabled the ability to create users through Lotus Quickr, now restore it by re-enabling Lotus Quickr auto-registration. Restore the backup copy of the was_profile_root/installedApps/hostname/wps.ear/wps.war/themes/html/theme_name/ToolBarInclude.jsp file that is located in the subdirectory of each theme.
- If you used Tivoli Access Manager for authentication, use the WebSphere Application Server Administrative Console to disable the WebSEAL TAI:
- In the WebSphere Application Server Administrative Console, click Security -> Global security -> Authentication -> Authentication mechanisms -> LTPA. Click Trust Association under Additional Properties.
- Deselect the Trust Association Enabled check box.
- Click OK; then click Save.
- If you enabled user provisioning to Tivoli Access Manager, go to Disabling user provisioning.
- Restart WebSphere Application Server.
- Optional: Prepare to manage Tivoli Access Manager resources more efficiently. Remove all junction points, access control lists (ACLs), protected objectspace entries (POS entries), custom actions and custom action groups.
- Optional: To remove the connection to Tivoli Access Manager, run the run-svrssl-unconfig configuration task to deregister the WebSphere Application Server and Lotus Quickr Server Java Virtual Machine (JVM) fromTivoli Access Manager.
- If necessary, uninstall any Tivoli Access Manager components.
Parent topic: Using Tivoli Access Manager with Lotus Quickr: qp85
WebSphere Application Server product documentation
Tivoli Access Manager product documentation