Integrating IBM Tivoli Access Manager for e-business 6.1.1 and IBM WebSphere Portal 7.1 using virtual host junctions

Introduction

Virtual host junctions from the IBM® Tivoli® Access Manager for e-business (TAMeb) WebSEAL product are recommended for use with virtual portals since they provide advantages such as the ability to map a virtual host name to each virtual portal and to share sessions across portal instances, if required. Hence users are provided with seamless movements across virtual portals without the need to re-authenticate.

Virtual host junctions are also recommended when there are JavaTM applets or Java scripts contained in a portlet that use absolute URL's and thus will fail to paint with a standard junction.

Prerequisites

You should have the following installed:

• IBM WebSphere® Portal V7
• TAMeB v6.1.1
• TAM Session Management Server (SMS), and a replica set configured

For more details, refer to the “Installation Guide for IBM Tivoli Access Manager for e-business 6.1.1” and the installation instructions for WebSphere Portal on the WebSphere portal wiki.

Integrating WebSphere Portal 7.1 and TAMeB 6.1.1

Integrating WebSphere Portal with a standalone TDS (LDAP)

To do this:

1. Install the Tivoli Directory Server (TDS) client rpm files on the machine where WebSphere Portal is installed. Note that TDS version 6.1.0.6 or later is required in order to work with TAM 6.1.1:

idsldap-clt32bit61-6.1.0-42.x86_64.rpm
idsldap-clt64bit61-6.1.0-42.x86_64.rpm
idsldap-cltbase61-6.1.0-42.x86_64.rpm
idsldap-cltjava61-6.1.0-42.x86_64.rpm

2. Create Portal users in LDAP using the portalusers.ldif file available with the Portal installer:

./idsldap -D cn=root -w tds123 -f portalusers.ldif

3. Configure WebSphere Portal to use TDS as a standalone registry:

Table 1. Required entries

Property name	Property description
standalone.ldap.id	Specifies unique identifier for the repository within the cell
standalone.ldap.host	Host name or IP address of the machine on which TDS is installed
standalone.ldap.port	The port number of LDAP default is 389 (non-secure)
standalone.ldap.binDN	The distinguished name for WebSphere Application Server (WAS) to use when binding with LDAP
standalone.ldap.bindPassword	The password for the binding user
standalone.ldap.ldapServerType	Specify the IBM Directory Server (IDS) for Tivoli Directory Server
standalone.ldap.serverId	Specify the distinguished name for WAS to use when binding to LDAP repository.
standalone.ldap.realm	A security context for the Portal server
standalone.ldap.serverPassword	Specify the password for the above
standalone.ldap.primaryAdminId	The user ID of the WAS administrator
standalone.ldap.primaryAdminPassword	The password for WAS administrator
standalone.ldap.primaryPortalAdminId	The user ID of the Portal administrator
standalone.ldap.primaryPortalAdminPassword	The password for Portal administrator.
standalone.ldap.primaryPortalAdminGroup	The group for Portal administrator users
standalone.ldap.baseDN	Base dn ex( o=ibm,c=us)

These parameters must be same as the entries inserted in Step 2 above (the contents of the file portalusers.ldif); all the other parameters can be left to their defaults

Once the wp_security_ids.properties is ready, use it as a parentProperties file to execute the “validate LDAP” task, which makes sure that the values of your settings are OK:

Once the validation is successful, you can execute the wp-modify-ldap-security task to enable the Portal server to use TDS as a standalone registry:

Integrating and configuring WebSphere Portal with TAM and WebSEAL

To do this:

1. Install the following rpms:
2. Follow the instructions in the InfoCenter topic, “Creating the AMJRTE properties file,” to create Java runtime for TAM from WebSphere Portal.