You can configure IBM
® Access Manager to perform authorization as an independent task from configuring Tivoli
Access Manager to perform authentication, but you must configure both tasks. Using Tivoli
Access Manager to perform only authorization is not supported.
Perform the steps in Configuring Tivoli Access Manager to perform authentication only
before configuring Tivoli
Access Manager to perform authorization.
There are additional considerations when you are setting up security to use an external security manager in a cluster environment and across mixed nodes. For instance, it is recommended that you perform any configuration for an external security manager after you have completed all other configuration tasks, including ensuring that the cluster is functional.
Perform the following steps to configure Tivoli
Access Manager to perform authorization:
- Follow the instructions in Configure external authorization.
- Ensure you have followed the instructions for submitting the customization jobs.
- Stop and restart the appropriate servers to propagate the changes. For specific instructions, see the following link under Related tasks: Starting and stopping servers, deployment managers, and node agents.
After you complete the following authorization procedure, the Tivoli
Access Manager protected object space contains entries for roles in the following format: PortalServer_root/role_name/application_name/server_name/cell_name
; for example: PortalServer_root/Administrator@VIRTUAL_EXTERNAL_ACCESS_CONTROL/app/server/cell
Creating the AMJRTE properties file