IBM Tivoli Access Manager for e-business
BEA WebLogic Server
kU H;-
v|
5.1
SA30-2210-00
IBM Tivoli Access Manager for e-business
BEA WebLogic Server
kU H;-
v|
5.1
SA30-2210-00
V!
L $8M L $8! vxOB &0; gkOb |!,71dLvG NO C :VGgW;;P8JC@
JG(2003b 11y)
L 3$G: u 3$G! 05N mCOv JB Q, IBM Tivoli Access Manager(&0 x# 5724-C08)G v| 5, 1.: 1, v$
gW 0 W pg DS 1.:M v$gW! {kKOY.
© Copyright International Business Machines Corporation 2003. All rights reserved.
qw
-. ......................................vii
L %G gkZ ..................................vii
L %G ;k ..................................viii
|C -{ ....................................viii
1.: $8 ..................................viii
b; $8 ...................................ix
% 8H $8 ..................................ix
3_Z |6- ..................................x
bz 8f 3m- .................................xi
|C -{ ...................................xi
BsN -{ W<: ................................xv
/v W<: bI .................................xv
RA.~n vx .G ................................xv
L %! gkH T" ................................xvi
[Z< T" ..................................xvi
n5<&! {% /v W fN ............................xvi
& 1 e R3 W 3d ................................1
Tivoli Access Manager 8H p( ............................1
Tivoli Access Manager W WebLogic -v kU .......................2
Tivoli Access Manager Security Service Provider Interface 8:dR ..............3
Policy W *R h!................................5
Zx W *R ..................................5
Tivoli Access Manager Nu gk ...........................6
Nk W (g ...................................8
EZ:, !k:, )b 6$ !I: ............................8
& 2 e 3! vCgW ...............................11
vxGB C'{ ..................................11
p:) W ^p. d8gW ..............................11
g| 3! RA.~n ................................12
Tivoli Access Manager Policy Server .........................12
Tivoli Access Manager Authorization Server ......................12
Tivoli Access Manager WebSEAL GB Tivoli Access Manager Plug-in for Web Servers ......13
BEA WebLogic Server ..............................13
Tivoli Access Manager Java 18S .........................14
3! 6}g& gkO) 3! .............................14
install_amwls IG ................................16
xC /?.<& gkO) 3! .............................17
AIX! 3! ..................................17
HP-UX! 3! .................................18
Solaris! 3! .................................19
© Copyright IBM Corp. 2003 iii
Windows! 3! ................................20
& 3 e 8: }w .................................23
& 1 N: Tivoli Access Manager Java Runtime Environment 8: ................23
& 2 N: startWebLogic! kQ CLASSPATH 3$ .....................25
& 3 N: Tivoli Access Manager for WebLogic 8: ....................26
Console Extension Web Application; gkO) Tivoli Access Manager for WebLogic 8:......26
mI`!- Tivoli Access Manager for WebLogic 8: ...................28
& 4 N: Tivoli Access Manager |' 8: ........................29
Console Extension Web Application; gkO) Tivoli Access Manager |' 8: .........29
mI`!- Tivoli Access Manager |' 8: ......................30
& 5 N: BEA WebLogic Server L[ gN B 8: .....................32
WebSEAL $G; gkO) L[ gN B 8: ......................32
Tivoli Access Manager Plug-in for Web Servers& gkO) L[ gN B 8: ..........33
& 6 N: ,/:MH /f; wTO) BEA WebLogic Server Y_ -v /f!- Tivoli Access Manager for
WebLogic 8: ..................................34
& 7 N: 8: W:. ................................34
& 4 e L[ gN B gk !I ............................37
Tivoli Access Manager WebSEAL; gkQ L[ gN B ...................37
& 5 e |. B:) ................................39
Tivoli Access Manager Authorization Server!- N8L2U. -q: gk .............39
Tivoli Access Manager for WebLogic!- gkZ W Wl |. .................40
%p nC.ILG gk ...............................41
gk A.....................................43
38 C5 NWB policy ...............................44
Tivoli Access Manager |' h& ...........................45
Tivoli Access Manager for WebLogic 8: X& ......................46
.&! Xa A ..................................46
gD b] NWN; gkOB L[ gN B GP ......................46
WebLogic -v! ^p. 9\! _}T ........................47
&QgW ....................................47
KAx .&! W.&Xa f} ............................48
& 6 e &E vCgW ...............................49
Solaris!- &E..................................49
Windows!- &E .................................50
AIX!- &E ..................................50
HP-UX!- &E .................................51
NO A. /: DO |6 ...............................53
amsspi.properties .................................53
rbpf.properties ..................................55
amwlsjlog.properties ................................60
NO B. mI |% |6 ...............................63
AMWLSConfigure -action config ...........................64
iv IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
AMWLSConfigure -action unconfig ..........................66
AMWLSConfigure -action create_realm .........................67
AMWLSConfigure -action delete_realm .........................69
NO C. VGgW .................................71
s% ......................................73
kn ......................................75
vN ......................................83
qw v
vi IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
-.
IBM®Tivoli®Access Manager for BEA®WebLogic Server®(LDNB Tivoli Access
Manager for WebLogic)& gkOCT H M; /5UOY. L &0: IBM Tivoli
Access ManagerG bI; .eO) BEA WebLogic Serverk8N [:H nC.I
LG; vxUOY.
®
IBM
Tivoli®Access Manager(Tivoli Access Manager)B IBM Tivoli Access
Manager &0:!- nC.ILG; G`OB % JdQ b; RA.~nTOY. L &
0: IBM Tivoli Access Manager nC.ILG; kUO) $|'Q GQ N) W
|. VgG; &xUOY. kU VgG8N GEGB Li &0: e-business nC.
ILG;'Q W.v) W nC.ILG 8H policy& _S }_D8N |.OB W
<: &n |. VgG; &xUOY.
®
V: IBM Tivoli Access ManagerB L| Tivoli SecureWay
Policy DirectorG u
Nn L'TOY. Tivoli SecureWay Policy Director RA.~n W.-!- g
kQ
|. -v
& L&NM Policy ServerN N(OY.
L %G gkZ
IBM Tivoli Access Manager for WebLogic Server
gkZ H;-
!B BEA WebLogic
Server! VB IBM Tivoli Access Manager gk! kQ 3!, 8: W |. vCg
WL *M V@OY.
L %: Y= gkZ& ks8N UOY.
v 8H |.Z
v W.v) C:[ |.Z
v IT 3hZ
gkZBY=! kX _ Km Vn_ UOY.
v HTTP, TCP/IP, FTP W Telnetz0:NM] ANd]
v WebLogic Server C:[G h! W |.
v Nu W GQ N)& wTQ 8H |.
SSL(Secure Sockets Layer) kE; gkOB fl, SSL ANd], 0 3/(xk W
3Nk), pvP /:, O#- Km.r W CA(Certificate Authority)! kX _ Km
Vn_ UOY.
© Copyright IBM Corp. 2003 vii
L %G ;k
L %: Y=z0L 8:Gn V@OY.
v & 1 e,“R3 W 3d”
Tivoli Access Manager for WebLogicL &xOB Nu W GQ -q:G 3d&
R3UOY.
v & 2 e,“3! vCgW″
Tivoli Access Manager for WebLogic; 3!OB f}! kX 3mUOY.
v & 3 e, ″8: }w”
Tivoli Access Manager for WebLogic; 8:OB f}! kX 3mUOY.
v & 4 e,“|. B:)”
%C nC.ILG; gkOB f}! kX 3mOm, gk A, .&! Xa $8 W
&QgW; &xUOY.
v & 5 e,“&E vCgW”
Tivoli Access Manager for WebLogic; &EOB f}! kX 3mUOY.
|C -{
n2 %L 5rL GBv G0OAi Tivoli Access Manager sLj/., UzPn
_ R % W |C %G 3m; KdOJC@. JdQ %; G0Q D BsN -{ W<
:! kQ vCgW; |6OJC@.
IBM Tivoli Access Manager for e-business &0 Z<! kQ _! $8BY=!
- #; v V@OY.
http://www.ibm.com/software/tivoli/products/access-mgr-e-bus/
Tivoli Access Manager sLj/.BY=z0L 8:Gn V@OY.
v :1.: $8;
v ix dLvG :b; $8;
v ix dLvG :% 8H $8;
v x dLvG :3_Z |6-;
v xi dLvG :bz 8f 3m-;
1.: $8
v IBM Tivoli Access Manager for e-business Read This First(GA30-2205-00)
Tivoli Access Manager 3! W C[Ob! kQ $8& &xUOY.
v IBM Tivoli Access Manager for e-business
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
viii
3!Ob |!
(GA30-2206-00)
b; $8
RA.~n &QgW, .& Xa 8f 3m W.- ;EgWz0: VE $8& &
xUOY.
v IBM Tivoli Access Manager
Web Portal Manager NMdL:& wTQ Tivoli Access Manager b; RA.
~nG 3! W 8: f}! kX 3mUOY. L %: IBM Tivoli Access Manager
for e-business
for Business Integration W IBM Tivoli Access Manager for Operating Systems
M 0: b8 Tivoli Access Manager &0z T2 gkOb 'Q %TOY.
v IBM Tivoli Access Manager Base Administration Guide(SC32-1360-00)
Tivoli Access Manager -q: gk! kQ 3d W }w! kX 3mUOY.
pdadmin mI; gkO) Web Portal Manager NMdL:!- B:)& v`O
B $8& &xUOY.
% 8H $8
v IBM Tivoli Access Manager for e-business
Tivoli Access Manager b; RA.~n W % 8H 8:dR! kQ 3!, 8:
W &E vCgW; &xUOY. L %: IBM Tivoli Access Manager
H;-
v IBM Tivoli Access Manager Upgrade Guide(SC32-1369-00)
% 8H 3! H;-
G v[<.TOY.
b; 3! H;-
(SA30-2207-00)
G -j<.Lg, IBM Tivoli Access Manager
% 8H 3! H;-
(SA30-2208-00)
b; 3!
Tivoli SecureWay Policy Director v| 3.8 GB Tivoli Access ManagerGL
| v|; Tivoli Access Manager v| 5.1N wW9LeOB f}; 3mUOY.
v IBM Tivoli Access Manager for e-business WebSEAL Administration
Guide(SC32-1359-00)
WebSEAL; gkO) 8H % 5^NG Zx; |.OB [w! |Q iWsne
Za, |. }w W bz |6$8& &xUOY.
v IBM Tivoli Access Manager for e-business IBM WebSphere Application Server
kU H;-
Tivoli Access Manager& IBM WebSphere
(SA30-2209-00)
®
Application ServerM kU! kQ
3!, &E W |. vCgW; &xUOY.
v IBM Tivoli Access Manager for e-business IBM WebSphere Edge Server
(SA30-2211-00)
H;-
kU
Tivoli Access Manager& IBM WebSphere Edge Server nC.ILGz kU!
kQ 3!, &E W |. vCgW; &xUOY.
v IBM Tivoli Access Manager for e-business Plug-in for Web Servers Integration
Guide(SC32-1365-00)
-. ix
% -vk C/WN; gkO) % 5^N 8H;'Q 3!, |. }w W bz |
6$8& &xUOY.
v IBM Tivoli Access Manager for e-business BEA WebLogic Server
(SA30-2210-00)
Tivoli Access Manager& BEA WebLogic ServerM kU! kQ 3!, &E W
|. vCgW; &xUOY.
v IBM Tivoli Access Manager for e-business IBM Tivoli Identity Manager
Provisioning Fast Start Guide(SC32-1364-00)
Tivoli Access Manager W Tivoli Identity Manager kU! |CH B:)G 3
d& &xOm Provisioning Fast Start ]:GG gk W 3! f}; 3mUOY.
3_Z |6-
v IBM Tivoli Access Manager for e-business Authorization C API Developer
Reference(SC32-1355-00)
Tivoli Access Manager GQ N) C API W Tivoli Access Manager -q: C
/WNNMdL:& gkO) Tivoli Access Manager 8H; nC.ILG! _
!OB f}; 3mOB |6 Za& &xUOY.
v IBM Tivoli Access Manager for e-business Authorization Java Classes Developer
Reference(SC32-1350-00)
GQ N) APIG Java
Manager 8H; gkOB f}! kX |6$8& &xUOY.
kU H;-
™
pn 8v; gkO) nC.ILGL Tivoli Access
v IBM Tivoli Access Manager for e-business Administration C API Developer
Reference(SC32-1357-00)
|. API& gkO) nC.ILGL Tivoli Access Manager |. B:)& v`
OB f}! kX |6$8& &xUOY. L .-!-B |. APIG C 8v! k
X 3mUOY.
v IBM Tivoli Access Manager for e-business Administration Java Classes Developer
Reference(SC32-1356-00)
GQ N) APIG Java pn 8v; gkO) nC.ILGL Tivoli Access Manager
|. B:)& gkR v VB [w! |Q |6$8& &xUOY.
v IBM Tivoli Access Manager for e-business Web Security Developer Reference
(SC32-1358-00)
CDAS(Cross-Domain Authentication Service), CDMF(Cross-Domain Mapping
Framework) W Password Strength pb! kQ |. W ANW!V $8& &x
UOY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
x
bz 8f 3m-
v IBM Tivoli Access Manager for e-business Command Reference(SC32-1354-00)
Tivoli Access ManagerM T2 &xGB mI` /?.< W :)3.! |Q $
8& &xUOY.
v IBM Tivoli Access Manager Error Message Reference(SC32-1353-00)
Tivoli Access Manager!- }:GB ^CvG 3mz Ge 6!& &xUOY.
v IBM Tivoli Access Manager for e-business Problem Determination
Guide(SC32-1352-00)
Tivoli Access Manager! |Q .&! G0 $8& &xUOY.
v IBM Tivoli Access Manager for e-business Performance Tuning
Guide(SC32-1351-00)
gkZ 9v:..N $GH IBM Tivoli Directory ServerM T2 Tivoli Access
ManagerN 8:GB /f! |Q :I 6$ $8& &xUOY.
|C -{
L}!-B Tivoli Access Manager sLj/.M |CH -{; *-UOY.
Tivoli Software Library!-B white papers, datasheets, demonstrations, redbooks
W announcement lettersM 0: YgQ Tivoli .-& &xUOY. Y=%gL.!
- Tivoli Software Library& gkR v V@OY.
http://www.ibm.com/software/tivoli/library/
Tivoli Software Glossary!B Tivoli RA.~n! |CH bz kn! $GGn V
@OY. Tivoli Software GlossaryBY='!!- 5nN8 < v V@OY. Tivoli
Software Library(http://www.ibm.com/software/tivoli/library/)! VB Glossary 5)
& )#JC@.
IBM Global Security Kit
Tivoli Access ManagerB IBM Global Security Kit(GSKit) v| 7.0; kQ %L
M O#- bI; &xUOY. GSKitB /$ C'{! kQ IBM Tivoli Access
Manager Base CDM IBM Tivoli Access Manager Web Security CD, IBM Tivoli
Access Manager Web Administration Interfaces CD W IBM Tivoli Access Manager
Directory Server CD! wTGn V@OY.
GSKit P0vB 0 %LM#L:, xk-3Nk 0 V W Nu d;;[:OB % g
kGB iKeyman 0 |. /?.< gsk7ikm; &xUOY. Y= -{: Tivoli
Information Center % gL.! VB IBM Tivoli Access Manager &0 .-M 0
:}!- < v V@OY.
-. xi
v IBM Global Security Kit Secure Sockets Layer and iKeyman User’s
Guide(SC32-1363-00)
Tivoli Access Manager /f!- SSL kEL !IO5O h9OB W.v) GB
C:[ 8H |.Z& 'Q $8& &xUOY.
IBM Tivoli Directory Server
IBM Tivoli Directory Server, v| 5.2B gkOB n5 <&G IBM Tivoli Access
Manager Directory Server CD! wTGn V@OY .
V: IBM Tivoli Directory ServerB L|! Y=G L'8N 1.:Gzx RA.~
nG uNn L'TOY.
v IBM Directory Server(v| 4.1 Wv| 5.1)
v IBM SecureWay Directory Server(v| 3.2.2)
IBM Directory Server v| 4.1, IBM Directory Server v| 5.1 W IBM Tivoli
Directory Server v| 5.2B pN IBM Tivoli Access Manager v| 5.1! GX v
xKOY.
IBM Tivoli Directory Server! |Q _! $8BY=!- #; v V@OY.
http://www.ibm.com/software/network/directory/library/
IBM DB2 Universal Database
IBM DB2®Universal Database™Enterprise Server Edition, v| 8.1: IBM Tivoli
Access Manager Directory Server CD!- &xGg IBM Tivoli Directory Server
™
RA.~nM T2 3!KOY. IBM Tivoli Directory Server, z/OS
GB OS/390
LDAP -v& Tivoli Access ManagerG gkZ 9v:..N gkR fl DB2B J
v gWTOY.
DB2! |Q _! $8BY=!- #; v V@OY.
http://www.ibm.com/software/data/db2/
IBM WebSphere Application Server
IBM WebSphere Application Server, Advanced Single Server Edition 5.0: gk
OB n5 <&G IBM Tivoli Access Manager Web Administration Interfaces CD
! wTGn V@OY. WebSphere Application ServerB Tivoli Access Manager&
|.OB % gkGB Web Portal Manager NMdL:M IBM Tivoli Directory Server
& |.OB % gkGB % |. x; Q Y vxR v V5O UOY. Tivoli Access
Manager!B IBM WebSphere Application Server v$Q 25 JdOg, LB IBM
Tivoli Access Manager WebSphere Fix Pack CD!- &xKOY.
®
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
xii
IBM WebSphere Application Server! |Q _! $8BY=!- #; v V@O
Y.
http://www.ibm.com/software/webservers/appserv/infocenter.html
IBM Tivoli Access Manager for Business Integration
IBM Tivoli Access Manager for Business Integration: 05N V.R v VB &
08N, IBM MQSeries
^Cv& &xUOY. IBM Tivoli Access Manager for Business Integration: [v
E nC.ILGz ,|H 0& gkO) WebSphere MQSeries nC.ILGL As
LvCM +a:; !vm % LM& [ER v V5O UOY. WebSEAL W IBM
Tivoli Access Manager for Operating Systems, IBM Tivoli Access Manager for
Business Integration33, IBM Tivoli Access ManagerG -q:& gkOB Zx |
.Z _ O*TOY.
IBM Tivoli Access Manager for Business Integration! |Q _! $8BY=!
- #; v V@OY.
http://www.ibm.com/software/tivoli/products/access-mgr-bus-integration/
®
v| 5.2 8H VgGz IBM WebSphere®MQ v| 5.3
IBM Tivoli Access Manager for Business Integration v| 5.1! kQ |C .-
B Tivoli Information Center % gL.! V@OY.
v IBM Tivoli Access Manager for Business Integration
|. H;-
v IBM Tivoli Access Manager for Business Integration
(SA30-1825-01)
.&! G0 H;-
(GA30-2064-00)
v IBM Tivoli Access Manager for Business Integration
3!Ob |!
(GA30-1827-01)
v IBM Tivoli Access Manager for Business Integration Read This First
(GA30-2063-00)
IBM Tivoli Access Manager for WebSphere Business
Integration Broker
IBM Tivoli Access Manager for Business IntegrationGONN gkR v VB IBM
Tivoli Access Manager for WebSphere Business Integration BrokerB WebSphere
Business Integration Message Broker, v| 5.0 W WebSphere Business Integration
Event Broker, v| 5.0! kQ 8H VgG ; &xUOY. IBM Tivoli Access
Manager for WebSphere Business Integration BrokerB Tivoli Access ManagerM
aUO) O# W GQ $8 b; Nu, _S!- $GH GQ W (g -q:& &x
T8Na JMS x3/E; nC.ILG; 8#OB 6[; UOY.
IBM Tivoli Access Manager for WebSphere Integration Broker! |Q _! $8
BY=!- #; v V@OY.
-. xiii
http://www.ibm.com/software/tivoli/products/access-mgr-bus-integration/
IBM Tivoli Access Manager for WebSphere Integration Broker, v| 5.1! kQ
Y= |C .-B Tivoli Information Center % gL.!- gkR v V@OY.
v IBM Tivoli Access Manager for WebSphere Business Integration Brokers
Administration Guide(SC32-1347-00)
v IBM Tivoli Access Manager for WebSphere Business Integration Brokers
Ob |!
(GA30-2194-00)
3!
v IBM Tivoli Access Manager for Business Integration Read This First
(GA30-2063-00)
IBM Tivoli Access Manager for Operating Systems
IBM Tivoli Access Manager for Operating SystemsB 05N V.R v VB &0
8N, b; n5<&!- &xOB h~ L\! UNIX C:[!- GQ N) policy C
` h~; &xUOY. IBM Tivoli Access Manager for Operating SystemsB
WebSEAL W IBM Tivoli Access Manager for Business Integration33 IBM Tivoli
Access ManagerG -q:& gkOB Zx |.Z _ O*TOY.
IBM Tivoli Access Manager for Operating Systems! |Q _! $8BY=!-
#; v V@OY.
http://www.ibm.com/software/tivoli/products/access-mgr-operating-sys/
IBM Tivoli Access Manager for Operating Systems v| 5.1G Y= .-B Tivoli
Information Center % gL.! V@OY.
v IBM Tivoli Access Manager for Operating Systems
v IBM Tivoli Access Manager for Operating Systems
v IBM Tivoli Access Manager for Operating Systems
(SA30-1842-01)
v IBM Tivoli Access Manager for Operating Systems
v IBM Tivoli Access Manager for Operating Systems Read Me(GA30-1844-01)
IBM Tivoli Identity Manager
IBM Tivoli Identity Manager v| 4.5B 05N V. !IQ &08N, L& gkO
) gkZ(9: gkZ ID W O#)& _S!- |.Om ANqzW(o, nC.ILG,
Zx GB n5 <&! kQ W<:& &x GB kR)R v V@OY. Tivoli Identity
ManagerB Tivoli Access Manager Agent& kX Tivoli Access ManagerM kU
R v V@OY. Agent 8E! |Q Z<Q $8B IBM cgZ!T .GOJC@.
IBM Tivoli Identity Manager! |Q Z<Q $8BY=!- #; v V@OY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
xiv
3!H;-
|.H;-
(SA30-1841-01)
(SA30-1840-01)
.&! G0 H;-
3!Ob|!
(GA30-1843-01)
BsN -{ W<:
/v W<: bI
http://www.ibm.com/software/tivoli/products/identity-mgr/
&0 sLj/.G -{: Y= Tivoli software library! PDF GB HTML |D8
N in V@OY.
http://www.ibm.com/software/tivoli/library
&0 sLj/.! W<:OAi Product manuals 5)& )#JC@. Tivoli Software
Information Center! VB &0 L'; #F )#JC@.
&0 -{: 3!Ob |!, 3! H;-, gkZ H;-, |.Z H;- W 3_Z |
6-& wTUOY.
V: PDF .-& NbR fl, Adobe Acrobat Nb k- sZ(DO → Nb& )#i
%CJ)!- dLv! B_b& 1CO) NbOJC@.
/v W<: bI: E?L RmOE* C" eV n E<{ aTLVB gkZ! R
A.~n &0; gkR v V5O 5M]OY. L &0!-B 86 bz; gkO)
NMdL:G R.& hm =vR v V@OY. GQ 6l: kE 08e& gkO)
W!H gkZNMdL:G pg bI; 6[R v V@OY.
RA.~n vx .G
Tivoli &0! .&! VB fl, IBM Tivoli Software Support! .GR v V@O
Y. Y=%gL.!- Tivoli Support 5)& -/ IBM Tivoli Software Support&
|6OJC@.
http://www.ibm.com/software/support/
vxL JdQ fl, Y=%gL.!- IBM Software Support Guide! 3mQ f
}; gkO) RA.~n vx! .GOJC@.
http://techsupport.services.ibm.com/guides/handbook.html
' -{: .&!G I"5! {% IBM Software Support! .GOB f} W Y=
z0: $8& &xUOY.
v nO W {U:
v gkZ! SQ 9!G|-x# W |Z lm VR
v vx; d;Ob |! KF_ R $8
-. xv
L %! gkH T"
L %!-B /v knM 6!, n5<&0 mIzfN! kX )/ T"; gkUO
Y.
[Z< T"
L %!-BY=z0: [Z< T"L gkKOY.
=T X:. ;! %CGB R.Z W kR.Z %U mI, 0ve, E3/v, IG,
boSC
pk:dL:
n5<&! {% /v W fN
Java ,!: L' W @j'.B =T %CKOY.
/v, -{ &q, -6OB }L* \nB
X:. ;! %CGB p:d., DO, bB, mI`, Ze 9&, C:[ ^C
v, TBX_ OB X:. W Nv* GB mI IG: pk:dL:N %C
KOY.
boSC
N %CKOY.
L %!-B p:d. %b W /f /v v$! UNIX T"; gkUOY. Windows
mI; gkR flB, /f /vG $variable; %variable%N YYm, p:d. fN
G =!C(/)& i=!C(\)N YYJC@. Windows C:[!- bash ); gkR f
l, UNIX T"; gkOJC@.
xvi
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
& 1 e R3 W 3d
Tivoli Access Manager for WebLogic: Tivoli Access ManagerG 8H bI; g
kO) BEA WebLogic Server nC.ILG! kQ W<:& 8#OB Tivoli Access
Manager! kQ .eTOY. BEA WebLogic Server Security Service Provider
Interface& gkR fl, Tivoli Access Manager for WebLogic: Tivoli Access
Manager!|.OB gkZ 9v:..& gkO) ,sLp.& NuUOY.IBM
Tivoli Access Manager WebSEAL(WebSEAL) GB IBM Tivoli Access Manager
Plug-in for Web Server& gkO) O] gkZ L[ gN B! kQ vx; &xO
5O Tivoli Access Manager for WebLogicG 8H bI; .eR v V@OY.
Tivoli Access Manager for WebLogic; gkO) WebLogic -v nC.ILG:
Zy GB h!& /fRJdxL Tivoli Access Manager 8H; gkR v V@O
Y.
Tivoli Access Manager for WebLogic; 3!Ob |! Tivoli Access Manager 8
H 5^N; h!X_ UOY.
Tivoli Access Manager! MwOv J: gkZB 8H 5^N; h!Ob |! Tivoli
Access Manager 8H p(; KdX_ UOY. )b!B 8H p(! kQ #\Q d
`L &xKOY.
Tivoli Access Manager 8H p(
Tivoli Access ManagerB v*{8N PjH N.s] W M:.s]! VB Zx;
6zOT 8#X VB O|Q GQ W W.v) 8H policy |. VgGTOY.
Tivoli Access ManagerB V7\G 8H policy |.& &xUOY. GQ Nu, GQ,
%LM 8H, Zx |. bI; vxUOY. Tivoli Access Manager& %X NM] b
] nC.ILGz T2 gkO) El H|Om _ |.GB N.s] W M:.s]
; teR v V@OY.
Tivoli Access ManagerBY=; &xUOY.
v Nu A9Sv)
Tivoli Access ManagerB Nu, b; Nu, gD W HTTP lu& wTQ $|'
Q Nu ^?Or; vxUOY.
v GQA9Sv)
Tivoli Access ManagerB GQ policy |.& 'QA9Sv)& &xUOY. GQ
policyB _S!- |.Gg #MAsLn |<G W<: {k v!8N Z? Ph
© Copyright IBM Corp. 2003 1
KOY. Tivoli Access Manager GQ -q:B xC Tivoli Access Manager -v
W -eD<(third-party) nC.ILGG W<: d;! kQ
OY.
WebSEAL:%b] Zx! kQ Tivoli Access Manager Zx 8H |.ZTOY.
WebSEAL: 8# %Zx! <P-H 8H;{kOB m:I V<:9e % -vT
OY.
Tivoli Access Manager Plug-in for Web ServersB Tivoli Access ManagerM k
UO) %ZxG|< 8H VgG; &xUOY. L C/WN: % -vM ?OQA
N<:G D.N 6[O) 5xOB " d;;NMA.Om GQ a$L JdQv )
N& a$Og JdOi gkZNu v\; &xUOY.
Tivoli Access Manager Plug-in for Web Servers W WebSEAL; QY L[ gN
B VgG; &xOm % nC.ILG Zx;ZEG 8H policy! kUC3 v V
@OY.
IBM Tivoli Access Manager! kQ .-& KdO) h! a$; ;.B % JdQ
$8& wTO) Tivoli Access Manager! kX u Z<OT ho v V@OY. L
%G -.!B |C Tivoli Access Manager .-G qOL wTGn V@OY.
ckWEN
& a$U
Tivoli Access Manager W WebLogic -v kU
Tivoli Access Manager for WebLogic, v| 5.1: Y=; vxUOY.
v BEA WebLogic Server v| 7.0 SP2
v BEA WebLogic Server v| 8.1 SP1
Tivoli Access Manager for WebLogic v| 5.1: SSPI(Security Service Provider
Interface)& gkO) BEA WebLogic Server! kQ |< 8H A9Sv)& &x
UOY.
V: Tivoli Access Manager for WebLogic v| 5.1: BEA WebLogic Server g
kZ $G |'& vxOv J@OY. BEA WebLogic Server gkZ $G |'
! kQ vx: Tivoli Access Manager for WebLogic v| 4.1G D.TOY.
BEA WebLogic ServerB -eD<(thrid-party) 8H &xZ(9: Tivoli Access Manager
for WebLogic)G SSPI& &xO) ZEG 8H bI; BEA WebLogic Server 8
6!O|w kUC5OY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
2
Tivoli Access Manager Security Service Provider Interface 8:d
R
Tivoli Access Manager for WebLogic:[:H b;8H |'& " BEA WebLogic
Server 8H 5^Nz YYm Y=z0: BEA WebLogic Server 8H &xZ& &
xUOY.
v Nu&xZ
v GQ &xZ
v *R JN &xZ
Tivoli Access Manager for WebLogic: b; BEA WebLogic Server GQ $8
JN 8H &xZ W b; 0:dn& gkUOY.
'! *-H " &xZB GQ WebLogic \V; kX 8: m}; R v VT OB
Management Bean(MBean); wTUOY. F!G}!-B Li " &xZ W
MBeanL &xOB bI! kX Z<w 3mUOY.
Tivoli Access ManagerBY= kU v!! BEA WebLogic Server& &xUOY.
Nu&xZ
Tivoli Access Manager for WebLogic Nu&xZB BEA WebLogic Server \x
Nu; 8vUOY. \x Nu!- gkZB gkZL' W O# 6U; gkO) BEA
WebLogic Server! kX NuOAB C5& UOY. Tivoli Access ManagerB Tivoli
Access Manager Java 18S 8:dR& gkO) L gkZL' W O#& !KU
OY.
Tivoli Access Manager for WebLogic: GQ WebSEAL GB Tivoli Access Manager
Plug-in for Web Servers L[ gN B bI; &xOB % gkGB Z< NWN p
b; &xUOY. L[ gN B bI gk !I! kQ <NgW: 37 dLvG & 4
e :L[ gN B gk !I;! wTGn V@OY.
Tivoli Access Manager for WebLogic! kQ Nu&xZB )/ 8:dRN Lg
n. V@OY.
v Nu&xZ
IBM Tivoli Access Manager for WebLogic Server Nu&xZ& WebLogic 8
H A9Sv)! kUC5OY.
v JAAS(Java Authentication and Authorization Service) NWN pb
\x W L[ gN B Nu; v`UOY. JAAS NWN pb: JAAS %XL v$
QA0C^(gkZ)N $vxV&&.OUOY. Tivoli Access Manager for
& 1 e R3 W 3d 3
WebLogic:Z< NWN pb; &xOB%, L pb: Tivoli Access Manager
Java 18S 8:dR& gkO) Tivoli Access Manager Authorization Server!
kX NuUOY.
v Nu MBean
WebLogic \V; kX Nu&xZ& 8:R v V5O UOY. GQ gkZ!
Tivoli Access Manager for WebLogic \V .e; gkO) gkZ& _!Om
h&OB Mz 0: gkZ 9v:.. |. B:)& v`R v V5O UOY.
GQ &xZ
GQ &xZB BEA WebLogic ServerM\N GQ -q: #GNMdL:& &xU
OY. GQ &xZB BEA WebLogic Server Zx! kQ W<:! ckGBv GB
ENGBv )N& G0UOY. W<: a$: Tivoli Access Manager Java 18S 8
:dR& gkO) PhH PDPermission ,!:& gkO) [:KOY.
Tivoli Access Manager for WebLogic! kQ GQ &xZBY= 8:dRN Lg
n. V@OY.
v GQ &xZ
GQ &xZ& WebLogic 8H A9Sv)! kUC5OY. Tivoli Access Manager
for WebLogic GQ &xZB BEA WebLogic Server Zx! kQ W<:& &n
R S8 FOs Tivoli Access Manager @j'. x#! policy h! W Tivoli
Access Manager @j'. x#!- policy &E& 3.UOY.
v GQ MBean
WebLogic \V; kX GQ &xZ& 8:R v V5O UOY. WebLogic \V
; kQ policy [: W h&M 0: 6[; O5O #bI v5 V@OY.
*R JN &xZ
*R JN &xZB *R; |.OB % gkGB BEA WebLogic ServerM\N G
Q -q: #GNMdL:& &xOB % gkKOY. *R JN &xZB GQ &x
ZG %SN policy8YB *R! _!; SOY.
*R JN &xZBY=z0: 8:dRN Lgn. V@OY.
v *R JN &xZ
*R JN &xZ& WebLogic 8H A9Sv)! kUC5OY. Tivoli Access
Manager for WebLogic *R JN &xZB *RG h! W &E! kQ %S;
!}OY.
v *R JN MBean
WebLogic \V; kX *R JN &xZ& 8:R v V5O UOY. WebLogic
\V; kX *R; h&O)*R 8:x;[: W ;EOB Mz 0: 6[; O
5O #bI v5 V@OY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
4
Policy W *R h!
Policy W *R; h! p:)3M! $GOE* WebLogic \V; kX [:R v V
@OY. J2EE nC.ILGG h! C, nC.ILG h! p:)3M ;! $GH *
R W policyB Tivoli Access Manager 8# @j'. x#8N ]bKOY.
Tivoli Access Manager |. /?.<N pdadmin GB Tivoli Access Manager Web
Portal Manager& gkO) policy& [:R vB V8* v`R vB x@OY. Tivoli
Access Manager for WebLogic; gkOB BEA WebLogic Server& C[Ob |
! Tivoli Access Manager! n !v b; policy! [:Gn_ UOY. LB Tivoli
Access Manager for WebLogic 8: _ v`KOY. Tivoli Access Manager for
WebLogic 8:! kQ <NgW: 23 dLvG & 3 e :8: }w;! *M V@O
Y.
Zx W *R
BEA WebLogic ServerB )/ 3G -N Y% Zx /|; $GOg, pN Tivoli
Access Manager for WebLogic! GX vxKOY. pg Zx /|: Tivoli Access
Manager for WebLogic ;!- ?OQ M8N #VGGN, BEA WebLogic Server
G bD 1.:k8N [:H u Zx /|5 Z?8N vxKOY.
pg Zx /|! kX $GH policy W *R: Tivoli Access Manager 8# @j
'. x#! ?OQ fD8N zeKOY.
vg 8#Gv Jm vxGB BEA WebLogic Server Zx qO: Y=z0@OY.
v |. Zx
v nC.ILG Zx
v COM Zx
v EIS Zx
v EJB Zx
v JDBC Zx
v JMS Zx
v -v Zx
v URL Zx
v % -q: Zx
Tivoli Access Manager 8# @j'. x#!- Zx: Y= |D8N %CKOY.
/WebAppServer/WLS/Resources/wls_domain/wls_realm/resource_type/Details
Tivoli Access Manager 8# @j'. x#!- *R: Y= |D8N %CKOY.
/WebAppServer/WLS/Roles/wls_domain/wls_realm/role_name/AppName
& 1 e R3 W 3d 5
Li Tivoli Access Manager 8# @j'. AWLJ L': Tivoli Access Manager
for WebLogic8N 8:H /: DO; gkO)O|w 8:I v V@OY. {s-
pg BEA WebLogic Server W b8 nC.ILG-v& ?OQ Tivoli Access
Manager 5^N ;! 8:R v V@OY. LB pg nC.ILG-v /|G *R
W policy! kQ }_H '!& [:R v V5O UOY.
Tivoli Access Manager Nu gk
Tivoli Access Manager& gkO)\N gkZ GB ;N gkZ! kQ Nu; &
xR v V@OY. \N gkZ! kQ Nu: WebSEAL GB Tivoli Access Manager
Plug-in for Web ServersG L[ gN B bI! G8UOY. V{G W.v) 8H
;'X WebSEAL GB Tivoli Access Manager Plug-in for Web Servers& kX
\N gkZG W<: d;; vEOB " WebLogic -vB ;N gkZG W<: d
;; $COv ;F_ UOY. Y=}!-B \N gkZM ;N gkZ pN! kX
Nu; 3.OB f}! kX 3mUOY.
WebSEAL; gkO)\N gkZNu
F! YLnW%: 8# Zx! W<:OAB \N gkZG d;; 3.OB p(;
8)]OY.
W2
1. Tivoli Access Manager
B \N gkZ! kQ L[ gN B Nu; &xUOY
Y= qO!-B 'G W2! %CH AN<:! kX 3mUOY.
1. \N gkZ! 8# Zx! kQ W<:& d;UOY. WebSEAL: #MAsLn
G 8H W.v)! in!b |!d;; vEUOY
2. WebSEAL: gkZG d;;NMA.O) Tivoli Access Manager 8H 5^N
!- Xg gkZ& NuUOY.
6 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
.
WebSEAL: gkZL' W O#, Nu-, gkZL' W RSA SecureID GB
gkZ $GNu ^?OrGNu ^Re& vxUOY.
WebSEAL: d;H URL W Tivoli Access Manager W<: policy! {s Z
< GQ a$;{kUOY. WebSEAL: mAgW(9: h$ /?:, C# W Nu
^?Or);{kR v V@OY.
3. gkZG URL d;L GQ N)H D, WebSEAL:L& WebLogic -vN |
^UOY. d;!B \N gkZL'z b; Nu lu ;G /v O#! wTK
OY. /v O#B sso_user! SOg Security Service Provider Interface!
WebSEAL; d; @.x8N .NR v V5O UOY.
sso_user! kQ Z<Q $8B 23 dLvG & 3 e :8: }w;& |6OJC
@.
4. WebLogic -vB NuH gkZ IDM O#& Security Service Provider Interface
N umOT |^UOY.
5. Security Service Provider InterfaceB Tivoli Access Manager Nu -q:& g
kO) WebSEALL &xQ O#! '! 3mH sso_user! kX CY% O#N
v KuUOY. o, L O#B d; @.xL WebSEALLsB EZ& bJN U
OY
L& GQ! kQ d;L XqGz@OY.
;N gkZNu
F!G YLnW%!-B
m 8# Zx! W<:Ob 'Q d;; 3.OB p(; 8)]OY.
;N
gkZ! WebSEAL GB C/WN 8H; kOv J
W2
2. Tivoli Access Manager Custom Realm
: ;N gkZG Nu; &xUOY
& 1 e R3 W 3d 7
.
Y= qO!-B 'G W2! %CH AN<:! kX 3mUOY.
1. ;N gkZ! 8# Zx! kQ W<:& d;UOY.
2. WebLogic gkZNu pbL gkZG ID& Security Service Provider Interface
N 8@OY.
3. Security Service Provider InterfaceB Nu d;; gkZ 9v:..N 8@O
Y.
NuL OaGi, Security Service Provider InterfaceB L gkZL';NuH
gkZN- WebLogic -vN .OUOY.
4. d;; GQ N)Ob 'X BEA WebLogic ServerB vgNuH gkZ(F65
GQL N)Gv J:)! d;H Zx! W<:R v V5O GQL N)GzBv
)N& G0OB Tivoli Access Manager for WebLogic GQ &xZ!T 68U
OY.
W<:B Zx! kQ W<:! N)H *R; 1COm vgNuH gkZ! L
/Q *RL N)GzBv )N& a$OB Tivoli Access Manager Authorization
Server!T #bO) G0KOY.
Nk W (g
Tivoli Access Manager for WebLogic ;!- Nk: Tivoli Access Manager Java
18S 8:dR& gkO) PhH IBM JLog ,!:! GX 3.KOY. Tivoli Access
Manager for WebLogic W Tivoli Access Manager for WebLogicz T2 x^H
/:
JLog
OY. L8T Oi Tivoli Access Manager for WebLogicL WebLogic NW DO!
L%.& w" NWR v V@OY.
DO; BEA WebLogic Server Nk ,!:& gkO5O 8:R v V@
EZ:, !k:, )b 6$ !I:
Tivoli Access Manager for WebLogic: Tivoli Access Manager Java 18S ,!
:& gkO) Tivoli Access Manager 8# @j'. %LM#L: W gkZ 9v
:..& 6[UOY. ;N Tivoli Access Manager for WebLogic 3CB W<: a
$! kQ :I bs; &xUOY.
Tivoli Access Manager Java 18S ,!:B Tivoli Access Manager Authorization
Server @y 98& vxUOY.1w Authorization Server! UsI fl,2w -v
! kQ @y 98! Z? _}UOY.
GeGB /f 3$: 9& acld W Tivoli Access Manager for WebLogic N8L2
U. -q:& gkOB MTOY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
8
W<: a$: Tivoli Access Manager for WebLogicz T2 &xGB Tivoli Access
Manager Authorization Server N8L2U. -q: GB Tivoli Access Manager
Policy Server& gkO) v`R v V@OY.
Tivoli Access Manager Policy Server 8:: GP W :IG \O v! .& '.
! W:. /f!-8 gkX_ UOY. N8L2U. -q:B ANvG /f!- g
kG5O /$OT3_Gz@OY. Z<Q ;k: 39 dLvG :Tivoli Access Manager
Authorization Server!- N8L2U. -q: gk;; |6OJC@.
& 1 e R3 W 3d 9
10 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
& 2 e 3! vCgW
Le:Y= V&N 8:Gn V@OY.
v :vxGB C'{;
v :p:) W ^p. d8gW;
v 12 dLvG :g| 3! RA.~n;
v 14 dLvG :3! 6}g& gkO) 3!;
v 17 dLvG :xC /?.<& gkO) 3!;
vxGB C'{
Tivoli Access Manager for WebLogic, v| 5.1: Y=; vxUOY.
v BEA WebLogic Server v| 7.0 SP2
v BEA WebLogic Server v| 8.1 SP1
Tivoli Access Manager for WebLogic:L1.:! kQ gkZ $G |'& vx
Ov J@OY. kE, L kU: BEA WebLogic Server SSPI(Security Service Provider
Interface)& vxUOY.
Tivoli Access Manager for WebLogic: Y= n5 <&!- vxKOY.
v IBM AIX 5.1
v Sun Solaris 8 W 9
v Hewlett-Packard HP-UX 11.0 W 11i(BEA WebLogic Server v| 7.08)
v Microsoft Windows 2000 Server W Advanced Server(-q: Q 3)
V: Tivoli Access Manager for WebLogic: Java 2 Security Manager& gkO)
G`OB C:[; vxUOY. Java policy DO: Java 2 Security ManagerG
/$ Ze#L:! [wOB % JdQ GQ; wTOB RA.~nM T2 &xK
OY.
p:) W ^p. d8gW
Tivoli Access Manager for WebLogicG p:) W ^p. d8gW: Y=z0@
OY.
v 64MB RAM, 128MB GeJ
© Copyright IBM Corp. 2003 11
BEA WebLogic Server W b8 Tivoli Access Manager 8:dR! v$H Jv
^p. L\! JdQ ^p. gTOY. _! 64MB RAM: 3L :I; V{-O
B % gkKOY.
Y% Tivoli Access Manager 8:dR! JdQ ^p. g: #:. C:[! 3
!H Tivoli Access Manager 8:dR! {s ^s}OY. Z<Q $8B IBM Tivoli
Access Manager
v 2MB p:) x#, 4MB GeJ
BEA WebLogic Server W b8 Tivoli Access Manager 8:dR! JdQ p:
) x# L\! _!N JdQ x#TOY.
v NW DO! kX 5MB p:) x#
LB RA.~n 8:dR! JdQ p:) x# L\! _!N JdQ x#TOY.
g| 3! RA.~n
Tivoli Access Manager for WebLogicG 3!& OaOAi Y=z0: g| 3!
RA.~n! JdUOY.
v :Tivoli Access Manager Policy Server;
b; 3! H;-
& |6OJC@.
v 13 dLvG :Tivoli Access Manager WebSEAL GB Tivoli Access Manager
Plug-in for Web Servers;
v 13 dLvG :BEA WebLogic Server;
v 14 dLvG :Tivoli Access Manager Java 18S;
Tivoli Access Manager Policy Server
Tivoli Access Manager for WebLogic; 3!Ob |! Tivoli Access Manager 8
H 5^N; 3$X_ UOY.
Tivoli Access Manager Policy Server& 3!R ' Tivoli Access Manager 8H 5
^NL 3$KOY. L Policy ServerB gkZ n5 <&G IBM Tivoli Access
Manager Base CD!- hwKOY.
O]{8N Tivoli Access Manager Policy ServerB Tivoli Access Manager for
WebLogic; cgOB C:[z Y% C:[! 3!KOY.
Tivoli Access Manager Authorization Server
Tivoli Access Manager Authorization ServerB BEA WebLogic Server W Tivoli
Access Manager for WebLogicL 3!H Mz ?OQ #:.! 3!Gn_ UOY.
Authorization ServerB BEA WebLogic Server! Tivoli Access Manager GQ -
q:! kQ W<:& &xUOY. Authorization ServerB GQ -v 0? 9Ze&
zeOb 'Q Nk W (g ]:G-v *R; UOY.
12
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
Tivoli Access Manager WebSEAL GB Tivoli Access Manager
Plug-in for Web Servers
Tivoli Access Manager WebSEAL(WebSEAL) W Tivoli Access Manager Plug-in
for Web Servers(C/WN): Tivoli Access Manager for WebLogicL gkR v V
B % b] 8H -q:& &xUOY. Li nC.ILGL 3! OaGi BEA
WebLogic Server L[ gN B VgG; &xOB % gkR v V@OY.
WebSEAL GB C/WN: Tivoli Access Manager for WebLogic; 3!Ob 'Q
g| 3! RA.~n! FUOY. W/* L[ gN B VgG; d8R fl!B J
dUOY.
WebSEAL GB C/WN! kQ 3! vCgW! kX-B IBM Tivoli Access
Manager for e-business
WebSEAL GB b8 AOC -v& gkO) BEA WebLogic Server!,aR f
l, L AOC -v! BEA WebLogic Server 8# Zx! W<:OB gkZG \O
,t v!Nv .NX_ UOY. W<:& &QOAi BEA WebLogic Server ,a J
M& [:X_ UOY. ,a JM& gkOi W<:& &QOb 'Q *R; gkOB
kE W.v) 9'!- Zx; 8#R v V@OY. ,a JM [:! kQ Z<Q ;
k: BEA WebLogic Server .-& |6OJC@.
% 8H 3! H;-
& |6OJC@.
BEA WebLogic Server
Tivoli Access Manager for WebLogic; #:.R C:[! BEA WebLogic Server
! 3! W 8:Gn_ UOY. BEA WebLogic ServerB startWebLogic mI; g
kO) C[UOY.
BEA WebLogic ServerB AIX& &\Q pg vx C'{! JdQ Java Runtime
EnvironmentM T2 P hKOY. Tivoli Access Manager for WebLogic: ?OQ
JRE(Java Runtime Environment)& gkUOY. BEA WebLogic ServerG 3!& O
aOi JRE! kQ Tivoli Access Manager for WebLogic |&6G; f7C5OY.
AIXG IBM Java Runtime Environment
AIX C:[!- BEA WebLogic Server 7.0; gkOAi Tivoli Access Manager
for WebLogic; #:.R C:[! IBM Java Runtime Environment v| 1.3L 3
!Gn_ UOY. AIX C:[!- BEA WebLogic Server 8.1; gkOAi Tivoli
Access Manager for WebLogic; #:.R C:[! IBM Java Runtime Environment
v| 1.4! 3!Gn_ UOY. Tivoli Access Manager for WebLogic:Li?O
Q v|G Java Runtime Environment& gkUOY.
& 2 e 3! vCgW 13
Tivoli Access Manager Java 18S
Tivoli Access Manager for WebLogic; #:.R C:[! Tivoli Access Manager
b;G Tivoli Access Manager Java 18S v| 5.1 /f; 3! W 8:X_ UO
Y.
Tivoli Access Manager Java 18S /f: Java b] Nu W GQ bI; &xU
OY. Java ,!:B BEA WebLogic Server! gkOB JRE(Java Runtime
Environment)& .eUOY.
Tivoli Access Manager for WebLogic; #:.R C:[! Tivoli Access Manager
Java Runtime Environment& 8:Ob |! Tivoli Access Manager 8H 5^N;
.3X_ UOY.
Tivoli Access Manager Java Runtime EnvironmentB " vxGB n5 <&! k
Q IBM Tivoli Access Manager Base CD! GX PhKOY. 3!! kQ Z<Q
;k: IBM Tivoli Access Manager
3! 6}g& gkO) 3!
b; 3! H;-
& |6OJC@.
VG
L 3! 6}gB BEA WebLogic Server, v| 7.0G b; 3! '!! kX-
8 vxKOY. BEA WebLogic Server, v| 8.1; gkOB fl,17dLv
G :xC /?.<& gkO) 3!;G vCgW; {#JC@.
install_amwls 3! 6}gBY= 8:dR& {}Q x-N 3!Om 8:O) Tivoli
Access Manager for WebLogic Server C:[G 3$; \x-C5OY.
v Access Manager Java Runtime Environment
v Access Manager for WebLogic Server
install_amwls 6}g& gkO) Tivoli Access Manager for WebLogic Server C
:[; 3!Om 8:OAi Y= \h& {#JC@.
1. Tivoli Access Manager 9v:.. -v, Policy Server W Authorization Server
& LL 5^N! 3$_Bv .NOJC@.
2. pg JdQ n5 <& P!! 3!GzBv .NOJC@. Z<Q $8B 11 d
LvG :vxGB C'{;; |6OJC@.
3. 5n(b;*) L\G Y% pnN sB W ^Cv& 8Ai 3! 6}g& G`O
|!
b
4. L C:[! BEA WebLogic Server! 3! W 8:Gn Vm BEA WebLogic
Server 5^NL [:GzBv .NOJC@.
14 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
pn vx P0v& 3!X_ UOY.
5. Windows C:[!- G` _N pg ANW%; >aOJC@.
6. BEA WebLogic Server& C[OJC@.
UNIX /WLS_install_dir/user_projects/domain_name/
startWebLogic.sh
Windows
C:\WLS_install_dir\user_projects\domain_name/
startWebLogic.cmd
7. BEA WebLogic Server WebLogic_install_dir/server/bin p:d.!- Y
= :)3.& G`O) CLASSPATH W PATH /v& 3$Q D WebLogic
.jars& CLASSPATH, bin W lib p:d.! _!OJC@.
UNIX .setWLSEnv.sh
Windows
setWLSEnv.cmd
3! 6}g& G`Ob |! BEA WebLogic ServerM T2 &xH Java G`
DOL C:[ fN!- G U! VBv .NOJC@.
8. AIX, HP-UX(BEA WebLogic Server 7.08), Solaris W Windows C'{k Tivoli
Access Manager Web Security CDG g. p:d.! VB install_amwls A
NW%; G`OJC@. BEA WebLogic Server! b; '!! 3!Gn Vv J
8i, Y= mI; gkO) 3! 6}g& G`X_ UOY.
install_amwls -is:javahome path
)b- pathB 6}g& gkQ 3!& v`OB % gkGB jreG'!TOY.
V:
a. #\w b; 3! *; cD2E* Z ? 3!& 'X install_amwls.
options.template DO; gkR v V@OY. JdQ pg *; wTC0
Ai #\w DO; m}OJC@.
v b;*; cD2Ai Y= mI; gkOJC@.
install_amwls -options install_amwls.options.template
v Z? 3!& v`OAi Y=; gkOJC@.
install_amwls -silent -options install_amwls.options.template
b. BEA WebLogic ServerM T2 &xGB JDK& gkR ' q5n C'{G
3! 6}gB C[ -i! O|Gv JB X:.& %CR v V@OY. L
%C .&B G& RA.~n 3!!5b; Vv J@OY. L .&!; $$
OAi, IBM JDK 1.3.1; 3!Om L& gkO) install_amwls& G`O
JC@.
& 2 e 3! vCgW 15
3! 6}g! C[Gn 16 dLvG :install_amwls IG;! 3mH kN 8:
$8! kQAR A. & %CUOY. \ Windows C:[!-B Tivoli Access
Manager for WebLogic! kX b; 3! p:d.& $CX_ UOY.
V: L $8& &xOi(GB b;*; $COi), u Ls 3TGv Jm 8:d
R! 3!Gm 8:KOY.
3! 6}gG G !!B 3!H 8:dR, C5H 8:gW W Oa )N& 8)
VB d` -iL %CKOY. 3!! OaGzv8 8:L GPH fl,23dL
vG & 3 e :8: }w;G \h! {s Tivoli Access Manager for WebLogic
; v?8N 8:OE* Y= \h& hSv`R v V@OY.
9. BEA WebLogic Server& _vOJC@.
10. 3! ANW%L AMSSPIProviders.jar DO; /bea_install_dir/weblogic/
server/lib/mbeantypes p:d.! 9g_Bv!KOJC@. L p:d.! X
g DOL 8gOv J; fl, /amwls_install_dir/lib!-v?8N DO;
9gOJC@.
11. 25 dLvG :& 2 N: startWebLogic! kQ CLASSPATH 3$;G vCgW
! {s startWebLogic mI! kQ CLASSPATH& 3$OJC@.
12. Tivoli Access Manager |'& [:O) 8:OJC@. vCgW! kX-B 29
dLvG :& 4 N: Tivoli Access Manager |' 8:;; |6OJC@.
13. WebLogic \V; gkO) BEA WebLogic Server& YCC[OJC@.
14. Tivoli Access Manager WebSEAL; gkO) BEA WebLogic Server! k
Q L[ gN B -q:& &xOAi 32 dLvG :& 5 N: BEA WebLogic
Server L[ gN B 8:;G vCgW! {#JC@.
15. 34 dLvG :& 7 N: 8: W:.;G \h& OaO) 3! W 8:; W:.
T8Na Tivoli Access Manager for WebLogicL Tivoli Access Manager 9
v:..! kX CYN 8:GzBv .NOJC@.
install_amwls IG
install_amwls& G`R ' Y= IGL %CKOY.
%
1. install_amwls
8: IG3m b;*
x] ACL gkZ*
sec_master O#* Tivoli Access Manager |.Z O#
Policy Server #:. L'*
3! 6}g 8: IG
Authorization ServerM kEOb 'X [
:H Tivoli Access Manager A0C^(g
kZ)
Policy ServerG O|Q #:. L'. 9&
ii, Y=z0@OY.
pdmgr.tivoli.com
16 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
%
1. install_amwls
Policy Server w. x#*
Authorization Server #:. L'*
Authorization Server w. x#* Authorization Server w. x# 7136
TrueN 3$R fl AMWLS5.1 \V .e
h!
WebLogic 5^N |.Z*
WebLogic 5^N |. O#* WebLogic 5^N |.ZG O#
Access Manager for WebLogic Server 3
! p:d. fN
WebLogic Admin ServerG URL t3://localhost:7001
3! 6}g 8: IG(hS
Policy Server! d;;NDOB w. x
#. b; w. x#B 7135TOY.
Tivoli Access Manager Authorization
Server #:. L'
BEA WebLogic Server 5^NG |.Z.
L gkZ B WebLogic 5^N; [:R
' .3Gz@OY.
Windows
UOY
)
C:[!-B b;*; gkX_
.
7135
true
C:\Program Files\Tivoli\pdwls
xC /?.<& gkO) 3!
n5 <&! {s Xg }! VB vCgW; {#JC@.
v :AIX! 3!;
v 18 dLvG :HP-UX! 3!;
v 19 dLvG :Solaris! 3!;
v 20 dLvG :Windows! 3!;
V: Tivoli Access Manager for WebLogic; 3!Ob |! ]eC BEA WebLogic
AIX! 3!
Tivoli Access Manager for WebLogic; 3!Oi P0v 8:!- DOL _bKO
Y. AIX! RA.~n P0v& 3!OAi installp& gkOJC@. W1 Y= Tivoli
Access Manager for WebLogic; v?8N 8:OJC@
V: Tivoli Access Manager for WebLogic;LL 3! W 8:Q sB!- YC 3
AIX! Tivoli Access Manager for WebLogic; 3!OAi Y= vCgW; OaO
JC@.
Server& _vQ D 3!! OaGi YCC[OJC@.
!X_ R fl, l1 L& 8: X&Q Y= &EX_ UOY.50dLvG :AIX
!- &E;& |6OJC@.
1. rootNNWNOJC@.
2. Tivoli Access Manager b;G Jv 8:dR& wTQ g| 3! RA.~n!
3!Gn VBv .NOJC@.12dLvG :g| 3! RA.~n;& |6OJC
@.
& 2 e 3! vCgW 17
3. IBM Tivoli Access Manager Web Security for AIX CD& CD esLj! V8
JC@.
4. ) ARA.! Y= mI;TBOJC@.
installp -acgNXd cd_mount_point/usr/sys/inst.images PDWLS
V: 3! ANW%L AMSSPIProviders.jar DO; /bea_install_dir/
5. W1 Y= Tivoli Access Manager for WebLogic; 8:OJC@.23dLvG
& 3 e :8: }w;N L?OJC@
HP-UX! 3!
VG
HP-UX C'{! 3!R ' Tivoli Access Manager for WebLogic: BEA
WebLogic Server v| 7.0! kX-8 vxKOY.
weblogic/server/lib/mbeantypes p:d.! 9g_Bv!KOJC@. L
p:d.! Xg DOL 8gOv J; fl /amwls_install_dir/lib!-v
?8N DO; 9gOJC@.
Tivoli Access Manager for WebLogic;LL 3! W 8:Q sB!- YC 3!X
_ R fl, l1 L& 8: X&Q Y= &EX_ UOY.51dLvG :HP-UX!-
&E;& |6OJC@.
HP-UX! Tivoli Access Manager for WebLogic; 3!OAi Y= \h& OaO
JC@.
1. rootNNWNOJC@.
2. Tivoli Access Manager b;G Jv 8:dR& wTQ g| 3! RA.~n!
3!Gn VBv .NOJC@.12dLvG :g| 3! RA.~n;& |6OJC
@.
3. pfs_mountd W pfsd! G` _Lv J8i iWsne!- Li; wJkN C
[OJC@. pfs_mount mI8N CD&6n.OJC@. 9& in, Y= mI;
TBOJC@.
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
)b- /dev/dsk/c0t0d0: CD pYL:Lm /cd-rom: 6n.wN.TOY.
4. Y= mI;TBO) Tivoli Access Manager for WebLogic P0v& 3!OJ
C@.
# swinstall -s /cd_rom/hp PDWLS
18 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
P. \h! OaGz=; *8;B ^Cv! %CKOY. G` \h! C[J; *
8;BY%^Cv! %CKOY. DOL CD!- _bGn Oep:)! 3!K
OY. G` \h! OaGz=; *8;B ^Cv! %CKOY. swinstall /?.
<! >aKOY.
V: 3! ANW%L AMSSPIProviders.jar DO; /bea_install_dir/
5. W1 Y=, Tivoli Access Manager for WebLogic; 8:OJC@.23dLvG
& 3 e :8: }w;N L?OJC@
Solaris! 3!
Tivoli Access Manager for WebLogic; 3!Oi P0v 8:!- DOL _bKO
Y. Solaris Operating Environment(LD Solarissm T)! RA.~n P0v& 3
!OAi pkgadd& gkOJC@. W1 Y=, Tivoli Access Manager for WebLogic
; v?8N 8:OJC@
weblogic/server/lib/mbeantypes p:d.! 9g_Bv!KOJC@. L
p:d.! Xg DOL 8gOv J; fl, /amwls_install_dir/lib!-
v?8N DO; 9gOJC@.
V: Tivoli Access Manager for WebLogic;LL 3! W 8:Q sB!- YC 3
!X_ R fl, l1 L& 8: X&Q Y= &EX_ UOY.49dLvG :Solaris
!- &E;& |6OJC@.
Solaris! Tivoli Access Manager for WebLogic; 3!OAi Y= vCgW; O
aOJC@.
1. rootNNWNOJC@.
2. Tivoli Access Manager b;G Jv 8:dR& wTQ g| 3! RA.~n!
3!Gn VBv .NOJC@.12dLvG :g| 3! RA.~n;& |6OJC
@.
3. Solaris
IBM Tivoli Access Manager
% 8H
CD& V8JC@.
k
4. RA.~n& 3!OAi Y= mI; G`OJC@.
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/solaris/pddefault PDWLS
)b-,
-d /cdrom/cdrom0/solaris P0vG'!& v$UOY.
-a /cdrom/cdrom0/solaris/pddefault 3! |. :)3.G'!& v$UOY.
" P0v! kX 3! AN<:! OaGi, Y= ^Cv! %CKOY.
P0v 3!& Oa_@OY.
& 2 e 3! vCgW 19
V: 3! ANW%L AMSSPIProviders.jar DO; /bea_install_dir/
weblogic/server/lib/mbeantypes p:d.! 9g_Bv!KOJC@. L
p:d.! Xg DOL 8gOv J; fl, /amwls_install_dir/lib!-
v?8N DO; 9gOJC@.
5. W1 Y=, Tivoli Access Manager for WebLogic; 8:OJC@.23dLvG
& 3 e :8: }w;N L?OJC@.
Windows! 3!
Tivoli Access Manager for WebLogic; 3!Oi P0v 8:!- DOL _bKO
Y. Tivoli Access Manager for WebLogic DO; 3!OAi InstallShield setup.exe
& gkOJC@. InstallShield! OaGi 23 dLvG & 3 e :8: }w;G vC
gW; gkO) Tivoli Access Manager for WebLogic; 8:OJC@.
V: Tivoli Access Manager for WebLogic;LL 3! W 8:Q sB!- YC 3
!X_ R fl, l1 L& 8: X&Q Y= &EX_ UOY.50dLvG
:Windows!- &E;& |6OJC@.
Windows! Tivoli Access Manager for WebLogic; 3!OAi Y= vCgW; O
aOJC@.
1. Administrator GQLVB gkZN Windows 5^N! NWNOJC@.
2. Tivoli Access Manager b;G Jv 8:dR& wTQ g| 3! RA.~n!
3!Gn VBv .NOJC@.12dLvG :g| 3! RA.~n;& |6OJ
C@.
3. IBM Tivoli Access Manager Web Security for Windows CD& CD esLj
! V8JC@.
4. Y= DO; N x -/ Tivoli Access Manager for WebLogic InstallShield 3
! ANW%; G`OJC@. )b- Y= mI!- E:B CD esLj& %CU
OY.
E:\Windows\PolicyDirector\Disk Images\Disk1\PDWLS\Disk Images\Disk1\setup.exe
3! pn 1C "L -3OY.
5. Xg pn& 1CQ D .N; )#JC@.
InstallShield ANW%L C[Gm /5 "L -3OY.
6. Y=; )#JC@.
sL>: h` "L -3OY.
7. sL>: h`;P:D h` 6G! ?GOi 9& )#JC@.
ks '! 1C "L -3OY.
8. b@ '!& $COE* Y% '!& #F8JC@. Y=; )#JC@.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
20
DO 9g C[ "L -3OY.
9. %CH 3! '!! CY%v .NQ D Y=; )#JC@.
DOL p:)N _bKOY. DOL 3!Gz=; K.B ^Cv! %CKOY.
10. Oa& -/ 3! ANW%; >aOJC@.
11. 3! ANW%L AMSSPIProviders.jar DO;
c:\bea_install_dir\weblogic\server\lib\mbeantypes p:d.! 9g_B
v!KOJC@. L p:d.! Xg DOL 8gOv J; fl,
c:\amwls_install_dir\lib!-v?8N DO; 9gOJC@.
12. W1 Y=, Tivoli Access Manager for WebLogic; 8:OJC@.23dLvG
& 3 e :8: }w;N L?OJC@.
& 2 e 3! vCgW 21
22 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
& 3 e 8: }w
Tivoli Access Manager for WebLogic; 8:OAi Y=G ""! 3mH vCgW
; OaOJC@.
v :& 1 N: Tivoli Access Manager Java Runtime Environment 8:;
v 25 dLvG :& 2 N: startWebLogic! kQ CLASSPATH 3$;
v 26 dLvG :& 3 N: Tivoli Access Manager for WebLogic 8:;
v 29 dLvG :& 4 N: Tivoli Access Manager |' 8:;
v 32 dLvG :& 5 N: BEA WebLogic Server L[ gN B 8:;
v 34 dLvG :& 6 N: ,/:MH /f; wTO) BEA WebLogic Server Y_
-v /f!- Tivoli Access Manager for WebLogic 8:;
v 34 dLvG :& 7 N: 8: W:.;
V: Le!-B Tivoli Access Manager b; 8:dRG 8:; wTO) Tivoli
Access Manager for WebLogic W g| 3! RA.~n& 3!Q M8N !$
UOY. L RA.~n& 3!Ov JR8i 11 dLvG & 2 e :3! vCgW;
; {s v] 3!OJC@.
& 1 N: Tivoli Access Manager Java Runtime Environment 8:
Tivoli Access Manager Java Runtime EnvironmentB Tivoli Access Manager for
WebLogicG g| 3! RA.~nTOY. Java Runtime 8:dR& CY#T 8:X
_ BEA WebLogic Server |'& 8:R v V@OY. Tivoli Access Manager /
?.< pdjrtecfg& gkO) BEA WebLogic Server!- gkGB JRE(Java Runtime
Environment)& ;EOJC@. GQ C:[!)/ Java 18SL wTH fl, BEA
WebLogic Server! gkQ JRE(Java Runtime Environment)& gkO) pdjrtecfg
/?.<& G`OBv .NOJC@.
1. Tivoli Access Manager b; JRE(Java Runtime Environment)! 3!GzBv
.NOJC@.
Z<Q $8B 12 dLvG :g| 3! RA.~n;& |6OJC@.
2. BEA WebLogic Server WebLogic_install_dir/server/bin p:d.!- Y
= :)3.& G`O) CLASSPATH W PATH /v& 3$Q D CLASSPATH,
bin W lib p:d.! WebLogic .jars& _!OJC@.
UNIX .setWLSEnv.sh
Windows
setWLSEnv.cmd
© Copyright IBM Corp. 2003 23
ezInstall; G`Ob |! BEA WebLogic ServerM T2 &xH Java G` DO
L C:[ fN!- G U! VBv .NOJC@.
3. Tivoli Access Manager Java Runtime EnvironmentB BEA WebLogic ServerM
T2 &xGm 3!H JDK! kX 8:Gn_ UOY. L& v`OAi Y=z0
L OJC@.
a. Tivoli Access Manager 3! fN!- p:d.& sbin p:d.N /fOJ
C@. 9& ii, Y=z0@OY.
UNIX: /opt/PolicyDirector/sbin
Windows: C:\Program Files\Tivoli\Policy Director\sbin
b. Y=z0L pdjrtecfg mI; G`OJC@.
pdjrtecfg -action config -host policy_server_name -java_home java_location
)b- java_location: BEA WebLogic Server Java Runtime EnvironmentG
p:d. '!TOY. p:d.G'!BY=z0@OY.
Windows
BEA WebLogic Server v| 7.0
c:\bea\jdk131_ob\jre
BEA WebLogic Server v| 8.1
c:\bea\jdk141\jre
Solaris, HP-UX
/usr/local/bea/jdk141_03
AIX
AIX C:[!- BEA WebLogic Server 7.0: IBM Java Runtime
Environment v| 1.3L JdOm BEA WebLogic Server 8.1: IBM
Java Runtime Environment v| 1.4! JdUOY. pdjrtecfg mI
G -java_home IG: AIX C:[! VB JREG 3! '!N 3$
Gn_ UOY. BEA WebLogic Server v| 7.0
/usr/java131
BEA WebLogic Server v| 8.1
/usr/java14
V:
1) BEA WebLogic Server 8.1 3!G pdjrtecfg /?.<B jre/lib p:
d.G jsse.jar; Y_OY. L DO: Tivoli Access Manager Java
RuntimeL 8: X&I ' YC xsBN KOY.
2) Sun v1.4d JRE& 8:R ', 8:L GPOGN pdjrtecfg& k-D pe
N G`OE* pdconfig /?.<& gkO) JRE& 8:Ov 6JC@.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
24
pdjrtecfg gk! kQ Z<Q $8B IBM Tivoli Access Manager
! H;-
& |6OJC@.
& 2 N: startWebLogic! kQ CLASSPATH 3$
V: Li 8: \h& G`Ob |! WebLogic 5^N; [:_Bv .NOJC@.
startWebLogic mI; gkO) WebLogic -v& C[UOY. startWebLogic; g
kO)CY% Java ,!:! W<:Om NeR v V5O CLASSPATH /f /v&
v$X_ UOY.
Y= vCgW; OaOJC@.
1. WebLogic -v! G` _N fl _vOJC@.
2. startWebLogic mIG CLASSPATH /v! Y= DOL'; _!OJC@.
UNIX
/opt/pdwls/lib/AMSSPICore.jar
/opt/pdwls/lib/rbpf.jar
Windows
b; 3
C:\amwls_install_directory\lib\AMSSPICore.jar
C:\amwls_install_directory\lib\rbpf.jar
startWebLogic mI: BEA WebLogic Server 3! 5^NG p:d.! V@
OY. %X 3!G fl Y=z0@OY.
UNIX /WebLogic_install_directory/user_projects/domain_name
Windows
C:\WebLogic_install_directory\user_projects\domain_name
/v domain_name: BEA WebLogic Server 5^N; [:R ' 1CQ L'T
OY.
3. b; pn(5n)& gkOB fl L \h& GJYJC@.
pn Q; gkO)5n(b;*) L\G pn& vxR fl, Y= fN&
startWebLogic :)3.! $GH CLASSPATH! _!X_ UOY.
UNIX
/opt/pdwls/nls/java/com/tivoli/amwls/sspi/nls
Windows
C:\Progra~1\Tivoli\pdwls\nls\java\com\tivoli\amwls\sspi\nls
V: L p:d.& _!Oi, pn Q 3! C /opt/pdwls/nls/java/com/
tivoli/amwls/sspi/nls/! 3!H Zx xi! W<:R v V@OY.
& 3 e 8: }w 25
& 3 N: Tivoli Access Manager for WebLogic 8:
Tivoli Access Manager for WebLogic: mI`; gkO) 8:OE* Tivoli Access
Manager Console Extension Web Application; gkO) 8:R v V@OY. L
iN!v IG! kQ <NgW: F!G}!-3mKOY.
BEA WebLogic Server 5^N: L/Q vCgW; G`Ob |! [:Gn_ UO
Y.
Tivoli Access Manager for WebLogic; 8:Om |'& [:R ' TBGB %L
MB /: DO! zeKOY. Li /: DO: Tivoli Access Manager for WebLogic
G[?; /fOB % gkR v V@OY. Z<Q $8B 53 dLvG NO A :/:
DO |6;& |6OJC@.
Console Extension Web Application; gkO) Tivoli Access
Manager for WebLogic 8:
1. BEA WebLogic Server& C[OJC@.
UNIX /WLS_install_dir/user_projects/domain_name/startWebLogic.sh
Windows
C:\WLS_install_dir\user_projects\domain_name\
startWebLogic.cmd
2. BEA WebLogic; #:.OB C:[!- % jslz& -m BEA WebLogic \
V!,aOJC@. o, Y=z0L ,a OJC@.
http://WebLogic_server_name:7001/console
7001: b; BEA WebLogic Server w. x#TOY. L *: 8: !IUOY.
3. BEA WebLogic Server NWB -iL %CKOY. |.Z GQLVB BEA
WebLogic Server gkZNNWBOJC@.
4. Tivoli Access Manager for WebLogic Server& 8:Om Tivoli Access Manager
|'& [:Ob |! Uz 8: B:)! kQ %NMdL:& &xOB Tivoli
Access Manager Console Extension Web Application; h!X_ UOY. L%
nC.ILG; h!OAi Y=; v`OJC@.
a. BEA WebLogic Server ( dLvG
; 1COJC@.
G
b. u % nC.ILG 8: 5)& 1COJC@.
5^N 8:
hJ;!-
% nC.IL
c. jslz& kX wNe 5)& 1COJC@.
d. nC.ILG amwls_install_dir\lib\AMWLSConsoleExtension.war; #F
8JC@. wNe& )#JC@.
e. AMWLSConsoleExtension.war! kQ 1C 5)& )#JC@.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
26
f. h! ks; 1CQ D 8: W %C& )#JC@.
Console Extension Web ApplicationL :x{8N h!GzBv!KOAi ^
J -i PR"G
zu& n!JC@.
% nC.ILG
zu& n!JC@.
h!
AMWLSConsoleExtensions! qO! %CGn_ UOY. GQ \V % nC.
ILG .e; |3Oi \V "G ^J! %CH BEA WebLogic Server =
v PR"! Tivoli Access Manager FL\; _!UOY.
5. Tivoli Access Manager 5^N; 8:OAi BEA WebLogic Server =v PR
"G Access Manager FL\; )#JC@.
6. 8: -iL %CKOY. pg Jv $8 W 1C{ E3/v& TBOJC@. TB
R $8! kQ vCgW: F!G %& |6OJC@.
config 6!! gk !IQ IGL F!G %! *-KOY. 9 x0 %!B
IGL *-KOY. N x0 %!B
Jv IG L' 3m
domain_admin WebLogic 5^N |.Z
domain_admin_pwd WebLogic 5^N |.Z O#
remote_acl_user Authorization Serverk8N [:GB Tivoli Access Manager A0C^
(gkZ)
sec_master_pass Tivoli Access Manager sec_master |.Z O#
pdmgrd_host Tivoli Access Manager Policy Server #:. L'
pdacld_host Tivoli Access Manager Authorization Server #:. L'
1C{
IGL *-KOY.
Jv
V: O#B TBRJd! x8g kE 6!! v`Gb |! ARA.N %CKO
Y. L8T Oi O#! mI w:d.! 2T Gv J@OY.
Y= %!B config 6!! kQ
IG L' 3m
wls_server_url NC WebLogic -v ! k Q URL; v$UOY. b;*: t3://
localhost:7001TOY.
pdmgrd_port Tivoli Access Manager Policy Server w. x#
pdacld_port Tivoli Access Manager Authorization Server w. x#
am_domain Tivoli Access Manager 5^NG L'; v$UOY. b;*: DefaultT
OY.
amwls_home Tivoli Access Manager for WebLogic Server 3! p:d.! kQ fN
& v$UOY.
1C{
IGL *-KOY.
{k; )#JC@.
7. 8:L OaGi, Tivoli Access Manager for WebLogic Server E3/v qOL
@%J PR"! %CKOY.
L& Tivoli Access Manager |'& 8:R v V@OY.29dLvG :& 4 N: Tivoli
Access Manager |' 8:;; |6OJC@.
& 3 e 8: }w 27
mI`!- Tivoli Access Manager for WebLogic 8:
1. BEA WebLogic Server& C[OJC@.
UNIX
/WLS_install_dir/user_projects/domain_name/startWebLogic.sh
Windows
C:\WLS_install_dir\user_projects\domain_name\startWebLogic.cmd
2. Tivoli Access Manager for WebLogic; 8:OAi Y= mI; G`OJC@.
V: DO _b _ Tivoli Access Manager for WebLogicL GeH '!! 3!
Gv J: fl(L| e!-3mQ kN), AMWLSConfigure :)3.G
AMSSPI_DIR /v& ]eCG& 3! p:d.G'!N 3$OJC@. 6y
!vN, WebLogicL b; '!! 3!Gv JR8i, WLS_JAR /v&
ALWLSConfigure :)3.! VB WebLogic.jarG CY% '!N ;EO
JC@.
UNIX install-dir/sbin/AMWLSConfigure.sh
Windows
install-dir\sbin\AMWLSConfigure.bat
Tivoli Access Manager for WebLogic; 8:Ob 'Q AMWLSConfigure Java
nC.ILG! kQ mI` 8.: Y=z0@OY.
v AMWLSConfigure -action config [options ...]
Tivoli Access Manager for WebLogic; 8:UOY.
v AMWLSConfigure -help [action]
AMSSPIConfigureN |^Ob 'QJv W 1C{ *; %CUOY.
config 6!! gk !IQ IGL F!G %! *-KOY. 9 x0 %!B
IGL *-KOY. N x0 %!B
Jv IG L' 3m
domain_admin WebLogic 5^N |.Z
domain_admin_pwd WebLogic 5^N |.Z O#
remote_acl_user Authorization Serverk8N [:GB Tivoli Access Manager A0C^
(gkZ)
sec_master_pass Tivoli Access Manager sec_master |.Z O#
pdmgrd_host Tivoli Access Manager Policy Server #:. L'
pdacld_host Tivoli Access Manager Authorization Server #:. L'
1C{
IGL *-KOY.
Jv
V: O#B TBRJd! x8g kE 6!! v`Gb |! ARA.N %CKO
Y. L8T Oi O#! mI w:d.! 2T Gv J@OY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
28
Y= %!B config 6!! kQ
IG L' 3m
deploy_extension trueN 3$R fl, Tivoli Access Manager for Web Logic Server \V
.e; h!UOY. b;*: trueTOY.
wls_server_url NC WebLogic -v! kQ URL; v$UOY. b;*:
t3://localhost:7001TOY.
pdmgrd_port Tivoli Access Manager Policy Server w. x#
pdacld_port Tivoli Access Manager Authorization Server w. x#
am_domain Tivoli Access Manager 5^NG L'; v$UOY. b;*: DefaultT
OY.
amwls_home Tivoli Access Manager for WebLogic Server 3! p:d.! kQ fN
& v$UOY.
verbose Z<Q bB; gk !I GB gk R!IOT OB No *. b;*:
falseTOY.
L& Tivoli Access Manager |'& 8:X_ UOY.
& 4 N: Tivoli Access Manager |' 8:
1C{
IGL *-KOY.
Console Extension Web Application; gkO) Tivoli Access
Manager |' 8:
Tivoli Access Manager for WebLogic Server& BEA WebLogic ServerG 8H;
&xO5O 8:Q D!B Tivoli Access Manager 8Hz ,|C3 |'& [:X_
UOY. L& v`OAi Y=z0L OJC@.
|'
1. ^J -i PR"G Access Manager FL\; n# D
@.
|'[:
2.
-iL %CKOY. pg Jv /v& TBOJC@. {k; )#JC@.
3. BEA WebLogic Server 7.0;'!- [:Q Tivoli Access Manager |'& g
kO5O 8:OAi, Y=; v`OJC@.
a. BEA WebLogic Server =v PR"!- gkZG 5^Nz|CH FL\;
1COJC@.
5^N 8:
b.
O]
c.
G!-
& 1COJC@.
-iL %CKOY.
b; |'
eS Yn qO; gkO) 'G \h!- [:Q |'
{k
; )#JC@.
8H
G; 1COJC@.
BEA WebLogic Server 8.1;'!- [:Q Tivoli Access Manager |'& g
kO5O 8:OAi BEA WebLogic Server \VG 8H G; gkO) b; |
'& 3$OJC@.
FL\; )#JC
4. BEA WebLogic Server& YCC[OJC@.
& 3 e 8: }w 29
5. u Access Manager |'! CYN bIOBv W:.OAi, @%J -i PR"
G Access Manager zu ;! VB
gkZ
Manager gkZ 9v:..G WqL wTGn Vn_ UOY.
V: LL 8gOB SSO gkZ& v$_v8 b8 gkZ! kX $.Ov J: O#
& TBQ fl, |'[: 6!! OaGbB Ov8 SSOB %CGv J@OY.
L/Q fl, Tivoli Access Manager for WebLogic rbpf.properties DO!
- {}QWq; ; EO) SSO& 1T gk !IOT R v V@OY.
rbpf.properties! kQ Z<Q ;k: 53 dLvG NO A :/: DO |6;
& |6OJC@.
mI`!- Tivoli Access Manager |' 8:
1. Tivoli Access Manager for WebLogic |'& [:OAi Y= mI; G`OJ
C@.
V: DO _b _ Tivoli Access Manager for WebLogicL GeH '!! 3!
Gv J: fl(L| e!-3mQ kN), AMWLSConfigure :)3.G
AMSSPI_DIR /v& ]eCG& 3! p:d.G'!N 3$OJC@. 6y
!vN WebLogicL b; '!! 3!Gv JRE* WebLogic v| 8.1; g
k _N fl, WLS_JAR /v& ALWLSConfigure :)3.! VB
WebLogic.jarG CY% '!N ;EOJC@.
W
Wl
FL\! Tivoli Access
UNIX install-dir/sbin/AMWLSConfigure.sh
Windows
install-dir\sbin\AMWLSConfigure.bat
Tivoli Access Manager for WebLogic; 8:Ob 'Q AMWLSConfigure Java
nC.ILG! kQ mI` 8.: Y=z0@OY.
v AMWLSConfigure -action create_realm [options ...]
Tivoli Access Manager for WebLogic |'& [:UOY.
v AMWLSConfigure -help [action]
AMSSPIConfigureN |^Ob 'QJv W 1C{ *; %CUOY.
create_realm 6!! gk !IQ IGL F!G %! *-KOY. 9 x0 %!
Jv
B
Jv IG L' 3m
realm_name [:Gm VB WLS |'G L'; v$UOY.
domain_admin_pwd WebLogic 5^N |.Z O#& v$UOY.
user_dn_suffix Console Extension Web Application; kX gkZ& [:R ' g
IGL *-KOY. N x0 %!B
kR 80 L'(DN) "Ln& v$UOY.
1C{
IGL *-KOY.
30 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
group_dn_suffix Console Extension Web Application; kX Wl;[:R ' gk
R 80 L'(DN) "Ln& v$UOY.
admin_group ;N 8: k5! gkR Tivoli Access Manager Wl; v$UOY.
V: O#B TBRJd! x8g kE 6!! v`Gb |! ARA.N %CKO
Y. L8T Oi O#! mI w:d.! 2T Gv J@OY.
Y= %!B create_realm 6!! kQ
IG L' 3m
user_dn_prefix Console Extension Web Application; kX gkZ& [:R ' gkR 8
0 L'(DN) "Nn& v$UOY.
group_dn_prefix Console Extension Web Application; kX Wl;[:R ' gkR 8
0 L'(DN) "Nn& v$UOY.
sso_enabled trueN 3$R fl L[ gN B vx; gk !IOT UOY. b;*:
falseTOY.
sso_user Tivoli Access ManagerM L[ gN B EZ ,|;[:Ob 'Q gkZ
& v$UOY.
sso_pwd L[ gN B gkZ! kQ O#& v$UOY.
verbose Z<Q bB; gk !I GB gk R!IOT OB No *. b;*:
falseTOY.
1C{
IGL *-KOY.
2. BEA WebLogic Server 7.0;'!- [:Q Tivoli Access Manager |'& g
kO5O 8:OAi, Y=; v`OJC@.
a. BEA WebLogic; #:.OB C:[!- % jslz& -m BEA WebLogic
\V!,aOJC@. o, Y=z0L OJC@.
http://WebLogic_server_name:7001/console
7001: b; BEA WebLogic Server w. x#Lg, L *: 8: !IUO
Y.
b. BEA WebLogic Server NWB -iL %CKOY. |.Z GQLVB gk
ZNNWBOJC@.
c. BEA WebLogic Server =v PR"!- gkZG 5^Nz|CH FL\;
1COJC@.
5^N 8:
d.
O]
e.
G!-
& 1COJC@.
-iL %CKOY.
b; |'
eS Yn qO; gkO) 'G \h!- [:Q |'
{k
; )#JC@.
8H
G; 1COJC@.
BEA WebLogic Server 8.1;'!- [:Q Tivoli Access Manager |'& g
kO5O 8:OAi BEA WebLogic Server \VG 8H G; gkO) b; 5
^N; 3$OJC@.
3. BEA WebLogic Server& YCC[OJC@.
& 3 e 8: }w 31
4. u Access manager |'! CYN bIOBv W:.OAi ^J PR "G Access
Manager zu ;! VB
Z 9v:..G WqL wTGn Vn_ UOY.
gkZWWl
FL\! Tivoli Access manager gk
& 5 N: BEA WebLogic Server L[ gN B 8:
L}!-B WebSEAL GB Tivoli Access Manager Plug-in for Web Servers&
gkO) BEA WebLogic Server! kQ L[ gN B; 8:OB AN<:! kX
3mUOY. L[ gN B 8:; 8vOv J8AB fl L};+CR v V@O
Y.
WebSEAL W Tivoli Access Manager Plug-in for Web ServersB 8H W L[ g
N B; -N Y% f}8N 8vOm -N Y% C:[ 86& gkUOY. WebSEAL
W % -v! kQC/WN; 3!OB % kQ $8B IBM Tivoli Access Manager
for e-business Web Security Installation Guide& |6OJC@. WebSEAL 8:!
kQ iWsne $8 W Z<Q ;k: IBM Tivoli Access Manager for e-business
WebSEAL Administration Guide& |6OJC@. C/WN! kQ n5 W 8: $
8! kX-B IBM Tivoli Access Manager Plug-in for Web Servers Integration
Guide& |6OJC@.
Y=}!-B 8vOAB 86! {s BEA WebLogic Server! kQ L[ gN B
; 8:OB % JdQ _! WebSEAL W C/WN 8: $8& &xUOY.
v :WebSEAL $G; gkO) L[ gN B 8:;
v 33 dLvG :Tivoli Access Manager Plug-in for Web Servers& gkO) L[
gN B 8:;
WebSEAL $G; gkO) L[ gN B 8:
WebSEAL; gkO) BEA WebLogic ServerG L[ gN B bI; &xOAi
WebSEAL -v& #:.OB C:[!- Y= \h& OaOJC@.
1. WebSEAL 8: DO webseald.conf& )JC@.
2. Y= 8: Wq; 3$OJC@.
basicauth-dummy-passwd = sso_pwd
L O#B |'[: 6! _ gk !IOT H sso_pwd JeG O#M O!X_
UOY.
3. WebSEAL; _vQ D YCC[O) 8: /fgW;{kOJC@.
4. pdadmin mI; gkO) WebSEAL $G;[:OJC@.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
32
V: Tivoli Access Manager 8H 5^N! VB pg C:[!- L \h& v`
R v V@OY. WebSEAL C:[!-B L& G`R Jd! x@OY. 9&
in, Tivoli Access Manager Policy Server C:[!- L& G`R v V
@OY.
-b IG; gkO) junction ks URL; &xX_ UOY. LB L[ gN B!
JvTOY.
9& in, Y= mI;
pdadmin> server task webseald_server_name create -t tcp
-p WebLogic_Server_listen_port -h WebLogic_Server
-b supply junction_target
Q mI`!,SX-
TBOJC@.
Y= %!-B ' pdadmin mIG /v& $GUOY.
%
2. pdadmin
IG3m
webseald_server_name WebSEAL -vGL'. LL': N NP(9: webseald-
WebLogic_Server BEA WebLogic ServerG #:. L'
WebLogic_Server_listen_port BEA WebLogic Server! NDOm VB w.. b;*: 7001TOY.
-b supply L[ gN B! JdUOY. WebSEALL uL O#& |^O5O O
junction_target junctionG URL ks
mI! kQ IG
WebSEAL_server_instance)8N Lgn}OY.
WebSEAL_server_instance!B C:[G #:. L'; gkOJC@.
9& in, #:. C:[ L'L cruzN fl webseald_server_name
: webseald-cruzTOY. V: )/ 3G WebSEAL N:O:& ?O
Q -v! 3!Q fl, Xg -v N:O:5 v$X_ UOY. Y_
-v N:O:& gkO) junction;[:OB % kQ vCgW: IBM
Tivoli Access Manager for e-business WebSEAL Administration Guide
& |6OJC@.
JC@.
WebSEAL junction [: W gk! kQ |< $8B IBM Tivoli Access Manager
for e-business WebSEAL Administration Guide& |6OJC@.
Tivoli Access Manager Plug-in for Web Servers& gkO) L[ g
N B 8:
L[ gN BL CYN [wOT OAi Tivoli Access Manager Plug-in for Web
Servers! b; Nu lu! VB CY% $8& IBM Tivoli Access Manager for
WebLogic ServerN |^O5O 8:X_ UOY. L8T OAi, b; Nu; C/W
N 8: DOG gD GQ pbN 8:X_ UOY.
plug-in_install_dir/etc p:d.! '!Q pdwebpi.conf 8: DO; m}O)
[common-modules] :DZ! Y= *; _!OJC@.
& 3 e 8: }w 33
[common-modules]
post-authzn = BA
W1 Y=, [BA} :DZ! VB add-hdr W supply-password E3/v& "" BA
W sso_userG O#N 3$OJC@. o, Y=z0L OJC@.
[BA]
add-hdr = supply
supply-password = sso_pwd
Tivoli Access Manager Plug-in for Web Servers 8:! kQ Z<Q $8B IBM
Tivoli Plug-in for Web Servers Integration Guide& |6OJC@.
& 6 N: ,/:MH /f; wTO) BEA WebLogic Server Y_ -v /f
!- Tivoli Access Manager for WebLogic 8:
L}:BEA WebLogic Server! Y_ -v /f GB ,/:MH /f8N 3$G
n VB 86! kQ flTOY. ,/:MH /f; wTO) BEA WebLogic Server
Y_ -v /f!- Tivoli Access Manager for WebLogic; 8:OAi, Y=; v
`OJC@.
1. 26 dLvG :& 3 N: Tivoli Access Manager for WebLogic 8:; W 29 d
LvG :& 4 N: Tivoli Access Manager |' 8:;G vCgW; gkO) Tivoli
Access Manager for WebLogic; 8:Om BEA WebLogic Server |. -v
!- Tivoli Access Manager |'& [:OJC@.
2. 5^N! kQ |. -vG Tivoli Access Manager for WebLogic /:; " k
s C:[(|. -v)! 9gO) ,/:M 8:x; wTQ |. -vG Tivoli
Access Manager for WebLogic; gk !IOT OJC@. /: DO:
BEA_WLS_HOME/jdk_location/jre/amwls/! '!Og "|. -vG ?OQ '
!! 9gGn_ UOY.
& 7 N: 8: W:.
Y= \h& OaO) Tivoli Access Manager for WebLogicL Tivoli Access Manager
9v:..! kX CYN 8:GzBv KuOJC@.
1. BEA WebLogic Server \V; gkO) u W:. gkZ& [:Om /?:;
KuOJC@.
2. Y= pdadmin mI; G`OJC@.
pdadmin> user show test_user
v account-valid! yesNv .NOJC@.
v password-valid! yesNv .NOJC@.
34
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
Tivoli Access Manager for WebLogic L[ gN B VgG; gkOi BEA
WebLogic Server! kX gkZ& umOT NuOB WebSEAL; kX L[ Nu
\h& v`R v V@OY. %p nC.ILG; G`O) NuL CYN 8:GzB
v .NR v V@OY. %p nC.ILG: 41 dLvG :%p nC.ILG gk;
! 3mGn V@OY.
& 3 e 8: }w 35
36 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
& 4 e L[ gN B gk !I
Tivoli Access Manager WebSEAL; gkQ L[ gN B
Tivoli Access Manager for WebLogic: b8 Tivoli Access Manager &0(9: Tivoli
Access Manager WebSEAL, Tivoli Access Manager Plug-in for Web Servers W
Tivoli Access Manager Plug-in for Edge Server)!-G%L[ gN B; vxU
OY.
WebSEALz BEA WebLogic Server #G EZ |hB 8:H HTTP b; Nu
dummy O#& gkO) Lgn}OY. gkZ $G 8H |'NMdL:& 8vOB
L|G Tivoli Access Manager for BEA WebLogic Server &0!-B L[ gN
B; v`Ob 'X L/Q ?OQ f}; gk_@OY.
Tivoli Access Manager HTTP *AOC(9: WebSEAL)B gkZL' W KAx L
[ gN B qP O#& |^O5O 8:KOY. L qP O#B *AOC!
VBv
#& KuQ D, Zx; d;OB gkZ! kQ GQ $8! .8KOY.
G0OB % gkKOY. Tivoli Access Manager Authorization Server! O
EZ:L
F!G W2!-B EZ |h! .3GB f};Z<w 8)]OY.
W2
3. Tivoli Access Manager WebSEAL
; gkQ L[ gN B
'G W2!-BY= \h& 8)]OY.
© Copyright IBM Corp. 2003 37
1. gkZB WebSEALL vxOB Nu ^?Or(9: gkZL'/O# GB ,sL
p. Nu); gkO) WebSEAL! kX NuUOY. W1 Y=, gkZB BEA
WebLogic Server Zx! kQ d;; &bUOY.
2. WebSEAL: -b supply IG; gkO) BEA WebLogic Server! kQ $G
8N 8:KOY. WebSEAL: Y=; wTOB b; Nu lu& gkO) BEA
WebLogic ServerN d;;|^UOY.
v WebSEAL Nu gkZ ID(YLnW%!- user-1)
v webseald.confG basicauth-dummy-passwd. LB '!- p^H qP O#
TOY.
3. BEA WebLogic ServerB Ku;'X Tivoli Access Manager for WebLogic
Nu&xZ!T gkZ ID W qP O#& |^UOY.
4. Tivoli Access Manager for WebLogic NWN pb: Tivoli Access Manager
& gkO) &xH O#! Tivoli Access Manager for WebLogic 8: WebSEAL
L[ gN B gkZ! kQ MNv KuUOY. L O#G Ku: WebSEALz
BEA WebLogic Server #! EZ |h& &xUOY.
4\h& OaOi, Tivoli Access Manager for WebLogic Nu&xZB BEA
WebLogic Server! kX &xH gkZ ID& NuUOY. qP O#(YLnW%
!- ws-passwd)& gkOB 8:H WebSEAL L[ gN B gkZG Nu:
Tivoli Access Manager for WebLogic NWN pb! 3CGb '.! Qx8 v
`GB !; VvOJC@. L 3CB 8:R v V8g (|8N 3$R v V@O
Y.
SSOB |'[: _ 3$R v Vv8 SSO Tivoli Access Manager for WebLogic
& v?8N gk !IOT OAi Y=; v`OJC@.
1. SSO gkZ& [:OJC@.
2. amsspi.properties Tivoli Access Manager for WebLogic 8: DO!- Y
=; 3$OJC@.
com.tivoli.amwls.sspi.Authentication.ssoEnabled = true
com.tivoli.amwls.sspi.Authentication.ssoTrustId = sso_username
38 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
& 5 e |. B:)
Le:Tivoli Access Manager for WebLogic! kQ Y= $8N 8:Gn V@O
Y.
v :Tivoli Access Manager Authorization Server!- N8L2U. -q: gk;
v 40 dLvG :Tivoli Access Manager for WebLogic!- gkZ W Wl |.;
v 41 dLvG :%p nC.ILG gk;
v 43 dLvG :gk A;
v 44 dLvG :38 C5 NWB policy;
v 45 dLvG :Tivoli Access Manager |' h&;
v 46 dLvG :Tivoli Access Manager for WebLogic 8: X&;
v 46 dLvG :.&! Xa A;
v 47 dLvG :&QgW;
Tivoli Access Manager Authorization Server!- N8L2U. -q: g
k
Tivoli Access Manager for WebLogic: Tivoli Access Manager 8# @j'. %
LM#L:!- 8# @j'.& #F8Ai b;{8N Tivoli Access Manager Policy
Server& gkUOY. W/*, L 86B Tivoli Access Manager Policy Server& 9
&R v x8g Tivoli Access Manager for WebLogic \O GP v!; R3OGN
W:. /f!-8 gkGn_ UOY. W [!, N8L2U. -q:B ;N 3L b
z! {s u + 18S :I; !}OY. N8L2U. -q: 86B Ws ANvG
/f!- gkGn_ UOY.
Y= 8: \hB Tivoli Access Manager for WebLogicL CYN 8:H D!8 v
`KOY. Tivoli Access Manager for WebLogic: N 3GN8L2U. -q:&
gkOg Li -q:B QY 8:H pg Tivoli Access Manager Authorization Server
!- gk !IOT Gn_ UOY.
v Tivoli Access Manager .e S: N8L2U. -q:
LB Tivoli Access Manager Authorization Server& gkO) PhH b; N8
L2U. -q:TOY.
v RBPF 8# @j'. #F8b N8L2U. -q:
LB Tivoli Access Manager for WebLogic; gkO) PhH N8L2U. -
q:TOY.
© Copyright IBM Corp. 2003 39
Tivoli Access Manager for WebLogicLN8L2U. -q:& gk _Nv .NO
Ai Y= \h& v`OJC@.
1. Tivoli Access Manager for WebLogic #:.!- Tivoli Access Manager
Authorization Server #:.N rbpf_ent_pos_browser x/ sLj/.& 9g
Q D, C:[ PATH! '!Q SGG p:d.! V8JC@.
rbpf_ent_pos_browser x/ sLj/.BY=G Tivoli Access Manager for
WebLogic #:.!- #; v V@OY.
UNIX /opt/PolicyDirector/lib
Windows
c:\Program Files\Tivoli\pdwls\bin
2. Tivoli Access Manager Authorization #:.!- Y='!! VB ivacld.conf
DO; )JC@.
UNIX /opt/PolicyDirector/etc
Windows
c:\Program Files\Tivoli\Policy Director\etc
3. [aznapi-entitlement-services] :DZ! Y= N sN; _!OJC@.
AZN_ENT_EXT_ATTR = azn_ent_ext_attr
RBPF_POS_BROWSE = rbpf_ent_pos_browser
4. Tivoli Access Manager Authorization Server& YCC[OJC@.
5. Tivoli Access Manager for WebLogic #:.!- java_home/amwls/
WLS_Domain_Name/WLS_Realm_Name! '!Q rbpf.properties DO; )JC
@. )b-, WLS_Domain_Name: BEA WebLogic Server 5^NG L'Lm
WLS_Realm_Name: BEA WebLogic Server 8H |'G L'TOY. Y= /
:; trueN ;EOJC@.
com.tivoli.pd.as.rbpf.UseEntitlements=true
6. BEA WebLogic Server& YCC[OJC@.
Li \h! OaGi, Tivoli Access Manager for WebLogic gk !I BEA
WebLogic ServerB Tivoli Access Manager Policy ServerM ]kN Tivoli Access
Manager Authorization Server& gkO) pg 8# @j'. #F8b& v`UO
Y.
Tivoli Access Manager for WebLogic!- gkZ W Wl |.
Tivoli Access Manager for WebLogic!- BEA WebLogic Server \V; gkO
) gkZ W Wl; |.R v V@OY. BEA WebLogic Server \VG 8H PR
"!- Access Manager FL\; n# D
\; %COJC@. Li FL\!- Tivoli Access Manager for WebLogic 8H!
kQ gkZ W Wl; |.R v V@OY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
40
|'
FL\; -/ gkZ W Wl FL
gkZ FL\; 1COi
`R v V@OY.
v Tivoli Access Manager for WebLogic gkZ& *-R v V@OY.
v 30 gkZG <NgW; %CR v V@OY.
v gkZ& [:R v V@OY.
gkZ |.
dLv! %CKOY. L dLv!- Y=; v
Wl FL\; 1COi
v V@OY.
v Wl; *-R v V@OY.
v /$ WlG <NgW; %CR v V@OY.
v Wl;[:R v V@OY.
|C \V .e dLv!- xi8N 8PH qO;TBO) Y_ gkZ& Wl! _
!OE* Wl; gkZ! _!R v V@OY.
gkZ GB Wl; *-R '
! v$H bX; f7OB pg gkZ GB WlL %CKOY.
%p nC.ILG gk
%p nC.ILG; gkOi, N !v /|G GQ 9&& 8m WebSEAL L[ g
N B bI; ,@R v V@OY.
N !v /|G GQ: Y=z0@OY.
v 1p
Wl |.
Vk .O
dLv! %CKOY. L dLv!- Y=; v`R
Je! *LTBGv J: fl,
PO
Je
h! p:)3M& gkO) gkZ W Wl /$ *R; N)UOY.
v ANW%
nC.ILGR: Ze ;!- *R !KL v`KOY.
%p nC.ILG:%8:dRM EJB 8:dRN Lgn. V@OY.
% 8:dRG N !v 8H 9': Y=z0L 3mR v V@OY.
v 1p:
web.xml h! p:)3MB ServletRoleLsB\O *R; $GUOY.
weblogic.xml h! p:)3MB ServletRolez BankMembersServlet Wl #
G A0C^(gkZ) JN; $GUOY. web.xml h! p:)3MG 8H &Q 6
G: gkZ! ServletG ^Re! W<:OAi ]eC ServletRole *RL N)G
n_ QYB M; *8@OY.
v ANW%:
& 5 e |. B:) 41
doPost() ^ReB L' #bZ! ServletRoleL N)GzBv ANW%8N .N
OB _! 8H bI; !}OY. L& gkOi \O%8:dR ;! ANW%
W 1 p 8 H ; Q Y W : . R v V @ OY. G Q ! K ; v `OA i
HTTPRequest.isUserInRole() ^Re& gkUOY.
EJB 8:dRG < !v 8H 9': Y=z0L 3mR v V@OY.
v 1p 8H:
EJBRoleLsB ejb-jar.xml h! p:)3M ;! \O *RL $GKOY.
weblogic-ejb-jar.xml h! p:)3MB EJBRole Wlz BankMembersEJB
Wl #G A0C^ JN; $GUOY. ejb-jar.xml h! p:)3MG ^Re G
Q: gkZ! getBalance() ^Re! W<:OAi ]eC EJBRole *RL N
)Gn_ QYB M; *8@OY.
v ANW% 8H:
getBalance() ^ReB #bZ! EJBRoleL N)GzBv ANW%8N .NOB
_! 8H bI; !}OY. GQ !K; v`OAi EJBContext.isCallerInRole()
^Re& gkUOY.
v h$ L'! {% ANW% 8H:
getBalance() ^ReB d;H h$GL'L #b A0C^(gkZ)GL'z O
!OBv .NUOY. o, Banker18 Banker1G h$ k1:& < v Vn_ U
OY.
%p nC.ILG; G`OAi Y= \h& OaOJC@.
1. %p nC.ILG PDDemoApp.ear;
WebLogic_domain_directory\applicationsN 9gOJC@. ]eC L p:d
.& gkRJdB x@OY. EAR DO; DO C:[G pgp:d.! Q v
V@OY. %p nC.ILG: AMWLS_install_dir/demo!- #; v V@OY.
2. BEA WebLogic Server \V; gkO) Y= gkZ& [:OJC@.
Banker1
Banker2
Banker3
Banker4
URLUser1
URLUser2
URLUser3
3. N 3G Wl BankMembersEJB W BankMembersServlet;[:OJC@. uN [
:H Wl! gkZ Banker1, Banker2, Banker3 W Banker4& _!OJC@.
BEA WebLogic Server \V gk! kQ vCgW: BEA WebLogic Server .
-& |6OJC@.
4. BEA WebLogic Server \V; gkO) %p nC.ILG; h!OJC@.
5. %p nC.ILG! W<:OAi Y= URL! W<:OJC@.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
42
http://WebLogic_Server_host:WebLogic_Server_listening_port/pddemo/PDDemo
'! $GH Banker gkZ _ O*N NuOJC@.
WebLogic_Server_hostB BEA WebLogic Server C:[G #:. L'TOY.
WebLogic_Server_listening_portB BEA WebLogic Server! ND _N w.T
OY.
6. BankMembersServlet Wl! VB gkZ8 Servlet! W<:R v VBv Ku
OJC@.
7. BankMembersEJB WlG 8:xNNuH gkZ! ZEG k1:& < v V
v8 Y% gkZG k1:& < v xBv KuOJC@.
WebSEAL L[ gN B; W:.OAi Y= \h& OaOJC@.
1. Y= URL! W<:OJC@.
https://webseald_server_name/junction_target/pddemo/PDDemo
WebSEAL!-B NuOsB ARA.& %CUOY.
gk A
/v webseald_server_name W junction_target! kQ 3m: 34 dLvG :&
7 N: 8: W:.;& |6OJC@.
V: b; WebSEAL [?8N NX HTTP& kQ b; GB gD b] NuL ]
vGGN HTTPS& gkOJC@.
2. '! $GH gkZ _ O*N NuOJC@.
L AN<:B gkZ& BEA WebLogic ServerN L[ gN BOg, N x0 N
u; d8Ov Jm Servlet; #bUOY. WebSEAL; kX W<:Q fl,
PDDemo %p nC.ILG: BEA WebLogic Server! w" W<:R ' %C
GB Mz ?OQ [?; 8)]OY.
3. NuH gkZ! ZEG\W; < v Vv8 Y% gkZG \W: < v xBv
.NOJC@.
1. \N gkZ! L[ gN B; gkR ' 8H T";_v0JC@. WebSEAL
-v8LNu; v`X_ UOY. L& v`OAi, ;N gkZ, o, WebSEAL
; gkO) BEA WebLogic Server! W<:Ov JB gkZ BEA WebLogic
Server! W<:Ov xO5O OJC@. LB W.v) ,a JM& gkO) v
`R v V@OY. ,a JM& gkOi W<:& &QOb 'Q *R; gkOB
kE W.v) 9'!- Zx; 8#R v V@OY.
2. Tivoli Access ManagerM WebLogic Server pN GPQ Nu C5G ."; 8
8UOY. " &0: gkZ h$Labb |! ck !IQ Vk C5 GP =v
& 5 e |. B:) 43
& v$OB 8H 8:3$;/v8vUOY. gkZB N 3$_!- [: 3
$! GX aiOY. 9& in, WebLogic -v! 5xG NWN GP& ckOv
8 Tivoli Access Manager! < xG NWN GP8 ckO5O 8:H fl, g
kZB < xG NWN GP D aiOY.
38 C5 NWB policy
LDAP b] Tivoli Access Manager 3!! gkR v VB 38 C5 NWB policy&
gkOi Vk NWB C5 GP =v W dN< a] C#; v$O) D;M O# x
]; 9fR v V@OY. PolicyB NWB C5 GP! u 8invbnv O$ C#
kbX_ OB 6G;[:UOY. 9& in, policyB 38G GP C5& vCR v
V8g W Z!B 180JG dN<! Z{(OY. L NWB policy /|: D;M! S
GN }:OB NWB C5! 1J!)/ x_}Gv xOT R v V@OY.
38 C5 NWB policy& 3$OAi N 3G pdadmin policy mI 3$L JdUO
Y.
v Vk NWB C5 GP =v
Vk NWN GP v3$ policy
v NWB C5 GP 3$ Jz! kQ dN<
gk R!I C##]3$ policy
dN< 3$: h$ a] C##]GB Xg h$G O| gk R!I; wTR
v V@OY.
NWB policy! /$ a] C# dN<! NzGB 38 C5 GP! kX 3$H f
l(9N-), W x0 C5(CY#E* CY#v J:)& Oi, O# policy '.! h$
LSCN gk R!IT; *8;B @y ^Cv! %CKOY.
C##]: JN v$KOY. VR Ge C##]: 60JTOY.
gk R!I C##]policy! gk R!I8N 3$Gi, gkZG Xg h$La
\vm L gkZ! kQ LDAP /?Q h$ S:: FO@N 3$KOY. |.ZB
Web Portal Manager& kX h$; YC gk !I8N 3$UOY.
V: gk R!I C##]; gk R!I8N 3$Oi _!|. @vle! _}
UOY. /?Q h$ $8& C/WN! 9&R ' v,GB M; 8T I v V@
OY. L/Q s2: LDAP /f! {s Y(OY. W [!, /$ LDAP 8vL
/?Q h$ ;E 6[G azN :IL 3nvB M; fhOT I v V@OY.
L/Q L/N C#Jz#]; gkR M; GeUOY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
44
Y= pdadmin mI: LDAP 9v:..! kX gkR '8 {}UOY.
%
3. pdadmin LDAP
policy set max-login-failures {number|unset} [-user username]
policy get max-login-failures [-user username]
policy set disable-time-interval {number|unset|disable} [-user username]
policy get disable-time-interval [-user username]
NWB
policy
mI
mI 3m
dN<! NzGb |nv ckGB Vk NWB C5 GP =
v& &nOB policy& |.UOY. L mI: policy 3$
gk R!I C##]mI! 3$H dN<! {s a$K
OY.
|.ZN- L policy& /$ gkZ!T {kOE* LDAP
9v:..! *-H pg gkZ!T policy& |*8N {
kR v V@OY.
b; 3$: 108 C5TOY.
Vk NWB C5 GP =v! 5^Oi h$; gk R!I
OT OB C# b#; &nOB dN< policy& |.UOY.
|.ZN- L dN< policy& /$ gkZ!T {kOE*
LDAP 9v:..! *-H pg gkZ!T policy& [N
zN {kR v V@OY.
Tivoli Access Manager |' h&
Tivoli Access Manager |'& h&OAi Y=; v`OJC@.
1. BEA WebLogic Server! C[GzBv .NOJC@.
2. \V; gkO) Tivoli Access Manager for WebLogic create_realm 6!N [
:Gv J: b; |'& /fOJC@.
3. BEA WebLogic Server& YCC[OJC@.
4. \V; gkO) Tivoli Access Manager |'& h&OAi Y=; v`OJC@.
a. BEA WebLogic Server =vY!- Access Manager FL\; )JC@.
b. |' FL\; )#JC@.
c. h&& )#JC@.
d. .N; )#JC@.
5. mI`; gkO) Tivoli Access Manager |'& h&OAi AMWLSConfigure
-action delete_realm; gkOJC@. AMWLSConfigure -action delete_realm
mI! gkR IG! kQ Z<Q ;k: 63 dLvG NO B :mI |% |6;
& |6OJC@.
b; 3$: 180JTOY.
|' 8:
|' 8: h&
|'[:
dLv! s JeM T2 %CKOY.
dLv! %CKOY.
dLv! %CKOY.
& 5 e |. B:) 45
V: DO _b _ Tivoli Access Manager for WebLogicL Ge'!! 3!Gv J
: fl, AMWLSConfigure :)3.G AMSSPI_DIR /v& ]eCG& 3!
p:d.G'!N 3$OJC@. 6y!vN, WebLogicL b; '!! 3!Gv
JR8i, WLS_JAR /v& ALWLSConfigure :)3.! VB WebLogic.jar
G CY% '!N ;EOJC@.
Tivoli Access Manager for WebLogic 8: X&
Tivoli Access Manager for WebLogic; 8: X&OAi Y=; v`OJC@.
1. BEA WebLogic Server! C[GzBv .NOJC@.
2. Tivoli Access Manager |'! h&GzBv .NOJC@.45dLvG :Tivoli
Access Manager |' h&;& |6OJC@.
3. \V; gkO) Tivoli Access Manager for WebLogic; 8: X&OAi Y=
; v`OJC@.
a. Access Manager zu& )#JC@.
8:
dLv! %CKOY.
.&! Xa A
gD b] NWN; gkOB L[ gN B GP
b. h&& )#JC@.
c. Tivoli Access Manager sec_master O#& TBOm .N; )#JC@.
8:
d.
4. mI`!- Tivoli Access Manager for WebLogic; 8: X&OAi
AMWLSConfigure -action unconfig mI; gkOJC@. AMWLSConfigure
-action unconfig mI! gkR IG! kQ Z<Q ;k: 63 dLvG NO
B :mI |% |6;& |6OJC@.
L}:Y= V&N 8:Gn V@OY.
v :gD b] NWN; gkOB L[ gN B GP;
v 47 dLvG :WebLogic -v! ^p. 9\! _}T;
gkZ! gD b] NWN; kX NuGz; ' GQL xB Zx! W<:OAm C
5OB fl, Y= @y ^Cv! %CI v V@OY.
dLv! s JeM T2 %CKOY.
8: X&
dLv! %CKOY.
WebSEALNNM ^Cv& gN BR v x@OY.
gkZ! G&N NuI v VB fl!5 % AWLJG Servlet! W<:R GQL
x8GN L/Q fl! _}R v V@OY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
46
b; Nu; gkR ' L/Q @y! _}R fl, 'G ^Cv! FQ Nu <NgW
! kQARA.! gkZ!T %CKOY. LB b; BEA WebLogic Server [?
Lg gkZ! w" GB WebSEAL; kX dLv! W<:OB fl %CKOY.
WebLogic -v! ^p. 9\! _}T
.&!: java.lang.OutofMemory 9\! _}_@OY.
3m: YvG Access Manager for WebLogic Server <G; G` _N fl, BEA
WebLogic Server! | x#L N7R v V@OY.
Xa%: startWebLogic :)3.!- JVM(Java Virtual Machine)! kQ Vk | )
b IG; C.JC@. 9& ii, Y=z0@OY.
%JAVA_HOME%\bin\java -ms64m -mx128m -xms200m -xx:MaxPermSize=128m
nC.ILG 86, #:. C:[!- G` _N ^p. }_ AN<:G v W BEA
WebLogic ServerG v|! {% Ge | )b! kX-B BEA &0 .-& |6O
JC@. nC.ILG /fG Xg | )b& G0OAi nC.ILG; W:.X_ U
OY.
&QgW
1. Tivoli Access Manager for WebLogic: x/ Wl 8:x(Wl ;G Wl); v
xOv J@OY.
2. Tivoli Access Manager for WebLogic: Y_ Tivoli Access Manager 5^N
; vxOv8 " 5^N! kQ sec_master gkZB sec_master)_ UOY. o,
" Tivoli Access Manager 5^N! kQ L gkZL'; /fOb 'Q IG
L vg &xGv J@OY.
3. BEA WebLogic Server 8.1!-B Wl L'! ″-″ .Z! vxGv J8GN W
l L'8N any-other kE anyother& gkOJC@.
4. Active Directory! kX Tivoli Access Manager for WebLogic; 8:R ',
AdminGroupProp=Administrators 3$; Y% 3$8N /fX_ UOY. LB
Active Directory! administrators WlLLL 8gOGN 8:L GPOb '
.TOY. Tivoli Access Manager for WebLogic; 8:Om Tivoli Access
Manager for WebLogic |'& [:Ob |! ]eC L& v`X_ UOY.
5. Tivoli Access Manager for WebLogic \V; gkO)*R W policy& [:
R 'B C# &QgWL vxGv J@OY. policy GB *R!B gkZ GB W
l; _!R v x@OY. *Rz policy gL!B ″OR″ 8 gkR v V8g,
″AND″B vxGv J@OY.
& 5 e |. B:) 47
6. Tivoli Access ManagerB b;{8N N C# ?H gkZ GQ $8& 3CUO
Y. PdPerm.propertiesG appsvr-credcache-life /:; ;EO) L C#*
; 8:R v V@OY.
7. WebLogic Server Console Extension! kQ Tivoli Access Manager Plug-in for
Web Servers GB WebSEAL!- L[ gN BL vxGv J@OY. W/* N
M]!- W<:OB gkZB O]{8N WebLogic -v \V; gkR v x8
GN LB + .&! Gv J@OY.
KAx .&! W.&Xa f}
1. Active Directory gkZ 9v:..& gkO) 3!Oi Nu nC.ILG; h
!R ' .&! _}R v V@OY. L .&!: Administrator Wl W C:[
gkZ! kXOeZeH *R JN! GQ MTOY. Active Directory!-
Administrator Wl W C:[ gkZB g| $GH MLGN &ER v x@O
Y. Li @y& &EOm Nu nC.ILG!CY% 8HL h!G5O OAi,
certificate.war % nC.ILGG h! p:)3M& m}O) Xg JN; &
EOm G& Administrator Wl W C:[ gkZ! XgOB JN; _!OJC
@.
2. BEA WebLogic Server v| 8.1!B Tivoli Access Manager for WebLogicL
\V!- policy ;E; v`R v V5O ckOv JB .&!LV@OY. L .
&!G BEA WebLogic Server /f d;(CR) x#B CR125113TOY. BEA
WebLogic Server 8.1 -q: Q!- L .&!L $$I 'nv \V; gkQ
policy ;E: vxGv J@OY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
48
& 6 e &E vCgW
Le!-B IBM Tivoli Access Manager for WebLogic Server& &EOB f}!
kX 3mUOY.
Y=}GvCgW; OaOJC@.
v :Solaris!- &E;
v 50 dLvG :Windows!- &E;
v 50 dLvG :AIX!- &E;
v 51 dLvG :HP-UX!- &E;
Solaris!- &E
Tivoli Access Manager for WebLogicG &E& x`Ob |! Tivoli Access Manager
|'& h&Om Tivoli Access Manager for WebLogic; 8: X&_Bv .NOJ
C@. Li B:)G v`! kQ Z<Q ;k: 45 dLvG :Tivoli Access Manager
|' h&; W 46 dLvG :Tivoli Access Manager for WebLogic 8: X&;&
|6OJC@.
Solaris!- Tivoli Access Manager for WebLogic; &EOAi pkgrm; gkOJ
C@. Y= vCgW; OaOJC@.
1. rootNNWNOJC@.
2. Tivoli Access Manager for WebLogic; &EOAi Y= mI;TBOJC@.
# pkgrm PDWLS
1CQ P0vG &E& .NOB ARA.! %CKOY. y& TBOJC@.
3. &E AN<: ?H :)3.! super gkZ GQ8N G`I M; K.B fm!
%CKOY. y& TBOJC@.
DOL &EI ' " DOL sB ^Cv! *-KOY. postremove :)3.! G`
H D, RA.~n P0v! &EGzYB sB ^Cv! %CKOY. pkgrm /?.<
! >aKOY.
Tivoli Access Manager for WebLogic P0v! &EGz@OY.
IBM Tivoli Access Manager b; g| 3! RA.~n(Tivoli Access Manager b
; 18S /f, Tivoli Access Manager b; JRE(Java Runtime Environment) W
1C{ Tivoli Access Manager nC.ILG 3_ 6)& &EOAi IBM Tivoli Access
Manager
b; 3! H;-
& |6OJC@.
© Copyright IBM Corp. 2003 49
Windows!- &E
Tivoli Access Manager for WebLogicG &E& x`Ob |! Tivoli Access Manager
|'& h&Om Tivoli Access Manager for WebLogic; 8: X&_Bv .NOJ
C@. Li B:)G v`! kQ Z<Q ;k: 45 dLvG :Tivoli Access Manager
|' h&; W 46 dLvG :Tivoli Access Manager for WebLogic 8: X&;&
|6OJC@.
Windows ANW% _!/&E FL\ NMdL:& gkO) Tivoli Access Manager
for WebLogic DO; &EOJC@. Y= vCgW; OaOJC@.
1. |.Z GQLVB Windows gkZNNWNOJC@.
2. ANW% _!/&E FL\; N x )#JC@.
3. Access Manager for WebLogic Application Server& 1COJC@.
4. /f/&E& )#JC@.
5. .N; )#JC@.
Tivoli Access Manager for WebLogic DOL &EKOY.
/v8v|. Oa k- sZ! %CKOY.
AIX!- &E
Tivoli Access Manager for WebLogicL &EGz@OY.
IBM Tivoli Access Manager b; g| 3! RA.~n(Tivoli Access Manager b
; 18S /f, Tivoli Access Manager b; JRE(Java Runtime Environment) W
1C{ Tivoli Access Manager nC.ILG 3_ 6)& &EOAi IBM Tivoli Access
Manager
Tivoli Access Manager for WebLogicG &E& x`Ob |! Tivoli Access Manager
|'& h&Om Tivoli Access Manager for WebLogic; 8: X&_Bv .NOJ
C@. Li B:)G v`! kQ Z<Q ;k: 45 dLvG :Tivoli Access Manager
|' h&; W 46 dLvG :Tivoli Access Manager for WebLogic 8: X&;&
|6OJC@.
AIX P0v! kQ Tivoli Access Manager for WebLogic; &EOAi installp /
?.<& gkOJC@.
IBM Tivoli Access Manager b; g| 3! RA.~n(Tivoli Access Manager b
; 18S /f, Tivoli Access Manager b; JRE(Java Runtime Environment) W
1C{ Tivoli Access Manager nC.ILG 3_ 6)& &EOAi IBM Tivoli Access
Manager
b; 3! H;-
b; 3! H;-
& |6OJC@.
& |6OJC@.
50
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
HP-UX!- &E
Tivoli Access Manager for WebLogicG &E& x`Ob |! Tivoli Access Manager
|'& h&Om Tivoli Access Manager for WebLogic; 8: X&_Bv .NOJ
C@. Li B:)G v`! kQ Z<Q ;k: 45 dLvG :Tivoli Access Manager
|' h&; W 46 dLvG :Tivoli Access Manager for WebLogic 8: X&;&
|6OJC@.
swremove& gkO) Tivoli Access Manager for WebLogic DO; &EOJC@.
Y= vCgW; OaOJC@.
1. rootNNWNOJC@.
2. Tivoli Access Manager for WebLogic; &EOAi Y= mI;TBOJC@.
# swremove PDWLS
OCG sB ^Cv! %CKOY. P. \h! OaGz=; K.B sB ^Cv
! %CKOY. swremove /?.<B Oep:)!- Tivoli Access Manager for
WebLogic DO; &EUOY.
&E! OaGi, swremove /?.<! >aKOY.
L& HP-UX!- Tivoli Access Manager for WebLogicL &EGz@OY.
IBM Tivoli Access Manager b; g| 3! RA.~n(Tivoli Access Manager b
; 18S /f, Tivoli Access Manager b; JRE(Java Runtime Environment) W
1C{ Tivoli Access Manager nC.ILG 3_ 6)& &EOAi IBM Tivoli Access
Manager
b; 3! H;-
& |6OJC@.
& 6 e &E vCgW 51
52 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
NO A. /: DO |6
Tivoli Access Manager for WebLogic; 8:Om |'& [:R ' TBGB %L
MB /: DO! zeKOY. Li /: DO: Tivoli Access Manager for WebLogic
G[?; /fOB % gkR v V@OY.
/: DO: java_home/amwls/wls_domain_name/wls_realm_name/! 8gUOY.
)b- wls_domain_name: 8:H BEA WebLogic Server 5^NG L'Lm
wls_realm_name:L5^N ;! 8:H BEA WebLogic Server |'G L'TO
Y.
Y=z0L < 3G /: DOL V@OY.
v amsspi.properties
BEA WebLogic Server! /$Q SSPI bI! kQ 8: /:L in V@OY.
v rbpf.properties
Tivoli Access Manager for WebLogic! kQ 8: /:L in V@OY. 9&
in, 3C 3$, *R /: W Tivoli Access Manager 8# @j'. x# AWL
J L'TOY.
v amwlsjlog.properties
L DO! VB E3/vB v`H _{/^CvG g; wTO) Tivoli Access
Manager for WebLogic! kQ Nk W _{; &nUOY. _{; 0:-Oi Tivoli
Access Manager for WebLogicG :I!5b; Y v VYB !; VvOJC@.
.&!G xN; G0OAm C5R '8 _{; 0:-R M; GeUOY.
Y=}!-B " /: DO! VB E3/v! kX 3mUOY.
*** %CB Tivoli Access Manager for WebLogic; 8:R ' TBGv JB /:
; *8@OY. Li /:: 8: C#! b;*8N 3$KOY. Li *; b;* L
\G Y% *8N 3$OAi |'& [: W 8:Ob |! Xg .in DO! VB /
: *; /fX_ UOY. config W create_realm 6!B .in DOG *; gkO)
ACL W Tivoli Access Manager 8# @j'.& [:OGN 8:OE* |'& [
:Q D!B /fR v x@OY. Y=}!- ***N %CGv J: /:: 8: LD
! 1T /fR v V@OY.
.in DO: pdwls_install_dir/etc!- #; v V@OY.
amsspi.properties
L}!-B amsspi.properties DO! VB /:; *-Om 3mUOY.
© Copyright IBM Corp. 2003 53
com.tivoli.amwls.sspi.config.DeployerGroupProp***
b;*: DeployersTOY. b;{8N, BEA WebLogic Server!B W 3G
|. WlLVB%, L /:: gkZ! Deployers |. WlGL';
Deployers L\G Y% L'8N /fR v V5O UOY.
com.tivoli.amwls.sspi.config.MonitorGroupProp***
b;*: MonitorsTOY. b;{8N, BEA WebLogic Server!B W 3G
|. WlLVB%, L /:: gkZ! Monitors |. WlGL'; Monitors
L\G Y% L'8N /fR v V5O UOY.
com.tivoli.amwls.sspi.config.OperatorGroupProp***
b;*: OperatorsTOY. b;{8N, BEA WebLogic Server!B W 3G
WlLVB%, L /:: gkZ! Operators |. WlGL'; Operators
L\G Y% L'8N /fR v V5O UOY.
com.tivoli.amwls.sspi.config.AdminGroupProp***
b;*: AdministratorsTOY. b;{8N, BEA WebLogic Server!B W
3G |. WlLVB%, L /:: gkZ! Administrator |. WlGL
'; Administrators L\G Y% L'8N /fR v V5O UOY. Windows
! LL AdministratorssB |. Wl;LL !vm Vb '.! L /:;
;EX_ OGN Active Directory& gkOB C:[! kX _dQ /:T
OY.
com.tivoli.amwls.sspi.Authentication.GroupRegistryDelete
b;*: trueTOY. L /:: Tivoli Access Manager WlL h&I ' b
; p:d.!- WlL h&GBv )N& a$UOY. LB pdadmin; g
kO) Wl; h&R ' -registry C!W& Qm tB Mz ?OUOY.
com.tivoli.amwls.sspi.Authentication.UserRegistryDelete
b;*: trueTOY. LB Tivoli Access Manager gkZ! h&I ' b;
p:d.!- gkZ! h&GBv )N& a$UOY. LB pdadmin; gk
O) gkZ& h&R ' -registry C!W& Qm tB Mz ?OUOY.
com.tivoli.amwls.sspi.Authentication.ssoEnabled
b;*: falseTOY. BEA WebLogic Server! kQ Tivoli Access Manager
Plug-in for Web Servers GB WebSEAL!- L[ gN B; gk !I/g
k R!I8N 3$UOY.
com.tivoli.amwls.sspi.Authentication.ssoTrustId
L[ gN B; v`Ob 'X WebSEAL GB Tivoli Access Manager Plug-in
for Web ServersM EZ ,|; .3OB % gkGB gkZ
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
54
com.tivoli.amwls.sspi.Authentication.ssoPasswdExpiry
b;*: 120(P)TOY. L /:: SSO EZ IDGNuL 3CGB C#(P)
; v$UOY. L C#L OaGi, SSO gkZBY= x SSO C5 C Tivoli
Access Manager! kX NuKOY.
com.tivoli.amwls.sspi.RoleMapper.EnableWebProgRolecheck
b;*: trueTOY. L /::%ANW%D *R !K; gk !I GB g
k R!IOT UOY. L /:: |.Z! % nC.ILG! kQANW%
D 8H; x v V5O UOY.
com.tivoli.amwls.sspi.RoleMapper.EnableEjbProgRolecheck
b;*: trueTOY. L /:: EJB ANW%D *R !K; gk !I GB
gk R!IOT UOY. L /:: |.Z! EJB! kQANW%D 8H;
x v V5O UOY.
com.tivoli.amwls.sspi.Authentication.GroupDNPrefix
LDAPG fl, b;*: cn=TOY. L /:: \V .e8NNM Wl;[
:R ' |.Z! "Nn& /fR v V5O UOY.
com.tivoli.amwls.sspi.Authentication.UserDNPrefix
LDAPG fl, b;*: cn=TOY. L /:: \V .e8NNM gkZ& [
:R ' |.Z! "Nn& /fR v V5O UOY.
rbpf.properties
L}!-B rbpf.properties DO! VB /:; *-Om 3mUOY.
com.tivoli.pd.as.rbpf.ProductName
b;*: PDWLSTOY. Tivoli Access Manager @j'. W ACL;[:
R ' V. W 3m!- L /:; gkUOY.
com.tivoli.pd.as.rbpf.RoleContainerName***
b;*: RolesTOY. 8: D, L /:: Roles/$WLS_Domain_Name
/$WLS_Realm_Name8N /fKOY. )b- WLS_Domain_Name: 8:H
BEA WebLogic Server 5^NG L'Lm, WLS_Realm_Name: 8:H BEA
WebLogic Server |'G L'TOY.
com.tivoli.pd.as.rbpf.ResourceContainerName***
b;*: ResourcesTOY. 8: D, L /:: Resources/
$WLS_Domain_Name/$WLS_Realm_Name8N /fKOY. )b-
WLS_Domain_Name: 8:H BEA WebLogic Server 5^NG L'Lm,
WLS_Realm_Name: 8:H BEA WebLogic Server |'G L'TOY.
NO A. /: DO |6 55
com.tivoli.pd.as.rbpf.PosRoot***
b;*: WebAppServerTOY. L /:: Tivoli Access Manager for
WebLogic! VB pg *R W Zx! kQ @j'. x#G}k g.TO
Y.
com.tivoli.pd.as.rbpf.ProductId***
b;*: WLSTOY. L /:: PosRoot *z aUO) pg *R W Zx
! kQ @j'. x#G g.& |:UOY.
com.tivoli.pd.as.rbpf.AMActionGroup***
b;*: WebAppServerTOY. L /:: Tivoli Access Manager for
WebLogic W<: a$L !KR 6!& zeOB % gkGB 6! WlG b
; L'TOY.
com.tivoli.pd.as.rbpf.AMAction***
b;*: #b(invoke)! kQ iTOY. L 6!B Tivoli Access Manager for
WebLogicL W<: a$; v`R ' !KGg, AMActionGroup! _!KO
Y.
com.tivoli.pd.as.cache.EnableDynamicRoleCaching
b;*: trueTOY. L /:: ?{ *R 3L; gk !I GB gk R!
IOT UOY. pg 8k *R, o, |. *R L\G *R; 3COAi ?{
*R 3C& gkUOY. `$ W N$ *R 8:x; 3CUOY.
com.tivoli.pd.as.cache.DynamicRoleCache
b;*: com.tivoli.pd.as.cache.DynamicRoleCacheImplTOY. L /:: ?
{ *R 3L; v`OB % gkGB ,!:TOY. JdQ fl, gkZG ?
{ * R 3 C& 8 vR v V @ OY. L B com.tivoli.pd.as.cache.
IDynamicRoleCache NMdL:& 8vO) v`R v V@OY.
com.tivoli.pd.as.cache.DynamicRoleCache.NumBuckets
b;*: 20TOY. L /:: ?{ *R 3C Wq;zeOB % gkGB
b; XC WLm!- gkX_ OB v6G v& v$UOY.
com.tivoli.pd.as.cache.DynamicRoleCache.MaxUsers
b;*: 100000TOY. L /:: 3C! VB pg v6! kQ Q Wq v
TOY. L }Z& NumBucketsN *)i "30 v6G
OY.
com.tivoli.pd.as.cache.DynamicRoleCache.RoleLifetime
b;*: 20TOY. L /:: `$ W N$ ?{ *R 3C a$L 3C! 2
F VB C#(J); v$UOY.
com.tivoli.pd.as.cache.DynamicRoleCache.PrincipalLifeTime
b;*: 10TOY. L /:: A0C^(gkZ) GQ $8! Tivoli Access
Manager for WebLogic 3C! zeGB C#(P); v$UOY.
Vk
)b!a$K
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
56
PdPerm.properties * appsvr-credcache-lifeB GQ $8! PDJRTE! 3
CGB C#; a$QYB !; VvOJC@. Tivoli Access Manager for
WebLogic: PDJRTE!- pg GQ $8& .8UOY. {s- L *L
appsvr-credcache-life8Y {; fl, LB Tivoli Access Manager for
WebLogicL PDJRTE!- 3CH GQ $8& KvR ' cDa}OY.
com.tivoli.pd.as.cache.EnableStaticRoleCaching
b;*: trueTOY. L /:: ${ *R 3L; gk !I GB gk R!
IOT UOY. ${ `R 3CB |. *R! kQ `$ W N$ *R 8:x
; 3COB % gkKOY. L 3CB WqL 8aGv JB M; &\OmB
?{ *R 3CM ?OUOY. LB L/Q *R! kQ 8:xL /fGv J
8GN |. *RG :I; 31UOY.
com.tivoli.pd.as.cache.StaticRoleCache
b;*: com.tivoli.pd.as.cache.StaticRoleCacheImplTOY. L /:: ${ *
R 3L; v`OB % gkGB ,!:TOY. JdQ fl, gkZG ${ *
R 3C& 8vR v V@OY. LB com.tivoli.pd.as.cache.
IStaticRoleCache NMdL:& 8vO) v`R v V@OY.
com.tivoli.pd.as.cache.StaticRoleCache.Roles
b;*: Admin, Operator, Monitor, DeployerTOY. L /:: 0%N 8
PH |. *R qO; 8/UOY. L qO! VB *R 8:x: ?{ *R
3C8YB ${ *R 3C! _!KOY. b8 pg *R 8:x: ?{ *R
3C! 3CKOY.
com.tivoli.pd.as.cache.EnableObjectCaching
b;*: trueTOY. L /:: @j'. 3L; gk !I GB gk R!I
OT UOY. L @j'. 3CB .e S:; wTQ pg Tivoli Access
Manager @j'.& 3COB % gkKOY. L& gkO) n2 BEA
WebLogic Server Zx! kX n2 *RL W<: N)GBv 3LR v V
8g, {s- " Zxd;! kX Tivoli Access Manager Authorization
Server& 68X_ OB Jd:; }+R v V@OY.
com.tivoli.pd.as.cache.ObjectCache
b;*: com.tivoli.pd.as.cache.ObjectCacheImplTOY. L /:: @j'.
3L; v`OB % gkGB ,!:TOY. JdQ fl, gkZG @j'. 3
C& 8vR v V@OY. LB com.tivoli.pd.as.cache.IObjectCache NMdL
:& 8vO) v`R v V@OY.
com.tivoli.pd.as.cache.ObjectCache.NumBuckets
b;*: 20TOY. L /:: b; XC WLm!@j'. 3C Wq;ze
OB % gkGB v6G v& v$UOY.
NO A. /: DO |6 57
com.tivoli.pd.as.cache.ObjectCache.MaxResources
b;*: 10000TOY. L /:: 3C! VB pg v6! kQ Q Wq v
& v$UOY. L }Z& NumBucketsN *)i " v6G Vk )b!a
$KOY.
com.tivoli.pd.as.cache.ObjectCache.ResourceLifeTime
b;*: 20TOY. L /:: @j'. 3C!- @j'.! 88GB C#(P)
; v$UOY.
com.tivoli.pd.as.rbpf.UncheckedRoles
b;*: Unchecked, AmasUnckeched, AnonymousTOY. L /:: 0%N
8PH J2EE 1C kR *R qO; v$UOY. *-H *R _!- BEA
WebLogic Server Zx! kQ W<:! N)Gv J: *RLVB fl, p
g gkZB n2 8k *RL 7NGzBv! |hxLL! kQ W<:&
N)^@OY. gkZM Wl:Li *R! _!I v x@OY. Li *R:
pg gkZ(NuGv J: gkZ wT)!T /$ Zx! kQ W<:& N)
OB ?2{N f}; %CUOY. Tivoli Access Manager for WebLogic 8
:LL<)Gv J: *R; )/ b; BEA WebLogic Server Zx! _
!R ' Anonymous *R: Ws L qO! 2F Vn_ UOY. L /::
8: |! 3$RJdB xv8 O\ 3$H D!B /fOv JF_ UOY.
com.tivoli.pd.as.rbpf.ExcludedRoles
b;*: Excluded, AmasExcludedTOY. L /:: 0%N 8PH J2EE &
\*R qO; v$UOY. {s-, Li *R _ Zx! 7NH *RLVB
fl, gkZB n2 8k *RL 7NGzBv! |hxLL! kQ W<:
! N)Gv J@OY. Li J2EE &\*R: pg gkZ! kX /$ Zx
! kQ W<:& ENOB ?2{N f}; %CUOY. L /:: 8: |!
3$RJdB xv8 O\ 3$H D!B /fOv JF_ UOY.
com.tivoli.pd.as.rbpf.GrantUnprotectedAccess
b;*: trueTOY. L /:: 8#Gv JB d;H Zx, o, n0Q *R
5 N)Gv J: @j'.! kX W<:& N) GB ENR MNv& v$
UOY.
com.tivoli.pd.as.rbpf.CopyParentRole***
b;*: falseTOY. |.ZB L /:; gkO) 8Y /$ 9'G *R(9
: nC.ILG 9'G *R);[:R ' s' 9'! $GH *R 8:x(9
: [Nz *R); 9gX_ OBv )N& v$R v V@OY. Tivoli Access
Manager!- L /:: [Nz 9'! 7NH ACLG pg 8:x; nC.
ILG 9'G @j'.! 7NH ACLN 9gOB [w; wTUOY. L /
:: |.Z!T u *R;[:R ' *R 8:x! sSG 3d;{kR v
VB bI; &xUOY. O]{8N L /::
PropogateChileRolez ?OQ *8N 3$Gn_ UOY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
58
com.tivoli.pd.as.rbpf.PropagateChildRole***
b;*: falseTOY. |.ZB L /:; gkO) s' 9'! $GH *R
8:x(9: [Nz *R)! [:H /fgWL O' *R(9: nC.ILG 9
'G *R)!5 [:GBv )N& v$R v V@OY. o, userA& [Nz *
R RoleA! _!R ' userA& GQ nC.ILG 9'G RoleA! _!UO
Y. L8T Oi *R 8:x; ;ER ' CopyParentRole; bsC0m u
*F! *R 8:x sS;{kUOY. O]{8N L /:: CopyParentRole
z ?OQ *8N 3$Gn_ UOY.
com.tivoli.pd.as.rbpf.UseEntitlements
b;*: falseTOY. L /:: n2 *R! n2 Zx! kQ W<:! N)
GzBv! |Q $8& v}OB % Tivoli Access Manager Authorization
ServerGN8L2U. -q:& gkX_ OBv )N& %CUOY. b;*:
falseLGN, VR Tivoli Access Manager -q: v& 3$O) Tivoli Access
Manager for WebLogic; G`C3 v V@OY. W/*, L /:: Tivoli
Access Manager Policy Server! kX \O GP v!; !vGN W:. /
f!-B falseN8 3$Gn_ UOY. N8L2U. -q:B GQ ;N @j
'. 3L! bJO) N@ u t: 9'!-v`UOY. {s-, ANvG /
f!- L *: Ws trueN 3$Gn_ UOY.
com.tivoli.pd.as.rbpf.EntitlementsUser
b;+: Tivoli Access Manager for WebLogic remote-acl-userTOY. L
/::N8L2U. -q:& gkO)@j'. Kv; v`OB % gkG
B gkZ& 8/UOY. N8L2U. -q:B Tivoli Access Manager 8
# @j'. x#G gkZ d; @j'.! -v |. O] ‘s’ GQ; N)
^RBv .NUOY. config& v`OB ?H romote-acl-userB iv-admin W
l! _!Gm L GQL N)KOY. L gkZ& /fO) gkZ d; @j
'.& ;ER v Vv8, L ugkZ! Tivoli Access Manager 8# @j
'. x#G Resources AWLJ! kX ‘s’ GQ; N)^RBv .NX_ U
OY.
com.tivoli.pd.as.rbpf.IgnorePasswordPolicyOnUserCreate
b;*: falseTOY. |.ZB L /:; gkO) BEA WebLogic Server
\V; kX u Tivoli Access Manager gkZ& [:R ' O# policy&
+CR v V@OY.
com.tivoli.pd.as.rbpf.DeleteBaseRoleRecursive
b;*: trueTOY. L /:: s' *R; h&R ' pg O' *R; h
&R MNv )N& %CUOY.
NO A. /: DO |6 59
amwlsjlog.properties
amwlsjlog.properties DO: %X JLog /: DOTOY. L DO: Tivoli Access
Manager for WebLogicz PDJRTE!- ^Cv |^ W _{; &nOB % gkK
OY.
amwlsjlog.properties DO! wTH /:L kNP L %G q{! {UOv J8
GN L}!-B pg /:; *-Ov J@OY. L DO!- ^Cv |^ W _{;
gk GB gk R!IOT R v V@OY.
amwlsjlog.properties DOG Wq: h~ 86{TOY. )/ 8:dR! kQ N
k; Qx! QE* \O 8:dR! kX Nk; S v V@OY.
Nk; QAi, \xw Nk; gk !IOT OAB 8:dR! isLogging /:; _
!OJC@. F!! *-H Wq: Tivoli Access Manager for WebLogicL vxO
B _{ W ^Cv |^ 8:dRTOY. Li *-H /: _ O* GB pN! kX
_{/^Cv |^; gk !IOT R v V@OY. Y=: " 8:dR! v`OB [
w; #+OT 3mUOY.
8:dR3m
AmasRBPFTraceLogger Tivoli Access Manager for WebLogicG ;N
AmasCacheTraceLogger pg Tivoli Access Manager for WebLogic 3C
AMSSPICfgTraceLogger Tivoli Access Manager for WebLogicG config
AMSSPIAuthzTraceLogger Tivoli Access Manager for WebLogicG GQ &
AMSSPIAuthnTraceLogger Tivoli Access Manager for WebLogicGNu&
AMSSPIRoleMapperTraceLogger Tivoli Access Manager for WebLogicG *R J
AMSSPIResourceManagerTrace
Logger
AmasCacheMessageLogger Tivoli Access Manager for WebLogicG ;N 6
AmasRBPFMessageLogger pg Tivoli Access Manager for WebLogic 3C
AMSSPICfgMessageLogger Tivoli Access Manager for WebLogicG config
AMSSPIAuthzMessageLogger Tivoli Access Manager for WebLogicG GQ &
_{
6[! kQ _{
! kQ 6[
6[! kQ _{(9: *R [:)
xZ! kQ _{
xZ! kQ _{
N &xZ! kQ _{
Tivoli Access Manager for WebLogic ;GZx
|.Z! kQ _{
^Cv |^
[! kQ ^Cv |^
! kQ ^Cv |^
6[! kQ ^Cv |^(9: *R [:)
xZ! kQ ^Cv |^
60 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
8:dR3m
AMSSPIAuthnMessageLogger Tivoli Access Manager for WebLogicGNu&
xZ! kQ ^Cv |^
AMSSPIRoleMapperMessage
Logger
AMSSPIResourceManager
MessageLogger
Tivoli Access Manager for WebLogicG *R J
N &xZ! kQ ^Cv |^
Tivoli Access Manager for WebLogic ;GZx
|.Z! kQ ^Cv |^
'G " 8:dRB baseGroup traceLogger W baseGroup messageLogger& .
eUOY. {s-, /: DO!- LiG /:: Y= 9&M /gOT *83OY.
baseGroup.AMSSPIAuthnMessageLogger.isLogging=true
'G 9&B Tivoli Access Manager for WebLogicGNu&xZ =G! kQ ^C
v |^; gk !IOT UOY. GQ &xZ& &\Q pg 8:dR! kQ _{;
gk !IOT OAi Y= sN; _!OJC@.
baseGroup.TraceLogger.isLogging=true
baseGroup.AMSSPIAuthzMessageLogger.isLogging=false
o, pg Y% _{ 8:dRB\xw b; NW ANW%!- true *; sSUOY.
L! ]X, GQ NW ANW%: true *; falseN cD9OY.
NO A. /: DO |6 61
62 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
NO B. mI |% |6
© Copyright IBM Corp. 2003 63
AMWLSConfigure -action config
Tivoli Access Manager for WebLogic Server& 8:UOY.
8.
AMWLSConfigure -action config -domain_admin domain_admin
-domain_admin_pwd domain_admin_password -remote_acl_user remote_acl_user
-sec_master_pwd sec_master_pwd -pdmgrd_host pdmgrd_host -pdacld_host
pdacld_host [-deploy_extension {true|false}] [-wls_server_url wls_server_url]
[-am_domain am_domain] [-pdmgrd_port pdmgrd_port] [-pdacld_port pdacld_port]
[-amwls_home amwls_home] [-verbose {true|false}]
E3/v
-am_domain am_domain
Tivoli Access Manager 5^NG L'; v$UOY. b; 5^N: DefaultTO
Y.
-amwls_home amwls_home
Tivoli Access Manager for WebLogic Server 3! p:d.! kQ fN& v
$UOY.
-deploy_extension {true|false}
trueN 3$R fl Tivoli Access Manager Web Logic Server v| 5.1 \V
.e; h!UOY. b;*: trueTOY.
-domain_admin domain_admin
WebLogic 5^N |.Z& v$UOY.
-domain_admin_pwd domain_admin_password
WebLogic 5^N |.Z O#& v$UOY.
-pdacld_host pdacld_host
Tivoli Access Manager Authorization Server #:. L'; v$UOY.
-pdacld_port pdacld_port
Tivoli Access Manager Authorization Server w. x#& v$UOY. b; w
. x#B 7136TOY.
-pdmgrd_host pdmgrd_host
Tivoli Access Manager Policy Server #:. L'; v$UOY.
-pdmgrd_port pdmgrd_port
Tivoli Access Manager Policy Server w. x#& v$UOY. b; w. x#
B 7135TOY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
64
!k:
-remote_acl_user remote_acl_user
Authorization Serverk8N [:GB Tivoli Access Manager A0C^(gkZ)
; v$UOY.
-sec_master_pwd sec_master_pwd
Tivoli Access Manager |. gkZ O#(8k sec_master)& v$UOY.
-verbose {true|false}
trueN 3$R fl Z<Q bB; gk !IOT UOY. b;*: falseTOY.
-wls_server_url wls_server_url
NC WebLogic -v! kQ URL; v$UOY. b;*: t3://localhost:7001
TOY.
L mI: Y=z0: b; 3! p:d.! '!UOY.
v UNIX:
/opt/pdwls/sbin/
v Windows C:[G fl:
.O Ze
C:\Program Files\Tivoli\pdwls\sbin\
b;* L\G Y% 3! p:d.& 1CR ', L/?.<B 3! p:d. F!G
sbin p:d.(9: install_dir\sbin\)! '!UOY.
Y=z0: >a sB Ze! .OI v V@OY.
0 mIL OaGz@OY.
1 mI! GP_@OY.
mI! GPOi @y ^Cv! %CKOY. .&!GZ<Q 3m! kX-B IBM
Tivoli Access Manager Error Message Reference& |6OJC@.
NO B. mI |% |6 65
AMWLSConfigure -action unconfig
Tivoli Access Manager for WebLogic Server& 8: X&UOY.
8.
AMWLSConfigure -action unconfig -domain_admin_pwd domain_admin_pwd
-sec_master_pwd sec_master_pwd [-verbose {true|false}]
E3/v
-domain_admin_pwd domain_admin_pwd
Tivoli Access Manager for WebLogic Server 5^N |.Z O#& v$UOY.
-sec_master_pwd sec_master_pwd
Tivoli Access Manager |. gkZ O#(8k sec_master)& v$UOY.
-verbose {true|false}
trueN 3$R fl Z<Q bB; gk !IOT UOY. b;*: falseTOY.
!k:
L mI: Y=z0: b; 3! p:d.! '!UOY.
.O Ze
v UNIX:
/opt/pdwls/sbin/
v Windows C:[G fl:
C:\Program Files\Tivoli\pdwls\sbin\
b;* L\G Y% 3! p:d.& 1CR ', L/?.<B 3! p:d. F!G
sbin p:d.(9: install_dir\sbin\)! '!UOY.
Y=z0: >a sB Ze! .OI v V@OY.
0 mIL OaGz@OY.
1 mI! GP_@OY.
mI! GPOi @y ^Cv! %CKOY. .&!GZ<Q 3m! kX-B IBM
Tivoli Access Manager Error Message Reference& |6OJC@.
66 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
AMWLSConfigure -action create_realm
WebLogic -v ;! 8H |'& [:UOY.
8.
AMWLSConfigure -action create_realm -realm_name realm_name
-domain_admin_pwd domain_admin_pwd -user_dn_suffix user_dn_suffix
-group_dn_suffix group_dn_suffix -admin_group admin_group [-user_dn_prefix
user_dn_prefix] [-group_dn_prefix group_dn_prefix] [-sso_enabled {true|false}]
[-sso_user sso_user] [-sso_pwd sso_pwd] [-verbose {true|false}]
E3/v
-admin_group admin_group
;N 8: k5! gkR Tivoli Access Manager Wl; v$UOY.
-domain_admin_pwd domain_admin_pwd
WebLogic 5^N |.Z O#& v$UOY.
-group_dn_prefix group_dn_prefix
Wl;[:R ' gkR 80 L'(DN) "Nn& v$UOY.
-group_dn_suffix group_dn_suffix
Wl;[:R ' gkR 80 L'(DN) "Ln& v$UOY.
-realm_name realm_name
[: _N WLS |'G L'; v$UOY.
-sso_enabled {true|false}
trueN 3$R fl L[ gN B 86 |.Z& gk !IOT UOY. b;*:
falseTOY.
-sso_pwd sso_pwd
L[ gN B gkZ(sso_user)G O#& v$UOY.
-sso_user sso_user
Tivoli Access ManagerM L[ gN B EZ ,|;[:Ob 'Q gkZ& v
$UOY.
-user_dn_prefix user_dn_prefix
gkZ& [:R ' gkR 80 L'(DN) "Nn& v$UOY.
-user_dn_suffix user_dn_suffix
gkZ& [:R ' gkR 80 L'(DN) "Ln& v$UOY.
-verbose {true|false}
trueN 3$R fl Z<Q bB; gk !IOT UOY. b;*: falseTOY.
NO B. mI |% |6 67
!k:
.O Ze
L mI: Y=z0: b; 3! p:d.! '!UOY.
v UNIX:
/opt/pdwls/sbin/
v Windows C:[G fl:
C:\Program Files\Tivoli\pdwls\sbin\
b;* L\G Y% 3! p:d.& 1CR ', L/?.<B 3! p:d. F!G
sbin p:d.(9: install_dir\sbin\)! '!UOY.
Y=z0: >a sB Ze! .OI v V@OY.
0 mIL OaGz@OY.
1 mI! GP_@OY.
mI! GPOi @y ^Cv! %CKOY. .&!GZ<Q 3m! kX-B IBM
Tivoli Access Manager Error Message Reference& |6OJC@.
68
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
AMWLSConfigure -action delete_realm
WebLogic -v!- 8H |'& h&UOY.
8.
AMWLSConfigure -action delete_realm -domain_admin_pwd domain_admin_pwd
[-registry_clean {true|false}] [-verbose {true|false}]
E3/v
-domain_admin_pwd domain_admin_pwd
WebLogic 5^N |.Z O#& v$UOY.
-registry_clean {true|false}
8: _ [:H gkZ W Wl; &EUOY. b;*: falseTOY.
-verbose {true|false}
trueN 3$R fl Z<Q bB; gk !IOT UOY. b;*: falseTOY.
!k:
L mI: Y=z0: b; 3! p:d.! '!UOY.
.O Ze
v UNIX:
/opt/pdwls/sbin/
v Windows C:[G fl:
C:\Program Files\Tivoli\pdwls\sbin\
b;* L\G Y% 3! p:d.& 1CR ', L/?.<B 3! p:d. F!G
sbin p:d.(9: install_dir\sbin\)! '!UOY.
Y=z0: >a sB Ze! .OI v V@OY.
0 mIL OaGz@OY.
1 mI! GP_@OY.
mI! GPOi @y ^Cv! %CKOY. .&!GZ<Q 3m! kX-B IBM
Tivoli Access Manager Error Message Reference& |6OJC@.
NO B. mI |% |6 69
70 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
NO C. VGgW
L $8B L9!- &xGB &0 W -q:k8N [:H MTOY. IBM: Y% 9
!!-B LZa! bzH &0, -q: GB bI; &xOv J; v5 V@OY. v
g gkR v VB &0 W -q:! kQ $8B Q9 IBM cgZ!T .GOJC
@. L %!- IBM &0, ANW% GB -q:& p^OB ML Xg IBM &0, A
NW% GB -q:8; gkR v VYB M;GLOvB J@OY. IBMG v{g
jG; 'XOv JB Q, bIs8N ?nQ &0, ANW% GB -q:& kE gk
R v V@OY. W/* qIBM &0, ANW% GB -q:G nk! kQ r! W K
u: gkZG %STOY.
IBM:L%!- Ygm VB /$ ;k! kX /c& 8/Om VE* vg /c
bx _O v V@OY. L %; &xQYm X- /c! kQ sL>:nv N)OB
M: FUOY. sL>:! kQ G.gW: Y=8N .GOJC@.
135-270
-o/0C -28 5n? 467-12, :Nx&8|ty
Q9 FL.q.% VD8g
m487>M
|-x#: 080-023-8080
2YL.(DBCS) $8! |Q sL>: .GB Q9 IBM m487>M! .GOE*
Y= VRN -i .GOCb YxOY
IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106, Japan
Y= \t: vv}z sfOB 59L* b8 9!!-B {kGv J@OY. IBM:
8NG G. q'X, s0: W /$ q{!G{U:! kQ ,C{ 8u; wTO)
(\, L! QOv J=) ,C{Lg mC{Lg n0Q >yG 8uxLL%; “vs
BkN” &xUOY. ON 9!!-B /$ E!!- mC{ GB ,C{ 8uG i%
gW; ckOv J8GN, L gWL{kGv J; v5 V@OY.
L $8!B bz{8N N$.Q ;kL* NbsG @y! V; v V@OY. L $
8B Vb{8N /fGg, /fH gW: VEG! kUKOY. IBM:L%!-3
mQ &0 W(GB) ANW%; g| kvxL p&gv 31 W(GB) /fR v V@
OY.
© Copyright IBM Corp. 2003 71
L $8!- p^GB qIBMG%gL.B\v mGs &xH M8N, n2 fD8
Ng Li % gL.& K#OmZ OB M: FUOY. Xg % gL.GZaB ;
IBM &0 ZaGON! FOGN Xg % gL. gk8N NQ 'h: gkZ ;N
L (vX_ UOY.
IBM: MOG G.& 'XOv JB |' ;!- {}OYm }"OB fD8N MO
! &xQ $8& gkOE* hwR v V@OY.
(i) 63{8N [:H ANW%z b8 ANW%(; ANW% wT) #G $8 3/ W
(ii) 3/H $8G s# Lk; q{8N $8& xOB ANW% sL>: gkZB
Y= VRN .GOJC@.
135-270
-o/0C -28 5n? 467-12, :Nx&8|ty
Q9 FL.q.% VD8g
m487>M
L/Q $8B Xg 6G(9& in, gka vR n)! {s gkR v V@OY.
L $8! bzH sL>:! N)H ANW% W gk !IQ pg sL>:! VB
ZaB IBML IBM b; h`, IBM ANW% sL>: h`(IPLA) GB LM ?n
Q h`! {s &xH MTOY.
; .-! wTH pg :I %LMB &QH /f!- jbH MTOY. {s- Y%
n5 /f!- rnx azB sgw Y& v V@OY. ON :I: 3_ 9' sBG
C:[!- x$Gz; v V8GN L/Q x$!! O]{8N gkGm VB C:[
!-5?OOT *8/ MLsmB 8uR v x@OY. GQ, ON :I: _$; k
X _xGz; v5 V8GN G& azBY& v V@OY. L %G gkZB Xg
%LM& gkZG /$ /f!- KuX_ UOY.
qIBM &0! |Q $8B Xg &0G x^w<, x3 Za GBY% b8 |k R
:NNM r: MTOY. IBM!-B L/Q qIBM &0; W:.Ov JR8GN, L
i &0z|CH :IG $.:, #/: GB b8 Ve! kX-B .ER v x@O
Y. qIBM &0G :I! kQ G.gW: Xg &0G x^w<! .GOJC@.
IBML &COB fb GB G5! |Q n0Q p^5 /0Q kvxL /fI v V
@OY.
L $8!B OsG qnO: n5!- gkGB Za W 8m-! kQ 9&! in
V@OY. L 9&!B !IQ O.OT3d; 3mOb 'X 3N, 8g, s% W &
0GL'L gkI v V@OY. Li L': pN !xG MLg G& bwGL'
W VRM /gOus5 LB |{8N l,TOY.
IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
72
s%
L $8& RA.+GN 8B fl!B gxz C/ p-! %CGv J; v5 V@O
Y.
Y= knB L9 GB b8 9!!- gkGB IBM CorporationG s% GB nO
s%TOY.
AIX
DB2
IBM
IBM Nm
SecureWayTivoli
Tivoli Nm
Microsoft, Windows, Windows NT W Windows NmB L9 GB b8 9!!-
gkGB Microsoft CorporationG s%TOY.
Java W pg Java b] nO s%M NmB L9 GB b8 9!!- gkGB Sun
Microsystems,IncG s% GB nO s%TOY.
UNIXB L9 GB b8 9!!- gkGB Open GroupG nOs%TOY.
b8 8g, &0 W -q: L': 8gG s% GB -q:%TOY.
NO C. VGgW 73
74 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
kn
!
!s #:.(virtual hosting). NM]! Q LsG #:.N *
8*5O OB % -vG bI
3Nk 0(private key). D;M 8H!-R/Z8L gkR v
xk 0
3Nk 0
5^N
(domain) |6
M k6
M k6
S::*
j
(rule) |6
V8N 8:Gg, 0
VB 0.
xk 0(public key). C:[ 8H!- pg gwL gkR v
VB 0.
|. 5^N(management domain). Tivoli Access Manager
! Nu, GQ N) W W<: &n& 'X 8H policy& {k
OB b; 5^N. L 5^N: Policy Server! 8:I ' [
:KOY.
|. -v(management server). u LsgkOv J@OY.
Policy Server |6
|. -q:(administration service). Tivoli Access Manager
Zx |.Z nC.ILG!- |. d;; v`Ob 'X gk
R v VB GQ API 18S C/WN. |. -q:B 8# @
j'... ;G /$ ke F!!@j'.& *-OB Mz
0L B:)& v`Ob 'X pdadmin mI; kX x] d;
! @dUOY. m4: GQ ADK& gkO) L/Q -q:&
3_R v V@OY.
80 L'(DN: distinguished name). p:d. ;!- Wq
; D0OB m/L'. 80 L':
%N 8PUOY.
8:(configuration). (1) $8 3. C:[G Oe~n W R
A.~n! 8:Gn s# ,aGB fD. (2) C:[, -jC:
[ GB W.v)& 8:OB C:[, pYL: W ANW%
GQ j(authorization rule).
|., \N GQ, GQ $8 v$, N8L2U. W PAC 6[N
MdL:! V@OY. m4: GQ ADK& gkO) L/Q -
q:& 3_R v V@OY.
GQ $8 v$ -q:(credentials modification service).
Tivoli Access Manager GQ $8& v$Ob 'X gkR v
VB GQ API 18S C/WN. m4L \N!- 3_Q GQ
$8 v$ -q:B GQ $8 S: qO! _!Om L qO!
- &EOB 6[; v`O5O &QGg, v$ !IQ M8N #
VGB S:i88N &QKOY.
GQ $8(credentials). Nu 5_! r:Z<Q $8N, gk
Z, Wl ,| W b8 8H |C ID S:! kX 3mUOY.
GQ $8& gkO) YgQ -q:(9: GQ, (g W 'S)&
v`R v V@OY.
GQ(authorization). (1) C:[ 8H!- C:[z kEOE
* C:[; gkR v V5O gkZ!T N)GB GQ. (2) @
j'., Zx GB bI! kQ O|OE* &QH W<:& g
kZ!T N)OB AN<:
GQ(permission). 8# @j'.(9: DO GB p:d.)! W
<:R v VBIB. @j'.! XgOB GQ v M GLB
ACL(Access Control List)!- $GKOY. ACL(Access Control
List) |6
[Nz gN B(GSO: Global Signon). gkZ! gkZL
' W O#& i#e % nC.ILG-v! &xR v V5O
OB 6k:VB L[ gN B VgG. [Nz gN B: \O
NWN; kX gkZ! gkR GQLVB D;C Zx! W
<:R v VT X ]OY. Lb>G Pj D;C /f ;!- )
/ C:[ W nC.ILG8N 8:H + TpG #MAsLn
! {UOT 8inx GSO& gkOi gkZB )/ gkZL
' W O#& |.Ov JF5KOY.
Signon) |6
L[ gN B
(SSO: Single
GQ -q: C/WN(authorization service plug-in). GQ API
;!--q: NMdL:& .eOB [w; v`Ob 'X, J
b- C Tivoli Access Manager GQ API 18S ,sLp.
!- NeR v VB ?{8NNe !IQ sLj/.(DLL G
B x/ sLj/.). vg gk !IQ -q: NMdL:!B
© Copyright IBM Corp. 2003 75
b; Nu(basic authentication). 8H BsNZx! W<:
R v VB GQL N)Gb! U-, gkZ! CY% gkZL
' W O#& TBX_ OB Nu ^Re
*
W.v) b] Nu(network-based authentication). gkZ
G IP(Internet Protocol) VR& YA8N @j'. W<:& &
nOB POP(Protected Object Policy). POP(Protect Object
Policy) |6
Y
Y_ dR Nu(multi-factor authentication). gkZ! N 3
LsGNu 9'; g kO) N uO5 O -& G `OB
POP(Protected Object Policy). 9& in, 8# Zx! kQ W
<: &n!- gkZB gkZL'/O#M gkZL'/d+ O
# ZeQYN NuX_ UOY. POP(Protected Object Policy)
|6
\h0 Nu(step-up authentication). g| 8:H Nu 9'
h~ 86! G8Og, ZxG policy <.! {s /$ 9'G
Nu; -& G`OB POP(Protected Object Policy). \h0 N
u POP& gkOi gkZ! Vnx Zx! W<:Ob 'X )
/9'GNu; gkOv JF5Gv8, gkZ! VRQ Z
x; 8#OB policy!- d8OB 9'!- NuX_ UOY.
L[ gN B(SSO: Single Signon). gkZ! Q x NWB
Oi ""G nC.ILG! 30{8NNWBOv Jm5 )/
nC.ILG! W<:R v VB bI.
Global Signon) |6
5^NL'(domain name). NM] ANd]:!- #:. C
:[GL'. 5^NL': P..ZN 8PGB OCG O'L
'8N 8:KOY. 9& in, #:. C:[G O|Q 5^N
L'(FQDN)L as400.rchland.vnet.ibm.comO fl, Y=: "
" 5 ^NL' TOY. as400.rchland.vnet.ibm.com,
vnet.ibm.com, ibm.com
5^N(domain). (1) xk -q:& x/Og 8k xkGB q
{8N bIOB gkZ, C:[ W ZxG m. Wl-. (2) %
LM 3. ZxL xk &n O! VB C:[ W.v) NP.
5^NL'
p:d. :06(directory schema). p:d.! *8/ v V
B CY% S: /| W @j'. ,!:. S: /| W @j'
. ,!:B S: * 8.(9& in, n2 S:L 8gX_ O
Bv, W.m p:d.! kX n2 S:L 8gR v VBv);
$GUOY.
(domain name) |6
[Nz gN B
(GSO:
pU(daemon). ,S GB Vb{8N C:[ |'G bI(9:
W.v) &n); v`Ob 'X +N8N G`GB ANW%. O
N pU: Xg B:)& v`Ob 'X Z?8N ..EGm, *
Sv pU: $b{8N [?UOY.
pvP -m(digital signature). e-commerce!- %LM \'
! _!GE* %LM \'G O# |[! XgOB %LMN, %
LM \' vEZ! \'G +a: W R:& .NOm '6 !
I:;NDR v VT UOY.
s
slCDO(routing file). ^Cv 8:; &nOB mI; w
TOB ASCII DO
18S(run time). C:[ ANW%; G`OB C#. 18S /
f: G` /fTOY.
9v:..(registry). gkZ, C:[ W RA.~n! kQ W
<: W 8: $8& wTOB %LM zeR
j(rule). L%. -v! L%. #G |h(L%. s|)& ND
Om L! {s Z? @d; G`R v V5O OB O* Ls
G m.mI.
6
6LW9LG(migration). L| v| GB 1.:& YYb '
XANW%G u v| GB 1.:& 3!OB M
^8%LM(metadata). zeH%LMG /:; 3mOB %L
M
Y
YNe(bind). ID& ANW% ;G Y% @j'.M |C~B
M. 9& in,ID& *, VR GBY% IDM |C~E*, |D
{N E3/v W G& E3/vM,|~B M
8H |.(security management). 6wG :x! _dQ %
LM W nC.ILGG W<:& &nOb 'Q 6wG IB;
v$OB |. T"
8# vX(quality of protection). Nu, +a: W AsLv
C 6G 6U8N G0GB %LM 8H vX
8# @j'. x#(protected object space). ACL W POP
& {kOb 'X gkOg gkZ W<: GQ N)! gkO
76 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
B G& C:[ ZxG !s @j'. %C.
(protected object) W POP(Protect Object Policy) |6
8# @j'.(protected object). ACL W POP& {kOb '
X gkOg gkZ W<: GQ N)! gkOB G& C:[
ZxG m. %C. POP(Protect Object Policy) W
'. x#
9&;(replica). Y% -vG p:d. g;; wTOB -v.
9&;: :I GB @d C#; bsC0m %LM +a:; 8
eOb 'X -v& iwUOY.
(protected object space) |6
8# @j'.
8# @j
F
O#-(encryption). C:[ 8H!- x! %LM& O# X
6 AN<:8; gkO) < v V5O -XQ |BN //O
B AN<:
O#(cipher). 0& gkO) 8k %LMN //(O# X6)G
b |!B P; v x5O O#-H%LM
W<: GQ(access permission). |< @j'.! {kOB W
<: GQ
m9Le(blade). nC.ILG /$ -q: W 8:dR& &
xOB 8:dR
qnO: N8L2U.(business entitlement). Zx! |Q G
Q d;!- gkR v VB Z<Q 6G; 3mOB gkZ G
Q $8G 8f S:
g
gkZ 9v:..(user registry).
gkZ(user). Y% 3N, 6w, AN<:, pYL:, ANW%,
ANd] GB C:[!- &xOB -q:& gkOB pg 3
N, 6w, AN<:, pYL:, ANW%, ANd] GB C:[
-q:(service). -v!-v`GB [w. -q:B %LM& 8
;E* zeOb 'Q \xQ d;LE*(DO -v, HTTP
Server, |Z lm -vWNE -v!-), u 9bQ [w(9:
Nb-v GB AN<: -vG -q:)O v V@OY.
S: qO(attribute list). GQ; a$Ob 'X gkOB .
e $8& wTOB 5)H qO. S: qO:
N 8:KOY.
:06(schema). %LM#L: 86& O|OT 3mOB mI
. <.N, %LM $G pnN %vKOY. |h| %LM#L:
!- :06B WLm, " WLmG Je, JeM WLm #G |
h& $GUOY.
9v:..
(registry) |6
L'=*
V8
W<: &n(access control). C:[ 8H!- GQLVB g
kZ8L GQL N)H fD8N C:[ Zx! W<:R v V
5O 8eOB AN<:.
*R v$(role assignment). gkZ! Xg *R! $GH @
j'.! |X {}Q W<: GQ; .B M33, gkZ!T *
R; v$OB AN<:
*R 0:-(role activation). *R! W<: GQ;{kOB
AN<:
,a(connection). (1) %LMkE!- $8 |^;'Q bI
e! gL! 3$GB ,|. (2) TCP/IP!- EZR v VB %
LM :.2 |^ -q:& &xOB N 3G ANd] nC.
ILG gLG fN. NM]!- ,a: Q C:[G TCP nC
.ILG!- Y% C:[G TCP nC.ILG8N .eUOY.
(3) C:[kE!- N C:[ gL GB C:[z pYL: g
L! %LM& |^R v VB 81
\N GQ -q:(external authorization service). Tivoli
Access Manager GQ a$ <NG ONN nC.ILG GB /
f /$ GQ a$;'X gkR v VB GQ API 18S C
/WN. m4: GQ ADK& gkO) L/Q -q:& 3_R
v V@OY.
@d DO(response file). ANW%!- d;OB z.! BB
g|$GH @d <.& wTOg, Q x! O*? *;TBO
BkE gkGB DO
EZ:VB g.(trusted root). SSL(Secure Sockets Layer)
!- CA(Certificate Authority)G xk 0 W ,|H 80 L
'
Nu-(certificate). C:[ 8H!- xk 0& Nu-R/Z
G ID! YNeO) Nu-R/Z& NuR v V5O OB p
vP .-. Nu-B CA(Certificate Authority)!- _^UOY.
Nu(authentication). (1) C:[ 8H!- gkZ ID GB g
kZG @j'. W<: GQ; .NOB M. (2) C:[ 8H!
- ^Cv! /f GB UsGv JRBv .NOB M. (3) C
:[ 8H!- $8 C:[ GB 8# ZxG gkZ& .NO
kn 77
b 'X gkOB AN<:.
(authentication) W
u
N8L2U. -q:(entitlement service). A0C^ GB 6G
<.G \N R:NNM N8L2U.&.OOb 'X gkR v
VB GQ API 18S C/WN. N8L2U.B 8k /$ f
D8N Zx |.Z nC.ILG!-RqOE**_! GQA
N<:!- gkOb 'XA0C^G GQ $8! _!R nC
.ILG /$ %LMTOY. m4: GQ ADK& gkO) L
/Q -q:& 3_R v V@OY.
N8L2U.(entitlement). \N-H 8H policy $8& wT
OB %LM 86. GQ!B /$ nC.ILG8N LXR v V
B fD8N |D-H bI GB policy %LM! V@OY.
NM] ANd]:(Internet suite of protocols). NM]!-
gkOb 'X 3_Gn IETF(Internet Engineering Task Force)
& kX RFC(Requests for Comment)N x3H ANd] <.
Y_ dR Nu,W.v) b] N
\h0 Nu
(authentication) |6
m0(cookie). -v! ,sLp. C:[! zeOm DS<G
!- W<:OB $8. m0B -v! ,sLp.! kQ /$$
8& boR v VT UOY.
)b 6$ !I(scalability). Zx! W<:OB gkZ vG u
!! @dOb 'Q W.v) C:[ bI
0 %LM#L: DO(key database file).
6
0 5(key ring). C:[ 8H!- xk 0, 3Nk 0, EZ:
VB g. W Nu; wTOB DO
0 V(key pair). C:[ 8H!- xk 0 W 3Nk 0. O
#-! 0 V; gkR ', [EZB xk 0& gkO) ^C
v& O#-Om, vEZB 3Nk 0& gkO) ^Cv& O#
X6UOY. -m! 0 V; gkR ', -mZB 3Nk 0& g
kO) ^Cv %C& O#-Om, vEZB xk 0& gkO)
-m .N; 'X ^Cv %C& O# X6UOY.
0 5
(key ring) |
Z
Z? 3!(silent installation). ^Cv& \V! 8;v Jv8
kE NW DO! ^CvM@y& zeOB 3!. GQ Z? 3
!!-B %LM TB;'X @d DO; gkR v V@OY.
@d DO
Zx@j'.(resource object). G& W.v) Zx(9: -q
:, DO W ANW%)G %C
Z< nO(self-registration). gkZ! JdQ %LM& TBR
v Vm|.ZG |) xL nOH Tivoli Access Manager g
kZ! I v VB AN<:
"Ln(suffix). NCN 8/OB p:d. h~ 86!- G '
Wq; D0OB 80 L'. LDAP(Lightweight Directory
Access Protocol)!- gkGB sk{L'v$ fD8N NX,
L "LnB p:d. h~ 86 ;G Y%pg Wq! {kK
OY. p:d. -v!B NCN 8/GB p:d. h~ 86 "
"; D0OB )/ 3G "Ln! V; v V@OY.
6 ! (action). ACL(Access Control List) GQ S:.
ACL(Access Control List) |6
(response file) |6
0 5
0 DO(key file).
0(key). C:[ 8H!- %LM O#- W O# X6;'X
O#- Km.r!- g kOB OCG b#.
xk 0
key) W
(public key) |6
(key ring) |6
3Nk 0
(private
8
d+(token). (1) YE. kEA!- :WLGLSCN |[ E
< &n O! V=; %COb 'X %LM :WLG #!,S
{8N |^GB GQ b#. ""G %LM :WLG!B E<&
&nOb 'X d+; 9fOm gkR b8! V@OY. d+:
|[ GQ; K.B /$ ^Cv GB q.POTOY. (2) Y
E. kEA(LAN)!- |[ E<M T2 pYL: #! |^G
B q. Cv:. d+! %LM! _!H fl, L d+: A9
SL KOY.
D
wP(portal). /$ gkZG W<: GQ; b]8N, /$ g
kZ! gk !IQ %Zx(9: 5), ;k GB -q:)G g
kZ $G qO; ?{8N [:OB kU % gL.
+
AWLJ @j'.(container object). @j'. x#; 05G
bI region! 8:OB 86{ v$
z5(polling). %LMG|[ )N& a$Ob 'X %LM#L
:& $b{8N 6gOB AN<:
78 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
O
#:.(host). W.v)(9: NM] GB SNA W.v))!,
aGn Vm W W.v)! W<:OB v!; &xOB C:[.
GQ #:.B /f! {s W.v)G _S }_-H &n& &
xR v5 V@OY. #:.B ,sLp. -v, GB ?C! ,
sLp.M -v QY! I v V@OY.
A
ACL. ACL(Access Control List) |6
ACL(Access Control List). C:[ 8H!- @j'.! W
<:R v VB pg V<M Xg W<: GQ; D0OB @j
'.M,|GB qO. 9& in, ACL: DO! W<:R v
VB gkZ& D0Om L DO! kX gkZ!!vm VB
W<: GQ; D0OB DOz ,|H qOTOY.
B
BA.
b; Nu
(basic authentication) |6
C
CA. CA(Certificate Authority) |6
CA(Certificate Authority). N u- & _ ^O B b|.
CA(Certificate Authority)B Nu-R/ZG IDM W R/Z
!T gk GQL N)H -q: Nu, u Nu- _^, b8 N
u- g_^, gkR GQL u Ls xB gkZG Nu- s
b n; v`UOY.
CGI(Common Cateway Interface). HTTP d;; kX %
-v!- nC.ILG8N $8& |^OB :)3.& $GO
b 'Q NM] %X. ]kG fl5 6y!vTOY. CGI :)
3.B :)3. pn(9: Perl)N [:H CGI ANW%TOY.
D
DN.
80 L'
(distinguished name:DN) |6
E
EAS.
\N GQ -q:
(External Authorization Service) |6
F
FTP(File Transfer Protocol). NM] ANd]:!- C:[
L* #:. gL! k. %LM DO; |[Ob 'X TCP W
Telnet -q:& gkOB nC.ILG h~ ANd]
G
GSO. GSO(Global Signon) |6
H
HTTP. HTTP(Hypertext Transfer Protocol) |6
HTTP(Hypertext Transfer Protocol). NM] ANd]:!
- OL[X:. .-& |[Om %COb 'X gkOB AN
d]
CDAS. CDAS(Cross Domain Authentication Service) |6
CDAS(Cross Domain Authentication Service). b;
WebSEAL Nu ^?Or;, Tivoli Access Manager ID&
WebSEAL! .OOB gkZ $G AN<:N k< !IOT
OB x/ sLj/.^?Or; &xOB WebSEAL -q:.
WebSEAL |6
CDMF. CDMF(Cross Domain Mapping Framework) |6
CDMF(Cross Domain Mapping Framework). 3_Z!
WebSEA e-Community SSO bI; gkR ' gkZ ID J
N W gkZ S: 3.& gkZ! BT $GR v VT OB
ANW!V NMdL:
CGI. CGI(Common Cateway Interface) |6
I
IP. IP(Internet Protocol) |6
IPC. IPC(Interprocess Communication) |6
IPC(Interprocess Communication). (1) ANW%L -N %
LM& [vEOm 0?; ?b-OB AN<: <6wn, E#
W ;N ^Cv %! AN<: # kEG xk f}TOY. (2)
AN<:! ?OQ C:[ ; GB W.v)& kX Y% AN
<:M -N kER v V5O OB n5 <& ^?Or
IP(Internet Protocol). NM] ANd]:!- %LM& W.
v) GB s# ,aH W.v)& kX sl.Om s' AN
d] h~z G& W.v) gLG _h *R; OB ,a xB
ANd]
kn 79
J
junction. AP.#e WebSEAL -vM i#e % nC.I
LG-v #G HTTP GB HTTPS ,a. WebSEAL: junction
; gkO) i#e -v kE 8# -q:& &xOT UOY.
L
LDAP. LDAP(Lightweight Directory Access Protocol) |6
LDAP(Lightweight Directory Access Protocol). (a) X.500
p(; vxOB p:d.! W<:R v VB GQ; &xOb
'X TCP/IP& gkOm, (b) u 9bQ X.500 DAP(Directory
Access Protocol)GZxd8gW; 87OB 3f ANd].
LDAP& gkOB nC.ILG(p:d. gk !I nC.IL
GLsm5 T): 3N GB -q:! kQ $8(9: |Z lm
VR, xk 0 GB -q: /$ 8: E3/v) Kv;'X x
k %LM zeRN p:d.& gkR v V@OY. LDAPB x
! RFC 1777! v$Gn Vz@OY. LDAP v| 3: RFC
2251! v$Gn V8g, IETFB hSX- _! %X bI! k
X ,8Om V@OY. IETF!- $GQ ON LDAPk %X :
06B RFC 2256!- < v V@OY.
LTPA. LTPA(Lightweight Third Party Authentication) |6
LTPA(Lightweight Third Party Authentication). NM] 5
^N ;! SX VB % -v <.& ED L[ gN B; ck
OB Nu A9Sv)
!5 gkR v V@OY. m4: GQ ADK& gkO) L/
Q -q:& 3_R v V@OY. PAC(Privilege Attribute
Certificate) |6
PAC(Privilege Attribute Certificate). A0C^(gkZ)GN
uz GQ N) S: W A0C^(gkZ)G bI; wTOB p
vP .-
policy. |. Zx! {kGB j <.
Policy Server. 8H 5^N!- Y% -v! kQ '! $8
& /v8vOB Tivoli Access Manager -v
POP. POP(Protect Object Policy) |6
POP(Protect Object Policy). 8# @j'.! W<:R v
V5O ACL policy! ckOB 6[! _! 6G;{kOB 8
H policy /|. POP 6G;{kOB M:Zx |.ZG %
STOY. ACL(Access Control List),
object) W
8# @j'. x#
(protected object space) |6
8# @j'.
(protected
R
RSA O#- C:[(RSA encryption). O#- W Nu! g
kOB xk 0 O#- C:[. 1977b Ron Rivest, Adi Shamir
W Leonard Adleman! GX mHH O#- C:[TOY. N
3G + Rv*v;NvPXOB nArG $5! {s, C:
[ 8HL ^s}OY.
S
M
SSL. SSL(Secure Sockets Layer) |6
MPA(Multiplexing Proxy Agent). )/ ,sLp. W<:
& 6}OB TL.~L. L TL.~LB #$ ,sLp.!
WAP& gkO) 8H 5^N! W<:R fl, WAP(Wireless
Access Protocol) TL.~Lsm5 UOY. TL.~LB x!
-v! \ONuH $N; 3$Om, pg ,sLp. d; W
@d;L$N; kX MN5UOY.
SSL(Secure Sockets Layer). kE AsLvC& &xOB 8
H ANd]. SSL: ,sLp./-v nC.ILGL 5;, #7
W ^Cv '6& fvOb 'X 8inx fD8N kER v
VT UOY. SSL: Netscape Communications Corp.M RSA
Data Security, Inc.!- 3__@OY.
SSO. SSO(Single Signon) |6
P
PAC. PAC(Privilege Attribute Certificate) |6.
PAC -q:(privilege attribute certificate service). g|!
G0H |DG PAC& Tivoli Access Manager GQ $8N, G
B W ]kN //OB GQ API 18S ,sLp. C/WN.
L/Q -q:B 8H 5^NG Y% 8:x!T |[Ob 'X
Tivoli Access Manager GQ $8& P0!OE* $DR fl
80 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
U
URI. URI(Uniform Resource Identifier) |6
URI(Uniform Resource Identifier). Zx L'(p:d. W
DOL'), Zx '!(p:d. W DOL'LVB C:[) W
Zx W<: f} ANd](9: HTTP); wTO) NM]G A
Yw& D0Ob 'X gkGB .Z-. URIG Q 9NB m/
Q Zx '! v$Z, o URLLV@OY.
URL. URL(Uniform Resource Locator) |6
URL(Uniform Resource Locator). C:[ GB NM]z0
: W.v)(9: NM])!- $8 Zx; %COB .Z Cv:.
L .Z Cv:!B (a) $8 Zx! W<:Ob 'X gkOB
ANd]G ``H L'z (b) $8 Zx; #b 'XANd]
!- gkOB $8! V@OY. 9& in, NM] AX:.!
- Li: YgQ $8 Zx! W<:Ob 'X gkOB AN
d]G ``H L'TOY(9: http, ftp, gopher, telnet W news).
IBM ( dLvG URL: http://www.ibm.comTOY.
W
WebSEAL. Tivoli Access Manager m9Le. WebSEAL:
8# @j'. x#! 8H policy& {kOB m:IG Y_ :
9e % -vTOY. WebSEAL: L[ gN B VgG; &x
Om i#e % nC.ILG-v Zx; 8H policy! kU
R v V@OY.
WPM. WPM(Web Portal Manager) |6
WPM(Web Portal Manager). 8H 5^N!- Tivoli Access
Manager b; W WebSEAL 8H policy& |.Ob 'X g
kOB % b] W!H nC.ILG. pdadmin mI` NMd
L:! kQ kH8N, L GUIB x]|.Z W<:& !IO
T Om, |.Z! 'SH gkZ 5^N; [:O) L 5^N
! 'S |.Z& v$R v VT UOY.
kn 81
82 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
Loading...