IBM BEA WebLogic Server User Manual

IBM Tivoli Access Manager for e-business

BEA WebLogic Server

kU H;-

򔻐򗗠򙳰

v|

5.1

SA30-2210-00

IBM Tivoli Access Manager for e-business

BEA WebLogic Server

kU H;-

򔻐򗗠򙳰

v|

5.1

SA30-2210-00

V!

L $8M L $8! vxOB &0; gkOb |!,71dLvG NO C :VGgW;;P8JC@

JG(2003b 11y)

L 3$G: u 3$G! 05N mCOv JB Q, IBM Tivoli Access Manager(&0 x# 5724-C08)G v| 5, 1.: 1, v$
gW 0 W pg DS 1.:M v$gW! {kKOY.

© Copyright International Business Machines Corporation 2003. All rights reserved.

qw

-. ......................................vii

L %G gkZ ..................................vii

L %G ;k ..................................viii

|C -{ ....................................viii

1.: $8 ..................................viii

b; $8 ...................................ix

% 8H $8 ..................................ix

3_Z |6- ..................................x

bz 8f 3m- .................................xi

|C -{ ...................................xi

BsN -{ W<: ................................xv

/v W<: bI .................................xv

RA.~n vx .G ................................xv

L %! gkH T" ................................xvi

[Z< T" ..................................xvi

n5<&! {% /v W fN ............................xvi

& 1 e R3 W 3d ................................1

Tivoli Access Manager 8H p( ............................1

Tivoli Access Manager W WebLogic -v kU .......................2

Tivoli Access Manager Security Service Provider Interface 8:dR ..............3

Policy W *R h!................................5

Zx W *R ..................................5

Tivoli Access Manager Nu gk ...........................6

Nk W (g ...................................8

EZ:, !k:, )b 6$ !I: ............................8

& 2 e 3! vCgW ...............................11

vxGB C'{ ..................................11

p:) W ^p. d8gW ..............................11

g| 3! RA.~n ................................12

Tivoli Access Manager Policy Server .........................12

Tivoli Access Manager Authorization Server ......................12

Tivoli Access Manager WebSEAL GB Tivoli Access Manager Plug-in for Web Servers ......13

BEA WebLogic Server ..............................13

Tivoli Access Manager Java 18S .........................14

3! 6}g& gkO) 3! .............................14

install_amwls IG ................................16

xC /?.<& gkO) 3! .............................17

AIX! 3! ..................................17

HP-UX! 3! .................................18

Solaris! 3! .................................19

© Copyright IBM Corp. 2003 iii

Windows! 3! ................................20

& 3 e 8: }w .................................23

& 1 N: Tivoli Access Manager Java Runtime Environment 8: ................23

& 2 N: startWebLogic! kQ CLASSPATH 3$ .....................25

& 3 N: Tivoli Access Manager for WebLogic 8: ....................26

Console Extension Web Application; gkO) Tivoli Access Manager for WebLogic 8:......26

mI`!- Tivoli Access Manager for WebLogic 8: ...................28

& 4 N: Tivoli Access Manager |' 8: ........................29

Console Extension Web Application; gkO) Tivoli Access Manager |' 8: .........29

mI`!- Tivoli Access Manager |' 8: ......................30

& 5 N: BEA WebLogic Server L[ gN B 8: .....................32

WebSEAL $G; gkO) L[ gN B 8: ......................32

Tivoli Access Manager Plug-in for Web Servers& gkO) L[ gN B 8: ..........33

& 6 N: ,/:MH /f; wTO) BEA WebLogic Server Y_ -v /f!- Tivoli Access Manager for

WebLogic 8: ..................................34

& 7 N: 8: W:. ................................34

& 4 e L[ gN B gk !I ............................37

Tivoli Access Manager WebSEAL; gkQ L[ gN B ...................37

& 5 e |. B:) ................................39

Tivoli Access Manager Authorization Server!- N8L2U. -q: gk .............39

Tivoli Access Manager for WebLogic!- gkZ W Wl |. .................40

%p nC.ILG gk ...............................41

gk A.....................................43

38 C5 NWB policy ...............................44

Tivoli Access Manager |' h& ...........................45

Tivoli Access Manager for WebLogic 8: X& ......................46

.&! Xa A ..................................46

gD b] NWN; gkOB L[ gN B GP ......................46

WebLogic -v! ^p. 9\! _}T ........................47

&QgW ....................................47

KAx .&! W.&Xa f} ............................48

& 6 e &E vCgW ...............................49

Solaris!- &E..................................49

Windows!- &E .................................50

AIX!- &E ..................................50

HP-UX!- &E .................................51

NO A. /: DO |6 ...............................53

amsspi.properties .................................53

rbpf.properties ..................................55

amwlsjlog.properties ................................60

NO B. mI |% |6 ...............................63

AMWLSConfigure -action config ...........................64

iv IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-

AMWLSConfigure -action unconfig ..........................66

AMWLSConfigure -action create_realm .........................67

AMWLSConfigure -action delete_realm .........................69

NO C. VGgW .................................71

s% ......................................73

kn ......................................75

vN ......................................83

qw v

vi IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-

-.

IBM®Tivoli®Access Manager for BEA®WebLogic Server®(LDNB Tivoli Access
Manager for WebLogic)& gkOCT H M; /5UOY. L &0: IBM Tivoli
Access ManagerG bI; .eO) BEA WebLogic Serverk8N [:H nC.I
LG; vxUOY.

®

IBM

Tivoli®Access Manager(Tivoli Access Manager)B IBM Tivoli Access
Manager &0:!- nC.ILG; G`OB % JdQ b; RA.~nTOY. L &
0: IBM Tivoli Access Manager nC.ILG; kUO) $|'Q GQ N) W
|. VgG; &xUOY. kU VgG8N GEGB Li &0: e-business nC.

ILG;'Q W.v) W nC.ILG 8H policy& _S }_D8N |.OB W
<: &n |. VgG; &xUOY.

®

V: IBM Tivoli Access ManagerB L| Tivoli SecureWay

Policy DirectorG u

Nn L'TOY. Tivoli SecureWay Policy Director RA.~n W.-!- g
kQ

|. -v

& L&NM Policy ServerN N(OY.

L %G gkZ

IBM Tivoli Access Manager for WebLogic Server

gkZ H;-

!B BEA WebLogic

Server! VB IBM Tivoli Access Manager gk! kQ 3!, 8: W |. vCg
WL *M V@OY.

L %: Y= gkZ& ks8N UOY.

v 8H |.Z

v W.v) C:[ |.Z
v IT 3hZ

gkZBY=! kX _ Km Vn_ UOY.

v HTTP, TCP/IP, FTP W Telnetz0:NM] ANd]
v WebLogic Server C:[G h! W |.

v Nu W GQ N)& wTQ 8H |.

SSL(Secure Sockets Layer) kE; gkOB fl, SSL ANd], 0 3/(xk W
3Nk), pvP /:, O#- Km.r W CA(Certificate Authority)! kX _ Km

Vn_ UOY.

© Copyright IBM Corp. 2003 vii

L %G ;k

L %: Y=z0L 8:Gn V@OY.

v & 1 e,“R3 W 3d”

Tivoli Access Manager for WebLogicL &xOB Nu W GQ -q:G 3d&
R3UOY.

v & 2 e,“3! vCgW″

Tivoli Access Manager for WebLogic; 3!OB f}! kX 3mUOY.

v & 3 e, ″8: }w”

Tivoli Access Manager for WebLogic; 8:OB f}! kX 3mUOY.

v & 4 e,“|. B:)”

%C nC.ILG; gkOB f}! kX 3mOm, gk A, .&! Xa $8 W
&QgW; &xUOY.

v & 5 e,“&E vCgW”

Tivoli Access Manager for WebLogic; &EOB f}! kX 3mUOY.

|C -{

n2 %L 5rL GBv G0OAi Tivoli Access Manager sLj/., UzPn
_ R % W |C %G 3m; KdOJC@. JdQ %; G0Q D BsN -{ W<

:! kQ vCgW; |6OJC@.

IBM Tivoli Access Manager for e-business &0 Z<! kQ _! $8BY=!

- #; v V@OY.

http://www.ibm.com/software/tivoli/products/access-mgr-e-bus/

Tivoli Access Manager sLj/.BY=z0L 8:Gn V@OY.

v :1.: $8;
v ix dLvG :b; $8;
v ix dLvG :% 8H $8;
v x dLvG :3_Z |6-;
v xi dLvG :bz 8f 3m-;

1.: $8

v IBM Tivoli Access Manager for e-business Read This First(GA30-2205-00)

Tivoli Access Manager 3! W C[Ob! kQ $8& &xUOY.

v IBM Tivoli Access Manager for e-business

IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-

viii

3!Ob |!

(GA30-2206-00)

b; $8

RA.~n &QgW, .& Xa 8f 3m W.- ;EgWz0: VE $8& &
xUOY.

v IBM Tivoli Access Manager

Web Portal Manager NMdL:& wTQ Tivoli Access Manager b; RA.

~nG 3! W 8: f}! kX 3mUOY. L %: IBM Tivoli Access Manager
for e-business

for Business Integration W IBM Tivoli Access Manager for Operating Systems
M 0: b8 Tivoli Access Manager &0z T2 gkOb 'Q %TOY.

v IBM Tivoli Access Manager Base Administration Guide(SC32-1360-00)

Tivoli Access Manager -q: gk! kQ 3d W }w! kX 3mUOY.
pdadmin mI; gkO) Web Portal Manager NMdL:!- B:)& v`O
B $8& &xUOY.

% 8H $8

v IBM Tivoli Access Manager for e-business

Tivoli Access Manager b; RA.~n W % 8H 8:dR! kQ 3!, 8:
W &E vCgW; &xUOY. L %: IBM Tivoli Access Manager

H;-

v IBM Tivoli Access Manager Upgrade Guide(SC32-1369-00)

% 8H 3! H;-

G v[<.TOY.

b; 3! H;-

(SA30-2207-00)

G -j<.Lg, IBM Tivoli Access Manager

% 8H 3! H;-

(SA30-2208-00)

b; 3!

Tivoli SecureWay Policy Director v| 3.8 GB Tivoli Access ManagerGL
| v|; Tivoli Access Manager v| 5.1N wW9LeOB f}; 3mUOY.

v IBM Tivoli Access Manager for e-business WebSEAL Administration

Guide(SC32-1359-00)

WebSEAL; gkO) 8H % 5^NG Zx; |.OB [w! |Q iWsne
Za, |. }w W bz |6$8& &xUOY.

v IBM Tivoli Access Manager for e-business IBM WebSphere Application Server

kU H;-

Tivoli Access Manager& IBM WebSphere

(SA30-2209-00)

®

Application ServerM kU! kQ

3!, &E W |. vCgW; &xUOY.

v IBM Tivoli Access Manager for e-business IBM WebSphere Edge Server

(SA30-2211-00)

H;-

kU

Tivoli Access Manager& IBM WebSphere Edge Server nC.ILGz kU!

kQ 3!, &E W |. vCgW; &xUOY.

v IBM Tivoli Access Manager for e-business Plug-in for Web Servers Integration

Guide(SC32-1365-00)

-. ix

% -vk C/WN; gkO) % 5^N 8H;'Q 3!, |. }w W bz |

6$8& &xUOY.

v IBM Tivoli Access Manager for e-business BEA WebLogic Server

(SA30-2210-00)
Tivoli Access Manager& BEA WebLogic ServerM kU! kQ 3!, &E W

|. vCgW; &xUOY.

v IBM Tivoli Access Manager for e-business IBM Tivoli Identity Manager

Provisioning Fast Start Guide(SC32-1364-00)

Tivoli Access Manager W Tivoli Identity Manager kU! |CH B:)G 3
d& &xOm Provisioning Fast Start ]:GG gk W 3! f}; 3mUOY.

3_Z |6-

v IBM Tivoli Access Manager for e-business Authorization C API Developer

Reference(SC32-1355-00)

Tivoli Access Manager GQ N) C API W Tivoli Access Manager -q: C
/WNNMdL:& gkO) Tivoli Access Manager 8H; nC.ILG! _
!OB f}; 3mOB |6 Za& &xUOY.

v IBM Tivoli Access Manager for e-business Authorization Java Classes Developer

Reference(SC32-1350-00)

GQ N) APIG Java
Manager 8H; gkOB f}! kX |6$8& &xUOY.

kU H;-

™

pn 8v; gkO) nC.ILGL Tivoli Access

v IBM Tivoli Access Manager for e-business Administration C API Developer

Reference(SC32-1357-00)

|. API& gkO) nC.ILGL Tivoli Access Manager |. B:)& v`
OB f}! kX |6$8& &xUOY. L .-!-B |. APIG C 8v! k
X 3mUOY.

v IBM Tivoli Access Manager for e-business Administration Java Classes Developer

Reference(SC32-1356-00)

GQ N) APIG Java pn 8v; gkO) nC.ILGL Tivoli Access Manager

|. B:)& gkR v VB [w! |Q |6$8& &xUOY.

v IBM Tivoli Access Manager for e-business Web Security Developer Reference

(SC32-1358-00)
CDAS(Cross-Domain Authentication Service), CDMF(Cross-Domain Mapping

Framework) W Password Strength pb! kQ |. W ANW!V $8& &x
UOY.

IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-

x

bz 8f 3m-

v IBM Tivoli Access Manager for e-business Command Reference(SC32-1354-00)

Tivoli Access ManagerM T2 &xGB mI` /?.< W :)3.! |Q $
8& &xUOY.

v IBM Tivoli Access Manager Error Message Reference(SC32-1353-00)

Tivoli Access Manager!- }:GB ^CvG 3mz Ge 6!& &xUOY.

v IBM Tivoli Access Manager for e-business Problem Determination

Guide(SC32-1352-00)

Tivoli Access Manager! |Q .&! G0 $8& &xUOY.

v IBM Tivoli Access Manager for e-business Performance Tuning

Guide(SC32-1351-00)

gkZ 9v:..N $GH IBM Tivoli Directory ServerM T2 Tivoli Access
ManagerN 8:GB /f! |Q :I 6$ $8& &xUOY.

|C -{

L}!-B Tivoli Access Manager sLj/.M |CH -{; *-UOY.

Tivoli Software Library!-B white papers, datasheets, demonstrations, redbooks

W announcement lettersM 0: YgQ Tivoli .-& &xUOY. Y=%gL.!

- Tivoli Software Library& gkR v V@OY.

http://www.ibm.com/software/tivoli/library/

Tivoli Software Glossary!B Tivoli RA.~n! |CH bz kn! $GGn V
@OY. Tivoli Software GlossaryBY='!!- 5nN8 < v V@OY. Tivoli
Software Library(http://www.ibm.com/software/tivoli/library/)! VB Glossary 5)
& )#JC@.

IBM Global Security Kit

Tivoli Access ManagerB IBM Global Security Kit(GSKit) v| 7.0; kQ %L
M O#- bI; &xUOY. GSKitB /$ C'{! kQ IBM Tivoli Access

Manager Base CDM IBM Tivoli Access Manager Web Security CD, IBM Tivoli
Access Manager Web Administration Interfaces CD W IBM Tivoli Access Manager
Directory Server CD! wTGn V@OY.

GSKit P0vB 0 %LM#L:, xk-3Nk 0 V W Nu d;;[:OB % g
kGB iKeyman 0 |. /?.< gsk7ikm; &xUOY. Y= -{: Tivoli

Information Center % gL.! VB IBM Tivoli Access Manager &0 .-M 0
:}!- < v V@OY.

-. xi

v IBM Global Security Kit Secure Sockets Layer and iKeyman User’s

Guide(SC32-1363-00)

Tivoli Access Manager /f!- SSL kEL !IO5O h9OB W.v) GB
C:[ 8H |.Z& 'Q $8& &xUOY.

IBM Tivoli Directory Server

IBM Tivoli Directory Server, v| 5.2B gkOB n5 <&G IBM Tivoli Access
Manager Directory Server CD! wTGn V@OY .

V: IBM Tivoli Directory ServerB L|! Y=G L'8N 1.:Gzx RA.~

nG uNn L'TOY.

v IBM Directory Server(v| 4.1 Wv| 5.1)
v IBM SecureWay Directory Server(v| 3.2.2)

IBM Directory Server v| 4.1, IBM Directory Server v| 5.1 W IBM Tivoli
Directory Server v| 5.2B pN IBM Tivoli Access Manager v| 5.1! GX v
xKOY.

IBM Tivoli Directory Server! |Q _! $8BY=!- #; v V@OY.

http://www.ibm.com/software/network/directory/library/

IBM DB2 Universal Database

IBM DB2®Universal Database™Enterprise Server Edition, v| 8.1: IBM Tivoli
Access Manager Directory Server CD!- &xGg IBM Tivoli Directory Server

™

RA.~nM T2 3!KOY. IBM Tivoli Directory Server, z/OS

GB OS/390
LDAP -v& Tivoli Access ManagerG gkZ 9v:..N gkR fl DB2B J
v gWTOY.

DB2! |Q _! $8BY=!- #; v V@OY.

http://www.ibm.com/software/data/db2/

IBM WebSphere Application Server

IBM WebSphere Application Server, Advanced Single Server Edition 5.0: gk

OB n5 <&G IBM Tivoli Access Manager Web Administration Interfaces CD
! wTGn V@OY. WebSphere Application ServerB Tivoli Access Manager&

|.OB % gkGB Web Portal Manager NMdL:M IBM Tivoli Directory Server
& |.OB % gkGB % |. x; Q Y vxR v V5O UOY. Tivoli Access

Manager!B IBM WebSphere Application Server v$Q 25 JdOg, LB IBM
Tivoli Access Manager WebSphere Fix Pack CD!- &xKOY.

®

IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-

xii

IBM WebSphere Application Server! |Q _! $8BY=!- #; v V@O
Y.

http://www.ibm.com/software/webservers/appserv/infocenter.html

IBM Tivoli Access Manager for Business Integration

IBM Tivoli Access Manager for Business Integration: 05N V.R v VB &
08N, IBM MQSeries

^Cv& &xUOY. IBM Tivoli Access Manager for Business Integration: [v
E nC.ILGz ,|H 0& gkO) WebSphere MQSeries nC.ILGL As

LvCM +a:; !vm % LM& [ER v V5O UOY. WebSEAL W IBM
Tivoli Access Manager for Operating Systems, IBM Tivoli Access Manager for
Business Integration33, IBM Tivoli Access ManagerG -q:& gkOB Zx |
.Z _ O*TOY.

IBM Tivoli Access Manager for Business Integration! |Q _! $8BY=!

- #; v V@OY.

http://www.ibm.com/software/tivoli/products/access-mgr-bus-integration/

®

v| 5.2 8H VgGz IBM WebSphere®MQ v| 5.3

IBM Tivoli Access Manager for Business Integration v| 5.1! kQ |C .-
B Tivoli Information Center % gL.! V@OY.

v IBM Tivoli Access Manager for Business Integration

|. H;-

v IBM Tivoli Access Manager for Business Integration

(SA30-1825-01)

.&! G0 H;-

(GA30-2064-00)

v IBM Tivoli Access Manager for Business Integration

3!Ob |!

(GA30-1827-01)

v IBM Tivoli Access Manager for Business Integration Read This First

(GA30-2063-00)

IBM Tivoli Access Manager for WebSphere Business

Integration Broker

IBM Tivoli Access Manager for Business IntegrationGONN gkR v VB IBM
Tivoli Access Manager for WebSphere Business Integration BrokerB WebSphere
Business Integration Message Broker, v| 5.0 W WebSphere Business Integration
Event Broker, v| 5.0! kQ 8H VgG ; &xUOY. IBM Tivoli Access
Manager for WebSphere Business Integration BrokerB Tivoli Access ManagerM

aUO) O# W GQ $8 b; Nu, _S!- $GH GQ W (g -q:& &x
T8Na JMS x3/E; nC.ILG; 8#OB 6[; UOY.

IBM Tivoli Access Manager for WebSphere Integration Broker! |Q _! $8

BY=!- #; v V@OY.

-. xiii

http://www.ibm.com/software/tivoli/products/access-mgr-bus-integration/

IBM Tivoli Access Manager for WebSphere Integration Broker, v| 5.1! kQ
Y= |C .-B Tivoli Information Center % gL.!- gkR v V@OY.

v IBM Tivoli Access Manager for WebSphere Business Integration Brokers

Administration Guide(SC32-1347-00)

v IBM Tivoli Access Manager for WebSphere Business Integration Brokers

Ob |!

(GA30-2194-00)

3!

v IBM Tivoli Access Manager for Business Integration Read This First

(GA30-2063-00)

IBM Tivoli Access Manager for Operating Systems

IBM Tivoli Access Manager for Operating SystemsB 05N V.R v VB &0
8N, b; n5<&!- &xOB h~ L\! UNIX C:[!- GQ N) policy C

` h~; &xUOY. IBM Tivoli Access Manager for Operating SystemsB
WebSEAL W IBM Tivoli Access Manager for Business Integration33 IBM Tivoli
Access ManagerG -q:& gkOB Zx |.Z _ O*TOY.

IBM Tivoli Access Manager for Operating Systems! |Q _! $8BY=!-
#; v V@OY.

http://www.ibm.com/software/tivoli/products/access-mgr-operating-sys/

IBM Tivoli Access Manager for Operating Systems v| 5.1G Y= .-B Tivoli
Information Center % gL.! V@OY.

v IBM Tivoli Access Manager for Operating Systems
v IBM Tivoli Access Manager for Operating Systems
v IBM Tivoli Access Manager for Operating Systems

(SA30-1842-01)

v IBM Tivoli Access Manager for Operating Systems
v IBM Tivoli Access Manager for Operating Systems Read Me(GA30-1844-01)

IBM Tivoli Identity Manager

IBM Tivoli Identity Manager v| 4.5B 05N V. !IQ &08N, L& gkO
) gkZ(9: gkZ ID W O#)& _S!- |.Om ANqzW(o, nC.ILG,

Zx GB n5 <&! kQ W<:& &x GB kR)R v V@OY. Tivoli Identity
ManagerB Tivoli Access Manager Agent& kX Tivoli Access ManagerM kU
R v V@OY. Agent 8E! |Q Z<Q $8B IBM cgZ!T .GOJC@.

IBM Tivoli Identity Manager! |Q Z<Q $8BY=!- #; v V@OY.

IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-

xiv

3!H;-

|.H;-

(SA30-1841-01)
(SA30-1840-01)

.&! G0 H;-

3!Ob|!

(GA30-1843-01)

BsN -{ W<:

/v W<: bI

http://www.ibm.com/software/tivoli/products/identity-mgr/

&0 sLj/.G -{: Y= Tivoli software library! PDF GB HTML |D8
N in V@OY.

http://www.ibm.com/software/tivoli/library

&0 sLj/.! W<:OAi Product manuals 5)& )#JC@. Tivoli Software
Information Center! VB &0 L'; #F )#JC@.

&0 -{: 3!Ob |!, 3! H;-, gkZ H;-, |.Z H;- W 3_Z |
6-& wTUOY.

V: PDF .-& NbR fl, Adobe Acrobat Nb k- sZ(DO → Nb& )#i

%CJ)!- dLv! B_b& 1CO) NbOJC@.

/v W<: bI: E?L RmOE* C" eV n E<{ aTLVB gkZ! R
A.~n &0; gkR v V5O 5M]OY. L &0!-B 86 bz; gkO)
NMdL:G R.& hm =vR v V@OY. GQ 6l: kE 08e& gkO)
W!H gkZNMdL:G pg bI; 6[R v V@OY.

RA.~n vx .G

Tivoli &0! .&! VB fl, IBM Tivoli Software Support! .GR v V@O
Y. Y=%gL.!- Tivoli Support 5)& -/ IBM Tivoli Software Support&

|6OJC@.
http://www.ibm.com/software/support/

vxL JdQ fl, Y=%gL.!- IBM Software Support Guide! 3mQ f
}; gkO) RA.~n vx! .GOJC@.

http://techsupport.services.ibm.com/guides/handbook.html

' -{: .&!G I"5! {% IBM Software Support! .GOB f} W Y=
z0: $8& &xUOY.

v nO W {U:

v gkZ! SQ 9!G|-x# W |Z lm VR

v vx; d;Ob |! KF_ R $8

-. xv

L %! gkH T"

L %!-B /v knM 6!, n5<&0 mIzfN! kX )/ T"; gkUO
Y.

[Z< T"

L %!-BY=z0: [Z< T"L gkKOY.
=T X:. ;! %CGB R.Z W kR.Z %U mI, 0ve, E3/v, IG,

boSC

pk:dL:

n5<&! {% /v W fN

Java ,!: L' W @j'.B =T %CKOY.

/v, -{ &q, -6OB }L* \nB

X:. ;! %CGB p:d., DO, bB, mI`, Ze 9&, C:[ ^C
v, TBX_ OB X:. W Nv* GB mI IG: pk:dL:N %C

KOY.

boSC

N %CKOY.

L %!-B p:d. %b W /f /v v$! UNIX T"; gkUOY. Windows
mI; gkR flB, /f /vG $variable; %variable%N YYm, p:d. fN

G =!C(/)& i=!C(\)N YYJC@. Windows C:[!- bash ); gkR f
l, UNIX T"; gkOJC@.

xvi

IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-

& 1 e R3 W 3d

Tivoli Access Manager for WebLogic: Tivoli Access ManagerG 8H bI; g
kO) BEA WebLogic Server nC.ILG! kQ W<:& 8#OB Tivoli Access
Manager! kQ .eTOY. BEA WebLogic Server Security Service Provider
Interface& gkR fl, Tivoli Access Manager for WebLogic: Tivoli Access
Manager!|.OB gkZ 9v:..& gkO) ,sLp.& NuUOY.IBM
Tivoli Access Manager WebSEAL(WebSEAL) GB IBM Tivoli Access Manager
Plug-in for Web Server& gkO) O] gkZ L[ gN B! kQ vx; &xO
5O Tivoli Access Manager for WebLogicG 8H bI; .eR v V@OY.

Tivoli Access Manager for WebLogic; gkO) WebLogic -v nC.ILG:

Zy GB h!& /fRJdxL Tivoli Access Manager 8H; gkR v V@O
Y.

Tivoli Access Manager for WebLogic; 3!Ob |! Tivoli Access Manager 8
H 5^N; h!X_ UOY.

Tivoli Access Manager! MwOv J: gkZB 8H 5^N; h!Ob |! Tivoli
Access Manager 8H p(; KdX_ UOY. )b!B 8H p(! kQ #\Q d
`L &xKOY.

Tivoli Access Manager 8H p(

Tivoli Access ManagerB v*{8N PjH N.s] W M:.s]! VB Zx;
6zOT 8#X VB O|Q GQ W W.v) 8H policy |. VgGTOY.

Tivoli Access ManagerB V7\G 8H policy |.& &xUOY. GQ Nu, GQ,
%LM 8H, Zx |. bI; vxUOY. Tivoli Access Manager& %X NM] b

] nC.ILGz T2 gkO) El H|Om _ |.GB N.s] W M:.s]
; teR v V@OY.

Tivoli Access ManagerBY=; &xUOY.

v Nu A9Sv)

Tivoli Access ManagerB Nu, b; Nu, gD W HTTP lu& wTQ $|'
Q Nu ^?Or; vxUOY.

v GQA9Sv)

Tivoli Access ManagerB GQ policy |.& 'QA9Sv)& &xUOY. GQ
policyB _S!- |.Gg #MAsLn |<G W<: {k v!8N Z? Ph

© Copyright IBM Corp. 2003 1

KOY. Tivoli Access Manager GQ -q:B xC Tivoli Access Manager -v
W -eD<(third-party) nC.ILGG W<: d;! kQ

OY.

WebSEAL:%b] Zx! kQ Tivoli Access Manager Zx 8H |.ZTOY.
WebSEAL: 8# %Zx! <P-H 8H;{kOB m:I V<:9e % -vT
OY.

Tivoli Access Manager Plug-in for Web ServersB Tivoli Access ManagerM k

UO) %ZxG|< 8H VgG; &xUOY. L C/WN: % -vM ?OQA
N<:G D.N 6[O) 5xOB " d;;NMA.Om GQ a$L JdQv )

N& a$Og JdOi gkZNu v\; &xUOY.

Tivoli Access Manager Plug-in for Web Servers W WebSEAL; QY L[ gN

B VgG; &xOm % nC.ILG Zx;ZEG 8H policy! kUC3 v V
@OY.

IBM Tivoli Access Manager! kQ .-& KdO) h! a$; ;.B % JdQ
$8& wTO) Tivoli Access Manager! kX u Z<OT ho v V@OY. L

%G -.!B |C Tivoli Access Manager .-G qOL wTGn V@OY.

ckWEN

& a$U

Tivoli Access Manager W WebLogic -v kU

Tivoli Access Manager for WebLogic, v| 5.1: Y=; vxUOY.

v BEA WebLogic Server v| 7.0 SP2
v BEA WebLogic Server v| 8.1 SP1

Tivoli Access Manager for WebLogic v| 5.1: SSPI(Security Service Provider
Interface)& gkO) BEA WebLogic Server! kQ |< 8H A9Sv)& &x
UOY.

V: Tivoli Access Manager for WebLogic v| 5.1: BEA WebLogic Server g

kZ $G |'& vxOv J@OY. BEA WebLogic Server gkZ $G |'
! kQ vx: Tivoli Access Manager for WebLogic v| 4.1G D.TOY.

BEA WebLogic ServerB -eD<(thrid-party) 8H &xZ(9: Tivoli Access Manager
for WebLogic)G SSPI& &xO) ZEG 8H bI; BEA WebLogic Server 8
6!O|w kUC5OY.

IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-

2

Tivoli Access Manager Security Service Provider Interface 8:d
R

Tivoli Access Manager for WebLogic:[:H b;8H |'& " BEA WebLogic
Server 8H 5^Nz YYm Y=z0: BEA WebLogic Server 8H &xZ& &
xUOY.

v Nu&xZ

v GQ &xZ

v *R JN &xZ

Tivoli Access Manager for WebLogic: b; BEA WebLogic Server GQ $8

JN 8H &xZ W b; 0:dn& gkUOY.

'! *-H " &xZB GQ WebLogic \V; kX 8: m}; R v VT OB

Management Bean(MBean); wTUOY. F!G}!-B Li " &xZ W
MBeanL &xOB bI! kX Z<w 3mUOY.

Tivoli Access ManagerBY= kU v!! BEA WebLogic Server& &xUOY.

Nu&xZ

Tivoli Access Manager for WebLogic Nu&xZB BEA WebLogic Server \x
Nu; 8vUOY. \x Nu!- gkZB gkZL' W O# 6U; gkO) BEA

WebLogic Server! kX NuOAB C5& UOY. Tivoli Access ManagerB Tivoli
Access Manager Java 18S 8:dR& gkO) L gkZL' W O#& !KU
OY.

Tivoli Access Manager for WebLogic: GQ WebSEAL GB Tivoli Access Manager
Plug-in for Web Servers L[ gN B bI; &xOB % gkGB Z< NWN p

b; &xUOY. L[ gN B bI gk !I! kQ <NgW: 37 dLvG & 4
e :L[ gN B gk !I;! wTGn V@OY.

Tivoli Access Manager for WebLogic! kQ Nu&xZB )/ 8:dRN Lg
n. V@OY.

v Nu&xZ

IBM Tivoli Access Manager for WebLogic Server Nu&xZ& WebLogic 8
H A9Sv)! kUC5OY.

v JAAS(Java Authentication and Authorization Service) NWN pb

\x W L[ gN B Nu; v`UOY. JAAS NWN pb: JAAS %XL v$
QA0C^(gkZ)N $vxV&&.OUOY. Tivoli Access Manager for

& 1 e R3 W 3d 3

WebLogic:Z< NWN pb; &xOB%, L pb: Tivoli Access Manager
Java 18S 8:dR& gkO) Tivoli Access Manager Authorization Server!
kX NuUOY.

v Nu MBean

WebLogic \V; kX Nu&xZ& 8:R v V5O UOY. GQ gkZ!
Tivoli Access Manager for WebLogic \V .e; gkO) gkZ& _!Om
h&OB Mz 0: gkZ 9v:.. |. B:)& v`R v V5O UOY.

GQ &xZ

GQ &xZB BEA WebLogic ServerM\N GQ -q: #GNMdL:& &xU
OY. GQ &xZB BEA WebLogic Server Zx! kQ W<:! ckGBv GB

ENGBv )N& G0UOY. W<: a$: Tivoli Access Manager Java 18S 8
:dR& gkO) PhH PDPermission ,!:& gkO) [:KOY.

Tivoli Access Manager for WebLogic! kQ GQ &xZBY= 8:dRN Lg

n. V@OY.

v GQ &xZ

GQ &xZ& WebLogic 8H A9Sv)! kUC5OY. Tivoli Access Manager

for WebLogic GQ &xZB BEA WebLogic Server Zx! kQ W<:& &n
R S8 FOs Tivoli Access Manager @j'. x#! policy h! W Tivoli
Access Manager @j'. x#!- policy &E& 3.UOY.

v GQ MBean

WebLogic \V; kX GQ &xZ& 8:R v V5O UOY. WebLogic \V
; kQ policy [: W h&M 0: 6[; O5O #bI v5 V@OY.

*R JN &xZ

*R JN &xZB *R; |.OB % gkGB BEA WebLogic ServerM\N G
Q -q: #GNMdL:& &xOB % gkKOY. *R JN &xZB GQ &x

ZG %SN policy8YB *R! _!; SOY.

*R JN &xZBY=z0: 8:dRN Lgn. V@OY.

v *R JN &xZ

*R JN &xZ& WebLogic 8H A9Sv)! kUC5OY. Tivoli Access

Manager for WebLogic *R JN &xZB *RG h! W &E! kQ %S;
!}OY.

v *R JN MBean

WebLogic \V; kX *R JN &xZ& 8:R v V5O UOY. WebLogic

\V; kX *R; h&O)*R 8:x;[: W ;EOB Mz 0: 6[; O

5O #bI v5 V@OY.

IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-

4

Policy W *R h!

Policy W *R; h! p:)3M! $GOE* WebLogic \V; kX [:R v V
@OY. J2EE nC.ILGG h! C, nC.ILG h! p:)3M ;! $GH *

R W policyB Tivoli Access Manager 8# @j'. x#8N ]bKOY.

Tivoli Access Manager |. /?.<N pdadmin GB Tivoli Access Manager Web
Portal Manager& gkO) policy& [:R vB V8* v`R vB x@OY. Tivoli
Access Manager for WebLogic; gkOB BEA WebLogic Server& C[Ob |
! Tivoli Access Manager! n !v b; policy! [:Gn_ UOY. LB Tivoli
Access Manager for WebLogic 8: _ v`KOY. Tivoli Access Manager for
WebLogic 8:! kQ <NgW: 23 dLvG & 3 e :8: }w;! *M V@O
Y.

Zx W *R

BEA WebLogic ServerB )/ 3G -N Y% Zx /|; $GOg, pN Tivoli
Access Manager for WebLogic! GX vxKOY. pg Zx /|: Tivoli Access
Manager for WebLogic ;!- ?OQ M8N #VGGN, BEA WebLogic Server

G bD 1.:k8N [:H u Zx /|5 Z?8N vxKOY.

pg Zx /|! kX $GH policy W *R: Tivoli Access Manager 8# @j

'. x#! ?OQ fD8N zeKOY.

vg 8#Gv Jm vxGB BEA WebLogic Server Zx qO: Y=z0@OY.

v |. Zx

v nC.ILG Zx
v COM Zx
v EIS Zx
v EJB Zx
v JDBC Zx
v JMS Zx

v -v Zx
v URL Zx

v % -q: Zx

Tivoli Access Manager 8# @j'. x#!- Zx: Y= |D8N %CKOY.

/WebAppServer/WLS/Resources/wls_domain/wls_realm/resource_type/Details

Tivoli Access Manager 8# @j'. x#!- *R: Y= |D8N %CKOY.

/WebAppServer/WLS/Roles/wls_domain/wls_realm/role_name/AppName

& 1 e R3 W 3d 5

Li Tivoli Access Manager 8# @j'. AWLJ L': Tivoli Access Manager
for WebLogic8N 8:H /: DO; gkO)O|w 8:I v V@OY. {s-

pg BEA WebLogic Server W b8 nC.ILG-v& ?OQ Tivoli Access
Manager 5^N ;! 8:R v V@OY. LB pg nC.ILG-v /|G *R
W policy! kQ }_H '!& [:R v V5O UOY.

Tivoli Access Manager Nu gk

Tivoli Access Manager& gkO)\N gkZ GB ;N gkZ! kQ Nu; &
xR v V@OY. \N gkZ! kQ Nu: WebSEAL GB Tivoli Access Manager
Plug-in for Web ServersG L[ gN B bI! G8UOY. V{G W.v) 8H
;'X WebSEAL GB Tivoli Access Manager Plug-in for Web Servers& kX

\N gkZG W<: d;; vEOB " WebLogic -vB ;N gkZG W<: d
;; $COv ;F_ UOY. Y=}!-B \N gkZM ;N gkZ pN! kX
Nu; 3.OB f}! kX 3mUOY.

WebSEAL; gkO)\N gkZNu

F! YLnW%: 8# Zx! W<:OAB \N gkZG d;; 3.OB p(;

8)]OY.

W2

1. Tivoli Access Manager

B \N gkZ! kQ L[ gN B Nu; &xUOY

Y= qO!-B 'G W2! %CH AN<:! kX 3mUOY.

1. \N gkZ! 8# Zx! kQ W<:& d;UOY. WebSEAL: #MAsLn

G 8H W.v)! in!b |!d;; vEUOY

2. WebSEAL: gkZG d;;NMA.O) Tivoli Access Manager 8H 5^N

!- Xg gkZ& NuUOY.

6 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-

.

WebSEAL: gkZL' W O#, Nu-, gkZL' W RSA SecureID GB
gkZ $GNu ^?OrGNu ^Re& vxUOY.

WebSEAL: d;H URL W Tivoli Access Manager W<: policy! {s Z
< GQ a$;{kUOY. WebSEAL: mAgW(9: h$ /?:, C# W Nu

^?Or);{kR v V@OY.

3. gkZG URL d;L GQ N)H D, WebSEAL:L& WebLogic -vN |

^UOY. d;!B \N gkZL'z b; Nu lu ;G /v O#! wTK
OY. /v O#B sso_user! SOg Security Service Provider Interface!
WebSEAL; d; @.x8N .NR v V5O UOY.

sso_user! kQ Z<Q $8B 23 dLvG & 3 e :8: }w;& |6OJC
@.

4. WebLogic -vB NuH gkZ IDM O#& Security Service Provider Interface

N umOT |^UOY.

5. Security Service Provider InterfaceB Tivoli Access Manager Nu -q:& g

kO) WebSEALL &xQ O#! '! 3mH sso_user! kX CY% O#N
v KuUOY. o, L O#B d; @.xL WebSEALLsB EZ& bJN U

OY

L& GQ! kQ d;L XqGz@OY.

;N gkZNu

F!G YLnW%!-B
m 8# Zx! W<:Ob 'Q d;; 3.OB p(; 8)]OY.

;N

gkZ! WebSEAL GB C/WN 8H; kOv J

W2

2. Tivoli Access Manager Custom Realm

: ;N gkZG Nu; &xUOY

& 1 e R3 W 3d 7

.

Y= qO!-B 'G W2! %CH AN<:! kX 3mUOY.

1. ;N gkZ! 8# Zx! kQ W<:& d;UOY.

2. WebLogic gkZNu pbL gkZG ID& Security Service Provider Interface

N 8@OY.

3. Security Service Provider InterfaceB Nu d;; gkZ 9v:..N 8@O

Y.

NuL OaGi, Security Service Provider InterfaceB L gkZL';NuH
gkZN- WebLogic -vN .OUOY.

4. d;; GQ N)Ob 'X BEA WebLogic ServerB vgNuH gkZ(F65

GQL N)Gv J:)! d;H Zx! W<:R v V5O GQL N)GzBv

)N& G0OB Tivoli Access Manager for WebLogic GQ &xZ!T 68U
OY.

W<:B Zx! kQ W<:! N)H *R; 1COm vgNuH gkZ! L

/Q *RL N)GzBv )N& a$OB Tivoli Access Manager Authorization
Server!T #bO) G0KOY.

Nk W (g

Tivoli Access Manager for WebLogic ;!- Nk: Tivoli Access Manager Java
18S 8:dR& gkO) PhH IBM JLog ,!:! GX 3.KOY. Tivoli Access

Manager for WebLogic W Tivoli Access Manager for WebLogicz T2 x^H

/:

JLog

OY. L8T Oi Tivoli Access Manager for WebLogicL WebLogic NW DO!
L%.& w" NWR v V@OY.

DO; BEA WebLogic Server Nk ,!:& gkO5O 8:R v V@

EZ:, !k:, )b 6$ !I:

Tivoli Access Manager for WebLogic: Tivoli Access Manager Java 18S ,!

:& gkO) Tivoli Access Manager 8# @j'. %LM#L: W gkZ 9v
:..& 6[UOY. ;N Tivoli Access Manager for WebLogic 3CB W<: a

$! kQ :I bs; &xUOY.

Tivoli Access Manager Java 18S ,!:B Tivoli Access Manager Authorization
Server @y 98& vxUOY.1w Authorization Server! UsI fl,2w -v

! kQ @y 98! Z? _}UOY.

GeGB /f 3$: 9& acld W Tivoli Access Manager for WebLogic N8L2

U. -q:& gkOB MTOY.

IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-

8

W<: a$: Tivoli Access Manager for WebLogicz T2 &xGB Tivoli Access
Manager Authorization Server N8L2U. -q: GB Tivoli Access Manager
Policy Server& gkO) v`R v V@OY.

Tivoli Access Manager Policy Server 8:: GP W :IG \O v! .& '.

! W:. /f!-8 gkX_ UOY. N8L2U. -q:B ANvG /f!- g
kG5O /$OT3_Gz@OY. Z<Q ;k: 39 dLvG :Tivoli Access Manager

Authorization Server!- N8L2U. -q: gk;; |6OJC@.

& 1 e R3 W 3d 9

10 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-

& 2 e 3! vCgW

Le:Y= V&N 8:Gn V@OY.

v :vxGB C'{;

v :p:) W ^p. d8gW;
v 12 dLvG :g| 3! RA.~n;
v 14 dLvG :3! 6}g& gkO) 3!;
v 17 dLvG :xC /?.<& gkO) 3!;

vxGB C'{

Tivoli Access Manager for WebLogic, v| 5.1: Y=; vxUOY.

v BEA WebLogic Server v| 7.0 SP2
v BEA WebLogic Server v| 8.1 SP1

Tivoli Access Manager for WebLogic:L1.:! kQ gkZ $G |'& vx
Ov J@OY. kE, L kU: BEA WebLogic Server SSPI(Security Service Provider

Interface)& vxUOY.

Tivoli Access Manager for WebLogic: Y= n5 <&!- vxKOY.

v IBM AIX 5.1
v Sun Solaris 8 W 9
v Hewlett-Packard HP-UX 11.0 W 11i(BEA WebLogic Server v| 7.08)
v Microsoft Windows 2000 Server W Advanced Server(-q: Q 3)

V: Tivoli Access Manager for WebLogic: Java 2 Security Manager& gkO)

G`OB C:[; vxUOY. Java policy DO: Java 2 Security ManagerG
/$ Ze#L:! [wOB % JdQ GQ; wTOB RA.~nM T2 &xK

OY.

p:) W ^p. d8gW

Tivoli Access Manager for WebLogicG p:) W ^p. d8gW: Y=z0@
OY.

v 64MB RAM, 128MB GeJ

© Copyright IBM Corp. 2003 11

BEA WebLogic Server W b8 Tivoli Access Manager 8:dR! v$H Jv

^p. L\! JdQ ^p. gTOY. _! 64MB RAM: 3L :I; V{-O
B % gkKOY.

Y% Tivoli Access Manager 8:dR! JdQ ^p. g: #:. C:[! 3

!H Tivoli Access Manager 8:dR! {s ^s}OY. Z<Q $8B IBM Tivoli
Access Manager

v 2MB p:) x#, 4MB GeJ

BEA WebLogic Server W b8 Tivoli Access Manager 8:dR! JdQ p:
) x# L\! _!N JdQ x#TOY.

v NW DO! kX 5MB p:) x#

LB RA.~n 8:dR! JdQ p:) x# L\! _!N JdQ x#TOY.

g| 3! RA.~n

Tivoli Access Manager for WebLogicG 3!& OaOAi Y=z0: g| 3!
RA.~n! JdUOY.

v :Tivoli Access Manager Policy Server;

b; 3! H;-

& |6OJC@.

v 13 dLvG :Tivoli Access Manager WebSEAL GB Tivoli Access Manager

Plug-in for Web Servers;

v 13 dLvG :BEA WebLogic Server;
v 14 dLvG :Tivoli Access Manager Java 18S;

Tivoli Access Manager Policy Server

Tivoli Access Manager for WebLogic; 3!Ob |! Tivoli Access Manager 8
H 5^N; 3$X_ UOY.

Tivoli Access Manager Policy Server& 3!R ' Tivoli Access Manager 8H 5
^NL 3$KOY. L Policy ServerB gkZ n5 <&G IBM Tivoli Access
Manager Base CD!- hwKOY.

O]{8N Tivoli Access Manager Policy ServerB Tivoli Access Manager for
WebLogic; cgOB C:[z Y% C:[! 3!KOY.

Tivoli Access Manager Authorization Server

Tivoli Access Manager Authorization ServerB BEA WebLogic Server W Tivoli
Access Manager for WebLogicL 3!H Mz ?OQ #:.! 3!Gn_ UOY.

Authorization ServerB BEA WebLogic Server! Tivoli Access Manager GQ -
q:! kQ W<:& &xUOY. Authorization ServerB GQ -v 0? 9Ze&
zeOb 'Q Nk W (g ]:G-v *R; UOY.

12

IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-