Authorization C API Developer Reference

Size: px
Start display at page:

Download "Authorization C API Developer Reference"

Transcription

1 IBM Security Access Manager for Web Version 7.0 Authorization C API Deeloper Reference SC

2

3 IBM Security Access Manager for Web Version 7.0 Authorization C API Deeloper Reference SC

4 Note Before using this information and the product it supports, read the information in Notices on page 277. Edition notice Note: This edition applies to ersion 7, release 0, modification 0 of IBM Security Access Manager (product number 5724-C87) and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright IBM Corporation 2002, US Goernment Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

5 Contents Figures ii Tables ix About this publication xi Intended audience xi Access to publications and terminology..... xii Related publications xi Accessibility xi Technical training xi Support information xi Chapter 1. Authorization API oeriew.. 1 Authorization API introduction The Open Group Authorization API standard.. 2 The authorization model Authorization API components Application deelopment requirements Tested compilers Demonstration programs Application deployment Authorization API task summary Chapter 2. Authorization API functions and data types API functions Attribute lists Credentials Authorization decisions Initialization, shutdown, and error handling.. 10 API extensions Character strings Buffers Protected object structures Default user registry information structure Attribute lists Credential handles Status codes and error handling Chapter 3. Authorization API initialization Authorization API initialization oeriew Specifying UTF-8 or local code set Specifying an authorization API configuration file 20 Specifying cache mode settings Cache mode type Authorization database file location Local cache refresh Local cache notification listener SSL listener ports Local domain Configuring SSL from the API client to Security Access Manager SSL keyfile Stash file Keyfile label SSL session timeout SSL password expiration Authentication method User name and password Configuration file location SSL keyfile password Maximum number of worker threads Automatic refresh of SSL certificate and keyfile password Connection timeout Specifying communications attributes for the policy serer Policy serer host name Policy serer port number Specifying alues for an authorization serer replica 30 Configuring the authorization API for LDAP access 31 LDAP user registry support LDAP serer host name LDAP serer port number LDAP user distinguished name LDAP user password SSL communication with the LDAP serer SSL keyfile name SSL keyfile distinguished name SSL keyfile password Maximum search buffer size Caching LDAP data LDAP serer query preference Authentication method Specifying LDAP user registry replica access.. 35 LDAP client-side timeout LDAP client-side authentication timeout LDAP client-side search timeout URAF registry settings URAF configuration file Serer identity Serer password Cache mode Cache size Cache lifetime Authorization rules initialization Prolog text for the XMLADI input document.. 38 Prolog text for the XSL rule document Resource manager ADI prefix list Dynamic ADI retrieal entitlement serice list.. 40 XMLADI attribute definitions Enabling the return of permission information Configuring eent logging and auditing Specifying the host interface on which to listen.. 43 Starting the authorization serice Chapter 4. Using the authorization API 45 Authenticating an API application Copyright IBM Corp. 2002, 2012 iii

6 Verifying the identity of a user Usage tip: enforcing user lockout policy Obtaining user authorization credentials Step 1: Specifying the authorization authority and authentication mechanism Step 2: Specifying user authentication identity.. 48 Step 3: Specifying additional user information.. 48 Step 4: Placing user information into an API buffer Step 5: Obtaining authorization credentials for the user Obtaining an authorization decision Step 1: Mapping the user operation to a Security Access Manager permission Step 2: Mapping the requested resource to a protected object Step 3: Assigning the user credentials to a credentials handle Step 4: Building an attribute list for additional application information Step 5: Obtaining an authorization decision Cleaning up and shutting down Releasing allocated memory Shutting down the authorization API Working with credentials Conerting credentials to a transportable format 54 Conerting credentials to the natie format Creating a chain of credentials Determining the number of credentials in a credentials chain Obtaining a credential from a chain of credentials 55 Modifying the contents of a credential Obtaining an attribute list from a credential.. 56 Setting and getting string attribute alues for a credential Comparing two credentials Copying a credential Chapter 5. Compatibility and application migration issues Compatibility and application migration oeriew 59 Binary compatibility with earlier ersions Deprecated API elements Chapter 6. Authorization serice plug-ins Serice plug-in architecture The authorization serice dispatcher Authorization serice plug-ins Calling applications Supported types of serice plug-ins Implementing a serice plug-in Initialization and configuration of serice plug-ins Implementing serice interfaces Using error codes Shut down Example serice source code Serice plug-in implementations Entitlement serices Credentials modification serice Priilege attribute certificate serice External authorization serice Chapter 7. Entitlement serice plug-ins 85 Entitlements oeriew Entitlements of type azn_string_t Entitlements of type azn_buffer_t Initialization, configuration, and shut down Obtaining entitlements for a specified user Authorizing a caller to a specific entitlement serice plug-in Using authorization API interfaces Entitlement serice error codes Dynamic ADI retrieal serices Credential attributes entitlement serice Registry attribute entitlement serice oeriew 92 Registry attribute entitlement serice configuration Migration from a preious release Configuring a credential attributes entitlement serice as a dynamic ADI retrieal serice Chapter 8. Administration serice plug-ins Understanding administration serice plug-ins Configuring administration serice plug-ins Creating a configuration file entry for an administration serice Configuring an administration serice programmatically Initializing and shutting down administration serice plug-ins Using an administration serice plug-in Error codes Errors when registering the administration serice plug-in Errors when registering administration definitions Major errors from administration serice functions Minor errors from administration serice functions Error codes specific to an authorization serices plug-in Deploying an administration serice plug-in Chapter 9. External authorization serice plug-ins Introducing the external authorization serice Understanding the external authorization serice 112 External authorization serice architecture Policy triggers Weightings Configuring an external authorization serice plug-in Using a configuration file entry Configuring an external authorization serice programmatically i IBM Security Access Manager for Web Version 7.0: Authorization C API Deeloper Reference

7 Initializing and shutting down external authorization serice plug-ins Obtaining an authorization decision Error codes Major error codes Minor error codes Appendix A. Authorization API reference azn_attrlist_add_entry() azn_attrlist_add_entry_buffer() azn_attrlist_add_entry_pobj() azn_attrlist_add_entry_ulong() azn_attrlist_copy() azn_attrlist_create() azn_attrlist_delete() azn_attrlist_delete_entry() azn_attrlist_delete_entry_alue() azn_attrlist_get_entry_buffer_alue() azn_attrlist_get_entry_pobj_alue() azn_attrlist_get_entry_string_alue() azn_attrlist_get_entry_type() azn_attrlist_get_entry_ulong_alue() azn_attrlist_get_names() azn_attrlist_name_get_num() azn_creds_combine() azn_creds_copy() azn_creds_create() azn_creds_delete() azn_creds_equal() azn_creds_for_subject() azn_creds_get_attr_alue_string() azn_creds_get_attrlist_for_subject() azn_creds_get_pac() azn_creds_modify() azn_creds_num_of_subjects() azn_creds_set_attr_alue_string() azn_decision_access_allowed() azn_decision_access_allowed_ext() azn_entitlement_get_entitlements() azn_error_get_string() azn_error_major() azn_error_minor() azn_error_minor_get_string() azn_id_get_creds2() azn_init_set_code_set() azn_initialize() azn_pac_get_creds() azn_release_buffer() azn_release_pobj() azn_release_string() azn_release_strings() azn_shutdown() azn_util_errcode() azn_util_handle_is_alid() azn_util_password_authenticate2() azn_util_password_change() Appendix B. Authorization serice plug-in API reference azn_admin_get_object() azn_admin_get_objectlist() azn_admin_get_tasklist() azn_admin_perform_task() azn_sc_creds_get_pac() azn_sc_creds_modify() azn_sc_decision_access_allowed_ext() azn_sc_entitlement_get_entitlements() azn_sc_initialize() azn_sc_pac_get_creds() azn_sc_shutdown() Appendix C. Attribute names reference Initialization attributes Credential attributes Permission information attributes Authorization API serice plug-in attributes Authorization engine attributes Appendix D. Guidelines for changing configuring files Configuration file organization General guidelines Default alues Strings Defined strings File names Integers Boolean alues Appendix E. Stanza reference [authentication-mechanisms] stanza cert-ldap cert-uraf passwd-ldap passwd-uraf [aznapi-admin-serices] stanza serice-id [aznapi-configuration] stanza azn-app-host cache-refresh-interal cred-attribute-entitlement-serices db-file dynamic-adi-entitlement-serices input-adi-xml-prolog listen-flags logcfg mode permission-info-returned policy-cache-size resource-manager-proided-adi xsl-stylesheet-prolog [aznapi-cred-modification-serices] stanza serice-id [aznapi-entitlement-serices] stanza serice-id [aznapi-external-authzn-serices] stanza policy-trigger [aznapi-pac-serices] stanza Contents

8 serice-id [ldap] stanza authn-timeout auth-using-compare bind-dn bind-pwd cache-enabled enabled host ldap-serer-config max-search-size port prefer-readwrite-serer replica search-timeout ssl-enabled ssl-keyfile ssl-keyfile-dn ssl-keyfile-pwd ssl-port timeout [manager] stanza management-domain master-host master-port replica [meta-info] stanza ersion [ssl] stanza ssl-authn-password ssl-authn-type ssl-authn-user ssl-auto-refresh ssl-io-inactiity-timeout ssl-keyfile ssl-keyfile-label ssl-keyfile-stash ssl-listening-port ssl-local-domain ssl-maximum-worker-threads ssl-mgr-config ssl-pwd-life ssl-3-timeout [uraf-registry] stanza bind-id bind-pwd cache-lifetime cache-mode cache-size uraf-registry-config [xmladi-attribute-definitions] stanza attribute_name Notices Index i IBM Security Access Manager for Web Version 7.0: Authorization C API Deeloper Reference

9 Figures 1. The ISO Authorization Model The Security Access Manager implementation of the ISO authorization model Authorization serice plug-in Architecture The administration serice plug-in to the authorization API The external authorization serice architecture 112 Copyright IBM Corp. 2002, 2012 ii

10 iii IBM Security Access Manager for Web Version 7.0: Authorization C API Deeloper Reference

11 Tables 1. Location of authorization API components 3 2. Location of authorization API header files 4 3. Location of authorization API error codes 4 4. Compilers tested with Security Access Manager 5 5. Demonstration programs Credential functions and related tasks Authorization decision functions and related tasks Functions and related tasks for initialization, shutdown, and error handling API extension functions and related tasks Buffers Variables for protected object Variables for default user registry Functions that operate on attribute lists Error code files codeset parameter alues Authorization API configuration file alue Cache mode alues Local cache refresh alues Cache notification listener alues SSL listener port alue Domain name alue SSL keyfile alue Stash file alue Certificate label for keyfile SSL session timeout alue Expiration interal for keyfile password or stash file Authentication method for authorization API client User name and password Configuration file location alue SSL keyfile password alue Maximum number of threads alue Refresh alue for SSL certificate and key database file password Timeout alue for input/output connection Policy serer host name alue Policy serer port number alue Values for an authorization serer replica Values to enable LDAP user registry support LDAP serer host name alue LDAP serer port number alue LDAP user DN alue LDAP user password alue LDAP serer SSL communication alue SSL keyfile name alue SSL keyfile distinguished name alue SSL keyfile password alue Maximum search buffer size alue LDAP client-side caching alue LDAP serer query preference alue LDAP user authentication method alue LDAP user registry replica access alues LDAP client-side timeout alue LDAP client-side authentication timeout alue LDAP client-side search timeout alue URAF configuration file alue URAF serer identity alue URAF serer password alue Cache mode alue Cache size alue Cache lifetime alue Authorization API initialization data attributes Host name on which the authorization API application listens Additional user information that the authorization API proides Authorization credentials for the user Access request result Authorization access decision information Valid handles Library file names by platform Default configuration file entries Authorization API interface Major error codes from serice dispatcher Major error codes from serice plug-ins Generic major error codes Minor error codes Protected objects entitlement serice Extended attributes entitlement serice Dynamic ADI retrieal entitlement serice Credential attribute entitlement serice Credentials attribute list modification serice Credentials group membership modification serice Priilege attribute certificate (PAC) encoding serice External authorization serice Interface input parameters Entitlement serice error codes Example attributes added to the credential Supported authorization API functions Function mappings Attributes in the out data attribute list Errors registering the administration serice plug-in Administration API functions Major error codes Additional major error codes Initialization attributes Copyright IBM Corp. 2002, 2012 ix

12 x IBM Security Access Manager for Web Version 7.0: Authorization C API Deeloper Reference

13 About this publication Intended audience IBM Security Access Manager for Web, formerly called IBM Tioli Access Manager for e-business, is a user authentication, authorization, and web single sign-on solution for enforcing security policies oer a wide range of web and application resources. This reference guide contains information about how to use the Security Access Manager C administration API to enable an application to programmatically perform Security Access Manager administration tasks. This document describes the C implementation of the Security Access Manager administration API. See the IBM Security Access Manager for Web: Administration Jaa Classes Deeloper Reference for information regarding the Jaa implementation of these APIs. Information about the pdadmin command-line interface (CLI) can be found in the IBM Security Access Manager for Web: Command Reference. This reference is for application programmers writing programs in C and programming language to authorize the users and objects associated with the Security Access Manager product. Readers must be familiar with: Microsoft Windows and UNIX operating systems Database architecture and concepts Security management Internet protocols, including HTTP, TCP/IP, File Transfer Protocol (FTP), and Telnet The user registry that Security Access Manager is configured to use Lightweight Directory Access Protocol (LDAP) and directory serices, if used by your user registry Authentication and authorization To enable Secure Sockets Layer (SSL) communication, you must be familiar with SSL protocol, key exchange (public and priate), digital signatures, cryptographic algorithms, and certificate authorities. This reference is for application programmers writing programs in C and programming language to administer the users and objects associated with the Security Access Manager product. Readers must be familiar with: Microsoft Windows and UNIX operating systems Database architecture and concepts Security management Internet protocols, including HTTP, TCP/IP, File Transfer Protocol (FTP), and Telnet The user registry that Security Access Manager is configured to use Copyright IBM Corp. 2002, 2012 xi

14 Lightweight Directory Access Protocol (LDAP) and directory serices, if used by your user registry Authentication and authorization If you are enabling Secure Sockets Layer (SSL) communication, you also should be familiar with SSL protocol, key exchange (public and priate), digital signatures, cryptographic algorithms, and certificate authorities. Access to publications and terminology This section proides: A list of publications in the IBM Security Access Manager for Web library. Links to Online publications on page xi. A link to the IBM Terminology website on page xi. IBM Security Access Manager for Web library The following documents are in the IBM Security Access Manager for Web library: IBM Security Access Manager for Web Quick Start Guide, GI Proides steps that summarize major installation and configuration tasks. IBM Security Web Gateway Appliance Quick Start Guide Hardware Offering Guides users through the process of connecting and completing the initial configuration of the WebSEAL Hardware Appliance, SC IBM Security Web Gateway Appliance Quick Start Guide Virtual Offering Guides users through the process of connecting and completing the initial configuration of the WebSEAL Virtual Appliance. IBM Security Access Manager for Web Installation Guide, GC Explains how to install and configure Security Access Manager. IBM Security Access Manager for Web Upgrade Guide, SC Proides information for users to upgrade from ersion 6.0, or 6.1.x to ersion 7.0. IBM Security Access Manager for Web Administration Guide, SC Describes the concepts and procedures for using Security Access Manager. Proides instructions for performing tasks from the Web Portal Manager interface and by using the pdadmin utility. IBM Security Access Manager for Web WebSEAL Administration Guide, SC Proides background material, administratie procedures, and reference information for using WebSEAL to manage the resources of your secure Web domain. IBM Security Access Manager for Web Plug-in for Web Serers Administration Guide, SC Proides procedures and reference information for securing your Web domain by using a Web serer plug-in. IBM Security Access Manager for Web Shared Session Management Administration Guide, SC Proides administratie considerations and operational instructions for the session management serer. IBM Security Access Manager for Web Shared Session Management Deployment Guide, SC xii IBM Security Access Manager for Web Version 7.0: Authorization C API Deeloper Reference

15 Proides deployment considerations for the session management serer. IBM Security Web Gateway Appliance Administration Guide, SC Proides administratie procedures and technical reference information for the WebSEAL Appliance. IBM Security Web Gateway Appliance Configuration Guide for Web Reerse Proxy, SC Proides configuration procedures and technical reference information for the WebSEAL Appliance. IBM Security Web Gateway Appliance Web Reerse Proxy Stanza Reference, SC Proides a complete stanza reference for the IBM Security Web Gateway Appliance Web Reerse Proxy. IBM Security Access Manager for Web WebSEAL Configuration Stanza Reference, SC Proides a complete stanza reference for WebSEAL. IBM Global Security Kit: CapiCmd Users Guide, SC Proides instructions on creating key databases, public-priate key pairs, and certificate requests. IBM Security Access Manager for Web Auditing Guide, SC Proides information about configuring and managing audit eents by using the natie Security Access Manager approach and the Common Auditing and Reporting Serice. You can also find information about installing and configuring the Common Auditing and Reporting Serice. Use this serice for generating and iewing operational reports. IBM Security Access Manager for Web Command Reference, SC Proides reference information about the commands, utilities, and scripts that are proided with Security Access Manager. IBM Security Access Manager for Web Administration C API Deeloper Reference, SC Proides reference information about using the C language implementation of the administration API to enable an application to perform Security Access Manager administration tasks. IBM Security Access Manager for Web Administration Jaa Classes Deeloper Reference, SC Proides reference information about using the Jaa language implementation of the administration API to enable an application to perform Security Access Manager administration tasks. IBM Security Access Manager for Web Authorization C API Deeloper Reference, SC Proides reference information about using the C language implementation of the authorization API to enable an application to use Security Access Manager security. IBM Security Access Manager for Web Authorization Jaa Classes Deeloper Reference, SC Proides reference information about using the Jaa language implementation of the authorization API to enable an application to use Security Access Manager security. IBM Security Access Manager for Web Web Security Deeloper Reference, SC About this publication xiii

16 Proides programming and reference information for deeloping authentication modules. IBM Security Access Manager for Web Error Message Reference, GI Proides explanations and correctie actions for the messages and return code. IBM Security Access Manager for Web Troubleshooting Guide, GC Proides problem determination information. IBM Security Access Manager for Web Performance Tuning Guide, SC Proides performance tuning information for an enironment that consists of Security Access Manager with the IBM Tioli Directory Serer as the user registry. Online publications IBM posts product publications when the product is released and when the publications are updated at the following locations: IBM Security Access Manager for Web Information Center The com.ibm.isam.doc_70/welcome.html site displays the information center welcome page for this product. IBM Publications Center The pbi.wss site offers customized search functions to help you find all the IBM publications that you need. IBM Terminology website The IBM Terminology website consolidates terminology for product libraries in one location. You can access the Terminology website at software/globalization/terminology. Related publications This section lists the IBM products that are related to and included with the Security Access Manager solution. Note: The following middleware products are not packaged with IBM Security Web Gateway Appliance. IBM Global Security Kit Security Access Manager proides data encryption by using Global Security Kit (GSKit) ersion 8.0.x. GSKit is included on the IBM Security Access Manager for Web Version 7.0 product image or DVD for your particular platform. GSKit ersion 8 includes the command-line tool for key management, GSKCapiCmd (gsk8capicmd_64). GSKit ersion 8 no longer includes the key management utility, ikeyman (gskikm.jar). ikeyman is packaged with IBM Jaa ersion 6 or later and is now a pure Jaa application with no dependency on the natie GSKit runtime. Do not moe or remoe the bundled jaa/jre/lib/gskikm.jar library. xi IBM Security Access Manager for Web Version 7.0: Authorization C API Deeloper Reference

17 The IBM Deeloper Kit and Runtime Enironment, Jaa Technology Edition, Version 6 and 7, ikeyman User's Guide for ersion 8.0 is aailable on the Security Access Manager Information Center. You can also find this document directly at: Note: 60/iKeyman.8.User.Guide.pdf GSKit ersion 8 includes important changes made to the implementation of Transport Layer Security required to remediate security issues. The GSKit ersion 8 changes comply with the Internet Engineering Task Force (IETF) Request for Comments (RFC) requirements. Howeer, it is not compatible with earlier ersions of GSKit. Any component that communicates with Security Access Manager that uses GSKit must be upgraded to use GSKit ersion , or or later. Otherwise, communication problems might occur. IBM Tioli Directory Serer IBM Tioli Directory Serer ersion 6.3 FP17 ( ISS-ITDS-FP0017) is included on the IBM Security Access Manager for Web Version 7.0 product image or DVD for your particular platform. You can find more information about Tioli Directory Serer at: IBM Tioli Directory Integrator IBM Tioli Directory Integrator ersion is included on the IBM Tioli Directory Integrator Identity Edition V for Multiplatform product image or DVD for your particular platform. You can find more information about IBM Tioli Directory Integrator at: IBM DB2 Uniersal Database IBM DB2 Uniersal Database Enterprise Serer Edition, ersion 9.7 FP4 is proided on the IBM Security Access Manager for Web Version 7.0 product image or DVD for your particular platform. You can install DB2 with the Tioli Directory Serer software, or as a stand-alone product. DB2 is required when you use Tioli Directory Serer or z/os LDAP serers as the user registry for Security Access Manager. For z/os LDAP serers, you must separately purchase DB2. You can find more information about DB2 at: IBM WebSphere products The installation packages for WebSphere Application Serer Network Deployment, ersion 8.0, and WebSphere extreme Scale, ersion , are included with About this publication x

18 Security Access Manager ersion 7.0. WebSphere extreme Scale is required only when you use the Session Management Serer (SMS) component. WebSphere Application Serer enables the support of the following applications: Web Portal Manager interface, which administers Security Access Manager. Web Administration Tool, which administers Tioli Directory Serer. Common Auditing and Reporting Serice, which processes and reports on audit eents. Session Management Serer, which manages shared session in a Web security serer enironment. Attribute Retrieal Serice. You can find more information about WebSphere Application Serer at: Accessibility Technical training Support information Accessibility features help users with a physical disability, such as restricted mobility or limited ision, to use software products successfully. With this product, you can use assistie technologies to hear and naigate the interface. You can also use the keyboard instead of the mouse to operate all features of the graphical user interface. Visit the IBM Accessibility Center for more information about IBM's commitment to accessibility. For technical training information, see the following IBM Education website at IBM Support proides assistance with code-related problems and routine, short duration installation or usage questions. You can directly access the IBM Software Support site at The IBM Security Access Manager for Web Troubleshooting Guide proides details about: What information to collect before you contact IBM Support. The arious methods for contacting IBM Support. How to use IBM Support Assistant. Instructions and problem-determination resources to isolate and fix the problem yourself. Note: The Community and Support tab on the product information center can proide more support resources. xi IBM Security Access Manager for Web Version 7.0: Authorization C API Deeloper Reference

19 Chapter 1. Authorization API oeriew This chapter proides an oeriew of the IBM Security Access Manager for Web (Security Access Manager) authorization API. Topic Index: Authorization API introduction Authorization API components on page 3 Application deelopment requirements on page 5 Application deployment on page 6 Authorization API task summary on page 7 Authorization API introduction Use the Security Access Manager authorization application programming interface (API) to program Security Access Manager applications and third-party applications to query the Security Access Manager authorization serice for authorization decisions. The Security Access Manager authorization API is the interface between the serer-based resource manager and the authorization serice and proides a standard model for coding authorization requests and decisions. The authorization API lets you make standardized calls to the centrally managed authorization serice from any deeloped application. The authorization API supports two implementation modes: Remote cache mode In remote cache mode, you use the authorization API to call the Security Access Manager authorization serer, which performs authorization decisions on behalf of the application. The authorization serer maintains its own cache of the replica authorization policy database. Local cache mode In local cache mode, you use the authorization API to download a local replica of the authorization policy database. In this mode, the application can perform all authorization decisions locally. The authorization API shields you from the complexities of the authorization serice mechanism. Issues of management, storage, caching, replication, credentials format, and authentication methods are all hidden behind the authorization API. The authorization API works independently from the underlying security infrastructure, the credential format, and the ealuating mechanism. The authorization API makes it possible to request an authorization check and get a simple "yes" or "no" recommendation in return. The authorization API is a component of the Security Access Manager application deelopment kit (ADK). Copyright IBM Corp. 2002,

20 Security Access Manager APIs are thread-safe. Use caution when performing operations on objects with multiple threads. For example, an error is returned if you want to create, modify and delete an ACL, and the delete is done before the modify. The Open Group Authorization API standard The Security Access Manager authorization API implements the Open Group Authorization API (Generic Application Interface for Authorization Frameworks) standard. This interface is based on the International Organization for Standardization (ISO) model for authorization. In this model, an initiator requests access to a target resource. The initiator submits the request to a resource manager, which incorporates an access enforcement function (AEF). The AEF submits the request, along with information about the initiator, to an access decision function (ADF). The ADF returns a decision to the AEF, and the AEF enforces the decision. Initiator Submit Access Request Resource Manager AEF Present Access Request Target Decision Request Decision ADF Figure 1. The ISO Authorization Model Security Access Manager implements the ADF component of this model and proides the authorization API as an interface to this function. Resource Manager Browser Initiator AEF Web Application Serer Authorization API Protected Data Target ADF Access Manager Authorization Serice Access Manager Secure Domain Figure 2. The Security Access Manager implementation of the ISO authorization model In the figure aboe, a browser (initiator) requests access to a file or other resource on a protected system (target). The browser submits the request to a web application serer (the resource manager that incorporates the access enforcement 2 IBM Security Access Manager for Web Version 7.0: Authorization C API Deeloper Reference

21 function). The web application serer uses the authorization API to submit the request to the Security Access Manager authorization serice (the access decision function). The Security Access Manager authorization serice returns an access decision, through the authorization API, to the web application serer. The web application serer processes the request as appropriate. To implement this model, deelopers of AEF applications add authorization API function calls to their application code. See the Open Group Authorization API document. The authorization model The first step in adding authorization to an application is to define the security policy requirements for your application. Defining a security policy means that you must determine the business requirements that apply to the application users, operations, and data. These requirements include: Objects to be secured Operations permitted on each object Users that are permitted to do the operations After your security requirements are defined, you can use the authorization API to integrate your security policy with the Security Access Manager security model. Complete the following steps to deploy an application into a Security Access Manager secure domain: 1. Configure the Security Access Manager secure domain to recognize and support the objects, actions, and users that are releant to your application. For an introduction to the Security Access Manager authorization model, see IBM Security Access Manager for Web: Administration Guide. For complete information about access control, see IBM Security Access Manager for Web: Administration Guide. 2. Use the authorization API within your application to obtain the needed authorization decisions. For an introduction to the authorization API, including information about remote cache mode and local cache mode, see IBM Security Access Manager for Web: Administration Guide. 3. Deelop your application logic to enforce the security policy. Authorization API components The authorization API is included in an optional installation package (ADK) in the Security Access Manager distribution. The authorization API files are installed in seeral subdirectories under the Security Access Manager installation directory. Table 1. Location of authorization API components bin include Directory Contents On Microsoft Windows systems, the library to include at run time is pdauthzn.dll. C header files. Chapter 1. Authorization API oeriew 3

22 Table 1. Location of authorization API components (continued) lib Directory Contents A library that implements the API functions. The name of the library is platform-dependent: Solaris Operating Enironment libpdauthzn.so Linux AIX libpdauthzn.so libpdauthzn.a Microsoft Windows pdauthzn.lib example/authzn_demo/cpp This directory contains an example program that demonstrates usage of the authorization API. Source files and a MAKEFILE are proided. For installation instructions for the ADK, see the IBM Security Access Manager for Web: Installation Guide. Header Files The header files are found in the include directory, located directly under the Security Access Manager ADK package installation directory. Table 2. Location of authorization API header files File ogauthzn.h aznutils.h azn_sc_protos.h azn_admin_sc_protos.h azn_deprecated.h iadminapi.h pdb*msg.h Contents The authorization API standard functions. Utility functions (extensions to the authorization API). Prototypes for generic authorization serice plug-in functions. Contains prototypes for the azn_serice_initialize() and azn_serice_shutdown() functions. This file can optionally be included by a plug-in programmer to prototype the calls defined in the serice. Prototypes for plug-in functions for the authorization administration serice. Prototypes and declarations for the functions, ariables, and attributes that are deprecated in this ersion of Security Access Manager. Aoid including this header file. Function prototypes for the Security Access Manager administration API. This API is described in IBM Security Access Manager for Web: Administration C API Deeloper Reference. Minor error codes. Error Codes The authorization API error codes are defined in the following files, in the include directory: Table 3. Location of authorization API error codes File ogauthzn.h aznutils.h Contents Major error codes for the standard authorization API functions. Major error codes for the authorization API utility functions. 4 IBM Security Access Manager for Web Version 7.0: Authorization C API Deeloper Reference

23 Table 3. Location of authorization API error codes (continued) File pdb*msg.h Contents Minor error codes for utility functions and the Security Access Manager authorization serices are found in a number of error message files, such as pdbaclmsg.h Application deelopment requirements To deelop applications that use the Security Access Manager authorization API, you must install and configure a Security Access Manager secure domain. If you do not hae a Security Access Manager secure domain installed, install one before beginning application deelopment. The minimum installation consists of a single system with the following Security Access Manager Base components installed: Security Access Manager run time enironment Security Access Manager policy serer Security Access Manager application deelopment kit When the Security Access Manager secure domain uses an LDAP user registry, the application deelopment system must hae an LDAP client installed. If you already hae a Security Access Manager secure domain installed, you can add another deelopment system to that domain. The minimum requirements for adding another deelopment system consist of the following components: Security Access Manager runtime enironment Security Access Manager application deelopment kit Note: For Security Access Manager installation instructions, see the IBM Security Access Manager for Web: Installation Guide. To compile applications that use the authorization API, you must install the Security Access Manager ADK on the build system. When you compile an application, make sure that you add the include directory for the Security Access Manager ADK to the compiler command line. When you link an application, specify the directory that contains the authorization shared library if it is not in the default location. Tested compilers This section lists compilers that IBM tested for use with the Security Access Manager Application Deeloper Kit (ADK). IBM tested the use of the Security Access Manager Application Deeloper Kit (ADK) component with the compilers listed in Table 4. Preious ersions of the compilers listed are not supported. Compilers on other supported platforms were not tested. Table 4. Compilers tested with Security Access Manager IBM AIX 6.1 Operating system platform tested Tested compiler IBM XL C/C++ Version 10.1 Chapter 1. Authorization API oeriew 5

24 Table 4. Compilers tested with Security Access Manager (continued) Operating system platform tested Tested compiler Sun Solaris 11 Operating System Oracle Solaris Studio Version 12.3 Red Hat Enterprise Linux Serer release bit x86 GNU GCC SUSE Linux Enterprise Serer 10 SP3 on 64-bit System z Microsoft Windows Serer 2008 R2 Enterprise Microsoft Visual Studio 2005 (using carsall.bat AMD64) Demonstration programs The Security Access Manager authorization API proides seeral example programs. The authzn_demo directory contains examples programs that demonstrate use of the authorization API. A C language example is included. The C example contains a sample Makefile. See the sample Makefile for build instructions specific to each supported operating system platform. Refer to the README file, located in the same directory, for information regarding the use of this example program. An example of the administration serice plug-in is proided in the admin_sc_demo directory. See the sample Makefile for build instructions. An example of an external authorization serice plug-in is proided in the eas_demo directory. See the sample Makefile for build instructions. An example of an entitlement serice plug-in is proided in the ent_sc_demo directory. See the sample Makefile for build instructions. Table 5. Demonstration programs Program authzn_demo azn_admin_sc_demo azn_eas_demo azn_ent_sc_demo Authorization API demonstration program Administration serice demonstration program External authorization serice demonstration program Entitlement serice demonstration program Application deployment To deploy an application with the authorization API, erify that your enironment contains the necessary supporting software. You can test your enironment by building and running the example program that is proided with the authorization API. Applications that are deeloped with the Security Access Manager authorization API must be run on systems that are configured into a Security Access Manager secure domain. When the Security Access Manager secure domain uses an LDAP user registry, the application deployment system must hae an LDAP client installed. The minimum Security Access Manager installation required on a system that runs an application is the Security Access Manager runtime enironment component. 6 IBM Security Access Manager for Web Version 7.0: Authorization C API Deeloper Reference

25 For deployment examples, see the demonstration programs described in Demonstration programs on page 6. Authorization API task summary The primary task of the authorization API is to obtain an authorization decision from the Security Access Manager authorization serice. Use the authorization API to present information about the user, operation, and requested resource to the Security Access Manager authorization serice, and receie the authorization decision. Your application is responsible for enforcing the decision, as appropriate. To obtain an authorization decision, you must accomplish certain tasks to configure the authorization API client. The following sections in this document proide a step-by-step guide to completing each of these required tasks: Chapter 3, Authorization API initialization, on page 19 Authenticating an API application on page 45 Verifying the identity of a user on page 46 Obtaining user authorization credentials on page 47 Obtaining an authorization decision on page 50 Cleaning up and shutting down on page 53 The authorization API also proides functions for performing optional tasks on user credentials. The following section describes the supported optional tasks: Working with credentials on page 54 Chapter 1. Authorization API oeriew 7

26 8 IBM Security Access Manager for Web Version 7.0: Authorization C API Deeloper Reference

27 Chapter 2. Authorization API functions and data types API functions This chapter describes the functions, structured data types, and constants that are defined as part of the authorization API. Topic Index: API functions Character strings on page 11 Buffers on page 11 Protected object structures on page 12 Default user registry information structure on page 13 Attribute lists on page 14 Credential handles on page 16 Status codes and error handling on page 17 This section proides tables that list the authorization API functions. The tables proide a link to the reference page for the function and a link to the section that describes each task of the function. Attribute lists This section is a list of the attribute list functions. azn_attrlist_add_entry() on page 124 azn_attrlist_add_entry_buffer() on page 125 azn_attrlist_add_entry_pobj() on page 126 azn_attrlist_add_entry_ulong() on page 127 azn_attrlist_create() on page 128 azn_attrlist_copy() on page 127 azn_attrlist_delete() on page 129 azn_attrlist_delete_entry() on page 130 azn_attrlist_delete_entry_alue() on page 131 azn_attrlist_get_entry_buffer_alue() on page 132 azn_attrlist_get_entry_type() on page 135 azn_attrlist_get_entry_ulong_alue() on page 136 azn_attrlist_get_entry_pobj_alue() on page 133 azn_attrlist_get_entry_string_alue() on page 134 azn_attrlist_get_names() on page 137 azn_attrlist_name_get_num() on page 138 azn_release_buffer() on page 170 azn_release_pobj() on page 171 azn_release_string() on page 172 azn_release_strings() on page 172 azn_util_handle_is_alid() on page 175 Copyright IBM Corp. 2002,

IBM Security Access Manager for Web Version 7.0. Installation Guide GC

IBM Security Access Manager for Web Version 7.0. Installation Guide GC IBM Security Access Manager for Web Version 7.0 Installation Guide GC23-6502-02 IBM Security Access Manager for Web Version 7.0 Installation Guide GC23-6502-02 Note Before using this information and the

More information

IBM Security Access Manager for Web Version 7.0. Upgrade Guide SC

IBM Security Access Manager for Web Version 7.0. Upgrade Guide SC IBM Security Access Manager for Web Version 7.0 Upgrade Guide SC23-6503-02 IBM Security Access Manager for Web Version 7.0 Upgrade Guide SC23-6503-02 Note Before using this information and the product

More information

Shared Session Management Administration Guide

Shared Session Management Administration Guide Security Access Manager Version 7.0 Shared Session Management Administration Guide SC23-6509-02 Security Access Manager Version 7.0 Shared Session Management Administration Guide SC23-6509-02 Note Before

More information

Performance Tuning Guide

Performance Tuning Guide IBM Security Access Manager for Web Version 7.0 Performance Tuning Guide SC23-6518-02 IBM Security Access Manager for Web Version 7.0 Performance Tuning Guide SC23-6518-02 Note Before using this information

More information

IBM Security Access Manager for Web Version 7.0. Command Reference SC

IBM Security Access Manager for Web Version 7.0. Command Reference SC IBM Security Access Manager for Web Version 7.0 Command Reference SC23-6512-02 IBM Security Access Manager for Web Version 7.0 Command Reference SC23-6512-02 Note Before using this information and the

More information

Web Security Developer Reference

Web Security Developer Reference IBM Tioli Access Manager for e-business Web Security Deeloper Reference Version 5.1 SC32-1358-00 IBM Tioli Access Manager for e-business Web Security Deeloper Reference Version 5.1 SC32-1358-00 Note Before

More information

Error Message Reference

Error Message Reference IBM Security Access Manager for Web Version 7.0 Error Message Reference GI11-8157-02 IBM Security Access Manager for Web Version 7.0 Error Message Reference GI11-8157-02 Note Before using this information

More information

Deployment Overview Guide

Deployment Overview Guide IBM Security Priileged Identity Manager Version 1.0 Deployment Oeriew Guide SC27-4382-00 IBM Security Priileged Identity Manager Version 1.0 Deployment Oeriew Guide SC27-4382-00 Note Before using this

More information

Troubleshooting Guide

Troubleshooting Guide Tioli Access Manager for e-business Version 6.1.1 Troubleshooting Guide GC27-2717-00 Tioli Access Manager for e-business Version 6.1.1 Troubleshooting Guide GC27-2717-00 Note Before using this information

More information

Tivoli SecureWay Policy Director Authorization ADK. Developer Reference. Version 3.8

Tivoli SecureWay Policy Director Authorization ADK. Developer Reference. Version 3.8 Tivoli SecureWay Policy Director Authorization ADK Developer Reference Version 3.8 Tivoli SecureWay Policy Director Authorization ADK Developer Reference Version 3.8 Tivoli SecureWay Policy Director Authorization

More information

IBM Security Access Manager for Web Version 7.0. Administration Guide SC

IBM Security Access Manager for Web Version 7.0. Administration Guide SC IBM Security Access Manager for Web Version 7.0 Administration Guide SC23-6504-02 IBM Security Access Manager for Web Version 7.0 Administration Guide SC23-6504-02 Note Before using this information and

More information

Web Services Security Management Guide

Web Services Security Management Guide IBM Tioli Federated Identity Manager Version 6.2.2 Web Serices Security Management Guide GC32-0169-04 IBM Tioli Federated Identity Manager Version 6.2.2 Web Serices Security Management Guide GC32-0169-04

More information

WebSEAL Installation Guide

WebSEAL Installation Guide IBM Tioli Access Manager WebSEAL Installation Guide Version 4.1 SC32-1133-01 IBM Tioli Access Manager WebSEAL Installation Guide Version 4.1 SC32-1133-01 Note Before using this information and the product

More information

License Administrator s Guide

License Administrator s Guide IBM Tioli License Manager License Administrator s Guide Version 1.1.1 GC23-4833-01 Note Before using this information and the product it supports, read the information under Notices on page 115. Second

More information

IBM Tivoli Storage Manager for Windows Version Tivoli Monitoring for Tivoli Storage Manager

IBM Tivoli Storage Manager for Windows Version Tivoli Monitoring for Tivoli Storage Manager IBM Tioli Storage Manager for Windows Version 7.1.0 Tioli Monitoring for Tioli Storage Manager IBM Tioli Storage Manager for Windows Version 7.1.0 Tioli Monitoring for Tioli Storage Manager Note: Before

More information

IBM Tivoli Access Manager for WebSphere Application Server. User s Guide. Version 4.1 SC

IBM Tivoli Access Manager for WebSphere Application Server. User s Guide. Version 4.1 SC IBM Tioli Access Manager for WebSphere Application Serer User s Guide Version 4.1 SC32-1136-01 IBM Tioli Access Manager for WebSphere Application Serer User s Guide Version 4.1 SC32-1136-01 Note Before

More information

Administration Java Classes Developer Reference

Administration Java Classes Developer Reference IBM Tioli Access Manager for e-business Administration Jaa Classes Deeloper Reference Version 5.1 SC32-1356-00 IBM Tioli Access Manager for e-business Administration Jaa Classes Deeloper Reference Version

More information

IBM i Version 7.2. Connecting to IBM i IBM i Access for Web IBM

IBM i Version 7.2. Connecting to IBM i IBM i Access for Web IBM IBM i Version 7.2 Connecting to IBM i IBM i Access for Web IBM IBM i Version 7.2 Connecting to IBM i IBM i Access for Web IBM Note Before using this information and the product it supports, read the information

More information

Administration Java Classes Developer Reference

Administration Java Classes Developer Reference IBM Security Access Manager for Web Version 7.0 Administration Java Classes Developer Reference SC23-6514-02 IBM Security Access Manager for Web Version 7.0 Administration Java Classes Developer Reference

More information

Tivoli SecureWay Policy Director Authorization ADK Developer Reference Version 3.7

Tivoli SecureWay Policy Director Authorization ADK Developer Reference Version 3.7 Tivoli SecureWay Policy Director Authorization ADK Developer Reference Version 3.7 January 2001 Tivoli SecureWay Policy Director Authorization ADK Developer Reference Copyright Notice Copyright IBM Corporation

More information

Extended Search Administration

Extended Search Administration IBM Extended Search Extended Search Administration Version 3 Release 7 SC27-1404-00 IBM Extended Search Extended Search Administration Version 3 Release 7 SC27-1404-00 Note! Before using this information

More information

WebSphere MQ Configuration Agent User's Guide

WebSphere MQ Configuration Agent User's Guide IBM Tioli Composite Application Manager for Applications Version 7.1 WebSphere MQ Configuration Agent User's Guide SC14-7525-00 IBM Tioli Composite Application Manager for Applications Version 7.1 WebSphere

More information

IBM Security Identity Manager Version 6.0. Installation Guide GC

IBM Security Identity Manager Version 6.0. Installation Guide GC IBM Security Identity Manager Version 6.0 Installation Guide GC14-7695-00 IBM Security Identity Manager Version 6.0 Installation Guide GC14-7695-00 Note Before using this information and the product it

More information

IBM Tivoli Federated Identity Manager Version Installation Guide GC

IBM Tivoli Federated Identity Manager Version Installation Guide GC IBM Tivoli Federated Identity Manager Version 6.2.2 Installation Guide GC27-2718-01 IBM Tivoli Federated Identity Manager Version 6.2.2 Installation Guide GC27-2718-01 Note Before using this information

More information

Access Manager for e-business Version Administration Guide SC

Access Manager for e-business Version Administration Guide SC Tivoli Access Manager for e-business Version 6.1.1 Administration Guide SC23-6504-01 Tivoli Access Manager for e-business Version 6.1.1 Administration Guide SC23-6504-01 Note Before using this information

More information

Tivoli Tivoli Intelligent ThinkDynamic Orchestrator

Tivoli Tivoli Intelligent ThinkDynamic Orchestrator Tioli Tioli Intelligent ThinkDynamic Orchestrator Version 2.1 Installation Guide for Windows GC32-1604-00 Tioli Tioli Intelligent ThinkDynamic Orchestrator Version 2.1 Installation Guide for Windows GC32-1604-00

More information

IBM Tivoli Access Manager forweblogicserver. User s Guide. Version 3.9 GC

IBM Tivoli Access Manager forweblogicserver. User s Guide. Version 3.9 GC IBM Tioli Access Manager forweblogicserer User s Guide Version 3.9 GC32-0851-00 IBM Tioli Access Manager forweblogicserer User s Guide Version 3.9 GC32-0851-00 Note Before using this information and the

More information

Installation and Setup Guide

Installation and Setup Guide IBM Tioli Monitoring for Business Integration Installation and Setup Guide Version 5.1.1 SC32-1402-00 IBM Tioli Monitoring for Business Integration Installation and Setup Guide Version 5.1.1 SC32-1402-00

More information

Tivoli Tivoli Provisioning Manager

Tivoli Tivoli Provisioning Manager Tioli Tioli Proisioning Manager Version 2.1 Installation Guide for Linux on Intel and Linux on iseries GC32-1616-00 Tioli Tioli Proisioning Manager Version 2.1 Installation Guide for Linux on Intel and

More information

IBM Operational Decision Manager Version 8 Release 5. Installation Guide

IBM Operational Decision Manager Version 8 Release 5. Installation Guide IBM Operational Decision Manager Version 8 Release 5 Installation Guide Note Before using this information and the product it supports, read the information in Notices on page 51. This edition applies

More information

IBM Tivoli Access Manager for Linux on zseries. Installation Guide. Version 3.9 GC

IBM Tivoli Access Manager for Linux on zseries. Installation Guide. Version 3.9 GC IBM Tioli Access Manager for Linux on zseries Installation Guide Version 3.9 GC23-4796-00 IBM Tioli Access Manager for Linux on zseries Installation Guide Version 3.9 GC23-4796-00 Note Before using this

More information

IBM Agent Builder Version User's Guide IBM SC

IBM Agent Builder Version User's Guide IBM SC IBM Agent Builder Version 6.3.5 User's Guide IBM SC32-1921-17 IBM Agent Builder Version 6.3.5 User's Guide IBM SC32-1921-17 Note Before you use this information and the product it supports, read the information

More information

Installation and Configuration Guide

Installation and Configuration Guide IBM Tioli Directory Serer Installation and Configuration Guide Version 6.2 SC23-9939-00 IBM Tioli Directory Serer Installation and Configuration Guide Version 6.2 SC23-9939-00 Note Before using this information

More information

IBM. Connecting to IBM i IBM i Access for Web. IBM i 7.1

IBM. Connecting to IBM i IBM i Access for Web. IBM i 7.1 IBM IBM i Connecting to IBM i IBM i Access for Web 7.1 IBM IBM i Connecting to IBM i IBM i Access for Web 7.1 Note Before using this information and the product it supports, read the information in Notices,

More information

Installation and Configuration Guide

Installation and Configuration Guide IBM Tioli Directory Serer Installation and Configuration Guide Version 6.3 SC27-2747-00 IBM Tioli Directory Serer Installation and Configuration Guide Version 6.3 SC27-2747-00 Note Before using this information

More information

IBM Tivoli Monitoring for Business Integration. User s Guide. Version SC

IBM Tivoli Monitoring for Business Integration. User s Guide. Version SC IBM Tioli Monitoring for Business Integration User s Guide Version 5.1.1 SC32-1403-00 IBM Tioli Monitoring for Business Integration User s Guide Version 5.1.1 SC32-1403-00 Note Before using this information

More information

WebSphere Message Broker Monitoring Agent User's Guide

WebSphere Message Broker Monitoring Agent User's Guide IBM Tioli OMEGAMON XE for Messaging on z/os Version 7.1 WebSphere Message Broker Monitoring Agent User's Guide SC23-7954-03 IBM Tioli OMEGAMON XE for Messaging on z/os Version 7.1 WebSphere Message Broker

More information

Tivoli IBM Tivoli Advanced Catalog Management for z/os

Tivoli IBM Tivoli Advanced Catalog Management for z/os Tioli IBM Tioli Adanced Catalog Management for z/os Version 2.2.0 Monitoring Agent User s Guide SC23-9818-00 Tioli IBM Tioli Adanced Catalog Management for z/os Version 2.2.0 Monitoring Agent User s Guide

More information

IBM. Client Configuration Guide. IBM Explorer for z/os. Version 3 Release 1 SC

IBM. Client Configuration Guide. IBM Explorer for z/os. Version 3 Release 1 SC IBM Explorer for z/os IBM Client Configuration Guide Version 3 Release 1 SC27-8435-01 IBM Explorer for z/os IBM Client Configuration Guide Version 3 Release 1 SC27-8435-01 Note Before using this information,

More information

BEA WebLogic Server Integration Guide

BEA WebLogic Server Integration Guide IBM Tivoli Access Manager for e-business BEA WebLogic Server Integration Guide Version 5.1 SC32-1366-00 IBM Tivoli Access Manager for e-business BEA WebLogic Server Integration Guide Version 5.1 SC32-1366-00

More information

Managing Server Installation and Customization Guide

Managing Server Installation and Customization Guide IBM Tioli Composite Application Manager for Application Diagnostics Version 7.1.0.4 Managing Serer Installation and Customization Guide SC27-2825-00 IBM Tioli Composite Application Manager for Application

More information

IBM Director Virtual Machine Manager 1.0 Installation and User s Guide

IBM Director Virtual Machine Manager 1.0 Installation and User s Guide IBM Director 4.20 Virtual Machine Manager 1.0 Installation and User s Guide Note Before using this information and the product it supports, read the general information in Appendix D, Notices, on page

More information

Tivoli Tivoli Provisioning Manager

Tivoli Tivoli Provisioning Manager Tioli Tioli Proisioning Manager Version 2.1 Installation Guide for Unix GC32-1615-00 Tioli Tioli Proisioning Manager Version 2.1 Installation Guide for Unix GC32-1615-00 Note: Before using this information

More information

Tivoli System Automation Application Manager

Tivoli System Automation Application Manager Tioli System Automation Application Manager Version 3.1 Installation and Configuration Guide SC33-8420-01 Tioli System Automation Application Manager Version 3.1 Installation and Configuration Guide SC33-8420-01

More information

Road Map for the Typical Installation Option of IBM Tivoli Monitoring Products, Version 5.1.0

Road Map for the Typical Installation Option of IBM Tivoli Monitoring Products, Version 5.1.0 Road Map for the Typical Installation Option of IBM Tioli Monitoring Products, Version 5.1.0 Objectie Who should use the Typical installation method? To use the Typical installation option to deploy an

More information

Registration Authority Desktop Guide

Registration Authority Desktop Guide IBM SecureWay Trust Authority Registration Authority Desktop Guide Version 3 Release 1.1 SH09-4530-01 IBM SecureWay Trust Authority Registration Authority Desktop Guide Version 3 Release 1.1 SH09-4530-01

More information

IBM Tivoli Access Manager Plug-in for Edge Server. User s Guide. Version 3.9 GC

IBM Tivoli Access Manager Plug-in for Edge Server. User s Guide. Version 3.9 GC IBM Tioli Access Manager Plug-in for Edge Serer User s Guide Version 3.9 GC23-4685-00 IBM Tioli Access Manager Plug-in for Edge Serer User s Guide Version 3.9 GC23-4685-00 Note Before using this information

More information

Tivoli Tivoli Intelligent ThinkDynamic Orchestrator

Tivoli Tivoli Intelligent ThinkDynamic Orchestrator Tioli Tioli Intelligent ThinkDynamic Orchestrator Version 2.1 Installation Guide for Unix GC32-1605-00 Tioli Tioli Intelligent ThinkDynamic Orchestrator Version 2.1 Installation Guide for Unix GC32-1605-00

More information

IBM. Installing. IBM Emptoris Suite. Version

IBM. Installing. IBM Emptoris Suite. Version IBM Emptoris Suite IBM Installing Version 10.1.0 IBM Emptoris Suite IBM Installing Version 10.1.0 ii IBM Emptoris Suite: Installing Copyright Note: Before using this information and the product it supports,

More information

IBM Tivoli Storage Manager for Windows Version Installation Guide

IBM Tivoli Storage Manager for Windows Version Installation Guide IBM Tioli Storage Manager for Windows Version 7.1.1 Installation Guide IBM Tioli Storage Manager for Windows Version 7.1.1 Installation Guide Note: Before using this information and the product it supports,

More information

IBM Security Access Manager Version April Web Base Administration Topics

IBM Security Access Manager Version April Web Base Administration Topics IBM Security Access Manager Version 8.0.1.2 15 April 2015 Web Base Administration Topics IBM Security Access Manager Version 8.0.1.2 15 April 2015 Web Base Administration Topics ii IBM Security Access

More information

Tivoli Access Manager for e-business

Tivoli Access Manager for e-business Tivoli Access Manager for e-business Version 6.1 Problem Determination Guide GI11-8156-00 Tivoli Access Manager for e-business Version 6.1 Problem Determination Guide GI11-8156-00 Note Before using this

More information

IBM Security Access Manager Version Web Base Administration Topics

IBM Security Access Manager Version Web Base Administration Topics IBM Security Access Manager Version 8.0.0.4 Web Base Administration Topics IBM Security Access Manager Version 8.0.0.4 Web Base Administration Topics ii IBM Security Access Manager Version 8.0.0.4: Web

More information

IBM Tivoli Netcool Performance Manager Wireline Component October 2015 Document Revision R2E1. Pack Upgrade Guide IBM

IBM Tivoli Netcool Performance Manager Wireline Component October 2015 Document Revision R2E1. Pack Upgrade Guide IBM IBM Tioli Netcool Performance Manager Wireline Component October 2015 Document Reision R2E1 Pack Upgrade Guide IBM Note Before using this information and the product it supports, read the information in

More information

IBM. Installing, configuring, using, and troubleshooting. IBM Operations Analytics for z Systems. Version 3 Release 1

IBM. Installing, configuring, using, and troubleshooting. IBM Operations Analytics for z Systems. Version 3 Release 1 IBM Operations Analytics for z Systems IBM Installing, configuring, using, and troubleshooting Version 3 Release 1 IBM Operations Analytics for z Systems IBM Installing, configuring, using, and troubleshooting

More information

Planning and Installation

Planning and Installation Tioli Workload Scheduler Version 8.5. (Reised October 200) Planning and Installation SC32-273-09 Tioli Workload Scheduler Version 8.5. (Reised October 200) Planning and Installation SC32-273-09 Note Before

More information

Installing and Configuring IBM Case Manager with FileNet P8 Platform on a Single Server

Installing and Configuring IBM Case Manager with FileNet P8 Platform on a Single Server Installing and Configuring IBM Case Manager with FileNet P8 Platform on a Single Serer ii Installing and Configuring IBM Case Manager with FileNet P8 Platform on a Single Serer Contents Installing with

More information

Troubleshooting Guide

Troubleshooting Guide Security Policy Manager Version 7.1 Troubleshooting Guide GC27-2711-00 Security Policy Manager Version 7.1 Troubleshooting Guide GC27-2711-00 Note Before using this information and the product it supports,

More information

IBM Single Sign On for Bluemix Version December Web Base Administration topics for Identity Bridge

IBM Single Sign On for Bluemix Version December Web Base Administration topics for Identity Bridge IBM Single Sign On for Bluemix Version 2.0 28 December 2014 Web Base Administration topics for Identity Bridge IBM Single Sign On for Bluemix Version 2.0 28 December 2014 Web Base Administration topics

More information

Monitor Developer s Guide

Monitor Developer s Guide IBM Tioli Priacy Manager for e-business Monitor Deeloper s Guide Version 1.1 SC23-4790-00 IBM Tioli Priacy Manager for e-business Monitor Deeloper s Guide Version 1.1 SC23-4790-00 Note: Before using this

More information

Tivoli Monitoring: Windows OS Agent

Tivoli Monitoring: Windows OS Agent Tioli Monitoring: Windows OS Agent Version 6.2.2 User s Guide SC32-9445-03 Tioli Monitoring: Windows OS Agent Version 6.2.2 User s Guide SC32-9445-03 Note Before using this information and the product

More information

IBM. Installing and configuring. Version 6.4

IBM. Installing and configuring. Version 6.4 IBM Installing and configuring Version 6.4 ii Installing and configuring Contents Installing and configuring....... 1 Planning for installation.......... 1 Premium feature actiation......... 1 Installation

More information

IBM Tivoli Storage Manager for Windows Version 7.1. Installation Guide

IBM Tivoli Storage Manager for Windows Version 7.1. Installation Guide IBM Tioli Storage Manager for Windows Version 7.1 Installation Guide IBM Tioli Storage Manager for Windows Version 7.1 Installation Guide Note: Before using this information and the product it supports,

More information

Extended Search Administration

Extended Search Administration IBM Lotus Extended Search Extended Search Administration Version 4 Release 0.1 SC27-1404-02 IBM Lotus Extended Search Extended Search Administration Version 4 Release 0.1 SC27-1404-02 Note! Before using

More information

Jazz for Service Management Version 1.1 FIx Pack 3 Beta. Configuration Guide Draft

Jazz for Service Management Version 1.1 FIx Pack 3 Beta. Configuration Guide Draft Jazz for Serice Management Version 1.1 FIx Pack 3 Beta Configuration Guide Draft Jazz for Serice Management Version 1.1 FIx Pack 3 Beta Configuration Guide Draft Note Before using this information and

More information

Tivoli Application Dependency Discovery Manager Version 7.3. Installation Guide IBM

Tivoli Application Dependency Discovery Manager Version 7.3. Installation Guide IBM Tioli Application Dependency Discoery Manager Version 7.3 Installation Guide IBM Tioli Application Dependency Discoery Manager Version 7.3 Installation Guide IBM Note Before using this information and

More information

Tivoli IBM Tivoli Advanced Audit for DFSMShsm

Tivoli IBM Tivoli Advanced Audit for DFSMShsm Tioli IBM Tioli Adanced Audit for DFSMShsm Version 2.2.0 Monitoring Agent Planning and Configuration Guide SC27-2348-00 Tioli IBM Tioli Adanced Audit for DFSMShsm Version 2.2.0 Monitoring Agent Planning

More information

IBM Tivoli Storage Manager for Virtual Environments Version Data Protection for VMware Installation Guide IBM

IBM Tivoli Storage Manager for Virtual Environments Version Data Protection for VMware Installation Guide IBM IBM Tioli Storage Manager for Virtual Enironments Version 7.1.6 Data Protection for VMware Installation Guide IBM IBM Tioli Storage Manager for Virtual Enironments Version 7.1.6 Data Protection for VMware

More information

IBM Tivoli Access Manager WebSEAL for Linux on zseries. Installation Guide. Version 3.9 GC

IBM Tivoli Access Manager WebSEAL for Linux on zseries. Installation Guide. Version 3.9 GC IBM Tioli Access Manager WebSEAL for Linux on zseries Installation Guide Version 3.9 GC23-4797-00 IBM Tioli Access Manager WebSEAL for Linux on zseries Installation Guide Version 3.9 GC23-4797-00 Note

More information

Product Overview Guide

Product Overview Guide IBM Security Identity Manager Version 6.0 Product Oeriew Guide GC14-7692-00 IBM Security Identity Manager Version 6.0 Product Oeriew Guide GC14-7692-00 Note Before using this information and the product

More information

Tivoli Identity Manager

Tivoli Identity Manager Tioli Identity Manager Version 4.6 Serer Installation and Configuration Guide for WebSphere Enironments SC32-1750-01 Tioli Identity Manager Version 4.6 Serer Installation and Configuration Guide for WebSphere

More information

Tivoli IBM Tivoli Advanced Catalog Management for z/os

Tivoli IBM Tivoli Advanced Catalog Management for z/os Tioli IBM Tioli Adanced Catalog Management for z/os Version 2.2.0 Monitoring Agent Planning and Configuration Guide SC23-9820-00 Tioli IBM Tioli Adanced Catalog Management for z/os Version 2.2.0 Monitoring

More information

IBM Tivoli Monitoring for Messaging and Collaboration: Lotus Domino. User s Guide. Version SC

IBM Tivoli Monitoring for Messaging and Collaboration: Lotus Domino. User s Guide. Version SC IBM Tioli Monitoring for Messaging and Collaboration: Lotus Domino User s Guide Version 5.1.0 SC32-0841-00 IBM Tioli Monitoring for Messaging and Collaboration: Lotus Domino User s Guide Version 5.1.0

More information

IBM Tivoli Storage Manager for Linux Version Tivoli Monitoring for Tivoli Storage Manager

IBM Tivoli Storage Manager for Linux Version Tivoli Monitoring for Tivoli Storage Manager IBM Tioli Storage Manager for Linux Version 7.1.0 Tioli Monitoring for Tioli Storage Manager IBM Tioli Storage Manager for Linux Version 7.1.0 Tioli Monitoring for Tioli Storage Manager Note: Before using

More information

Installing and Configuring Tivoli Enterprise Data Warehouse

Installing and Configuring Tivoli Enterprise Data Warehouse Installing and Configuring Tioli Enterprise Data Warehouse Version 1 Release 1 GC32-0744-00 Installing and Configuring Tioli Enterprise Data Warehouse Version 1 Release 1 GC32-0744-00 Installing and Configuring

More information

High Availability Guide for Distributed Systems

High Availability Guide for Distributed Systems IBM Tioli Monitoring Version 6.2.3 Fix Pack 1 High Aailability Guide for Distributed Systems SC23-9768-03 IBM Tioli Monitoring Version 6.2.3 Fix Pack 1 High Aailability Guide for Distributed Systems SC23-9768-03

More information

IBM Security Identity Manager Version Installation Topics IBM

IBM Security Identity Manager Version Installation Topics IBM IBM Security Identity Manager Version 6.0.0.13 Installation Topics IBM IBM Security Identity Manager Version 6.0.0.13 Installation Topics IBM ii IBM Security Identity Manager Version 6.0.0.13: Installation

More information

Tivoli SecureWay Policy Director Authorization API Java Wrappers Developer Reference Version 3.7

Tivoli SecureWay Policy Director Authorization API Java Wrappers Developer Reference Version 3.7 Tivoli SecureWay Policy Director Authorization API Java Wrappers Developer Reference Version 3.7 January 2001 Tivoli SecureWay Policy Director Authorization API Java Wrappers Developer Reference Copyright

More information

IBM Tivoli Privacy Manager for e-business. Installation Guide. Version 1.1 SC

IBM Tivoli Privacy Manager for e-business. Installation Guide. Version 1.1 SC IBM Tioli Priacy Manager for e-business Installation Guide Version 1.1 SC23-4791-00 IBM Tioli Priacy Manager for e-business Installation Guide Version 1.1 SC23-4791-00 Note: Before using this information

More information

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide IBM

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide IBM IBM Cognos Dynamic Query Analyzer Version 11.0.0 Installation and Configuration Guide IBM Product Information This document applies to IBM Cognos Analytics ersion 11.0.0 and may also apply to subsequent

More information

IBM Security Role and Policy Modeler Version 1 Release 1. Planning Guide SC

IBM Security Role and Policy Modeler Version 1 Release 1. Planning Guide SC IBM Security Role and Policy Modeler Version 1 Release 1 Planning Guide SC22-5407-03 IBM Security Role and Policy Modeler Version 1 Release 1 Planning Guide SC22-5407-03 October 2012 This edition applies

More information

xseries Systems Management IBM Diagnostic Data Capture 1.0 Installation and User s Guide

xseries Systems Management IBM Diagnostic Data Capture 1.0 Installation and User s Guide xseries Systems Management IBM Diagnostic Data Capture 1.0 Installation and User s Guide Note Before using this information and the product it supports, read the general information in Appendix C, Notices,

More information

High Availability Guide for Distributed Systems

High Availability Guide for Distributed Systems IBM Tioli Monitoring Version 6.3.0 High Aailability Guide for Distributed Systems SC22-5455-00 IBM Tioli Monitoring Version 6.3.0 High Aailability Guide for Distributed Systems SC22-5455-00 Note Before

More information

WebSphere MQ. Clients GC

WebSphere MQ. Clients GC WebSphere MQ Clients GC34-6058-01 Note! Before using this information and the product it supports, be sure to read the general information under Notices on page 179. Second edition (October 2002) This

More information

IBM Tivoli Storage Manager for AIX Version Tivoli Monitoring for Tivoli Storage Manager

IBM Tivoli Storage Manager for AIX Version Tivoli Monitoring for Tivoli Storage Manager IBM Tioli Storage Manager for AIX Version 7.1.0 Tioli Monitoring for Tioli Storage Manager IBM Tioli Storage Manager for AIX Version 7.1.0 Tioli Monitoring for Tioli Storage Manager Note: Before using

More information

IMSConnectorforJava User s Guide and Reference

IMSConnectorforJava User s Guide and Reference IMS Connect IMSConnectorforJaa User s Guide and Reference Version1Release2Modification2 IMS Connect IMSConnectorforJaa User s Guide and Reference Version1Release2Modification2 Note! Before using this

More information

Administrator's Guide

Administrator's Guide IBM Tioli Storage Productiity Center Version 5.2.4 Administrator's Guide SC27-4859-03 Note: Before using this information and the product it supports, read the information in Notices on page 285. This

More information

Installation and Setup Guide

Installation and Setup Guide IBM Tioli Monitoring for Messaging and Collaboration Installation and Setup Guide Version 5.1.1 GC32-0839-01 IBM Tioli Monitoring for Messaging and Collaboration Installation and Setup Guide Version 5.1.1

More information

IBM. RSE for z/os User's Guide. IBM Explorer for z/os. Version 3 Release 1 SC

IBM. RSE for z/os User's Guide. IBM Explorer for z/os. Version 3 Release 1 SC IBM Explorer for z/os IBM RSE for z/os User's Guide Version 3 Release 1 SC27-8433-03 IBM Explorer for z/os IBM RSE for z/os User's Guide Version 3 Release 1 SC27-8433-03 Note Before using this information,

More information

Monitoring: Windows OS Agent Version Fix Pack 2 (Revised May 2010) User s Guide SC

Monitoring: Windows OS Agent Version Fix Pack 2 (Revised May 2010) User s Guide SC Tioli Monitoring: Windows OS Agent Version 6.2.2 Fix Pack 2 (Reised May 2010) User s Guide SC32-9445-03 Tioli Monitoring: Windows OS Agent Version 6.2.2 Fix Pack 2 (Reised May 2010) User s Guide SC32-9445-03

More information

Netcool Configuration Manager Version Installation and Configuration Guide R2E6 IBM

Netcool Configuration Manager Version Installation and Configuration Guide R2E6 IBM Netcool Configuration Manager Version 6.4.1 Installation and Configuration Guide R2E6 IBM Netcool Configuration Manager Version 6.4.1 Installation and Configuration Guide R2E6 IBM Note Before using this

More information

Data Protection for IBM Domino for UNIX and Linux

Data Protection for IBM Domino for UNIX and Linux IBM Tioli Storage Manager for Mail Version 7.1 Data Protection for IBM Domino for UNIX and Linux Installation and User's Guide IBM Tioli Storage Manager for Mail Version 7.1 Data Protection for IBM Domino

More information

IBM Tivoli Monitoring: AIX Premium Agent Version User's Guide SA

IBM Tivoli Monitoring: AIX Premium Agent Version User's Guide SA Tioli IBM Tioli Monitoring: AIX Premium Agent Version 6.2.2.1 User's Guide SA23-2237-06 Tioli IBM Tioli Monitoring: AIX Premium Agent Version 6.2.2.1 User's Guide SA23-2237-06 Note Before using this information

More information

IBM Spectrum Protect Snapshot for Oracle Version What's new Supporting multiple Oracle databases with a single instance IBM

IBM Spectrum Protect Snapshot for Oracle Version What's new Supporting multiple Oracle databases with a single instance IBM IBM Spectrum Protect Snapshot for Oracle Version 8.1.4 What's new Supporting multiple Oracle databases with a single instance IBM IBM Spectrum Protect Snapshot for Oracle Version 8.1.4 What's new Supporting

More information

Internet Information Server User s Guide

Internet Information Server User s Guide IBM Tioli Monitoring for Web Infrastructure Internet Information Serer User s Guide Version 5.1.0 SH19-4573-00 IBM Tioli Monitoring for Web Infrastructure Internet Information Serer User s Guide Version

More information

Solutions for BSM 1.1 Expanded Operating System Release. Solutions for BSM Guide

Solutions for BSM 1.1 Expanded Operating System Release. Solutions for BSM Guide Solutions for BSM 1.1 Expanded Operating System Release Solutions for BSM Guide Solutions for BSM 1.1 Expanded Operating System Release Solutions for BSM Guide Note Before using this information and the

More information

Netcool/Impact Version User Interface Guide SC

Netcool/Impact Version User Interface Guide SC Netcool/Impact Version 6.1.0.2 User Interface Guide SC14-7554-00 Netcool/Impact Version 6.1.0.2 User Interface Guide SC14-7554-00 Note Before using this information and the product it supports, read the

More information

Tivoli Application Dependency Discovery Manager Version 7 Release 2.1. Installation Guide

Tivoli Application Dependency Discovery Manager Version 7 Release 2.1. Installation Guide Tioli Application Dependency Discoery Manager Version 7 Release 2.1 Installation Guide Tioli Application Dependency Discoery Manager Version 7 Release 2.1 Installation Guide Note Before using this information

More information

IBM i Version 7.2. Security Service Tools IBM

IBM i Version 7.2. Security Service Tools IBM IBM i Version 7.2 Security Serice Tools IBM IBM i Version 7.2 Security Serice Tools IBM Note Before using this information and the product it supports, read the information in Notices on page 37. This

More information

Connectivity Guide for Oracle Databases

Connectivity Guide for Oracle Databases IBM InfoSphere DataStage and QualityStage Version 9 Release 1 Connectiity Guide for Oracle Databases SC19-3842-01 IBM InfoSphere DataStage and QualityStage Version 9 Release 1 Connectiity Guide for Oracle

More information