Tivoli Access Manager for Enterprise Single Sign-On

Similar documents
Oracle Enterprise Single Sign-on Provisioning Gateway

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

IBM Tivoli Access Manager for Enterprise Single Sign-On: Authentication Adapter Version 6.00 September, 2006

Migrating Classifications with Migration Manager

IBM Tivoli Directory Server Version 5.2 Client Readme

iscsi Configuration Manager Version 2.0

IBM Tivoli Monitoring for Databases. Release Notes. Version SC

Limitations and Workarounds Supplement

Release Notes. IBM Tivoli Identity Manager Rational ClearQuest Adapter for TDI 7.0. Version First Edition (January 15, 2011)

Installing Watson Content Analytics 3.5 Fix Pack 1 on WebSphere Application Server Network Deployment 8.5.5

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

CONFIGURING SSO FOR FILENET P8 DOCUMENTS

Release Notes. IBM Tivoli Identity Manager Universal Provisioning Adapter. Version First Edition (June 14, 2010)

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

Networking Bootstrap Protocol

Workplace Designer. Installation and Upgrade Guide. Version 2.6 G

IBM WebSphere Sample Adapter for Enterprise Information System Simulator Deployment and Testing on WPS 7.0. Quick Start Scenarios

Printing Systems Division. Infoprint Manager for AIX NLV Release Notes

IBM Spectrum LSF Process Manager Version 10 Release 1. Release Notes IBM GI

Printing Systems Division. Infoprint Manager for Windows NLV Release Notes

Release Notes. IBM Tivoli Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

IBM Directory Integrator 5.1.2: Readme Addendum

Integrated use of IBM WebSphere Adapter for Siebel and SAP with WPS Relationship Service. Quick Start Scenarios

Limitations and Workarounds Supplement

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide IBM

IBM License Metric Tool Enablement Guide

Release Notes. IBM Security Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

Development tools System i5 Debugger

Netcool/Impact Version Release Notes GI

IBM Storage Driver for OpenStack Version Installation Guide SC

Release Notes. IBM Tivoli Identity Manager Oracle PeopleTools Adapter. Version First Edition (May 29, 2009)

IBM Maximo Calibration Version 7 Release 5. Installation Guide

IBM Tivoli OMEGAMON DE for Distributed Systems

IBM Maximo for Aviation MRO Version 7 Release 6. Installation Guide IBM

IBM Storage Driver for OpenStack Version Installation Guide SC

Platform LSF Version 9 Release 1.1. Migrating on Windows SC

IBM Security QRadar Version Customizing the Right-Click Menu Technical Note

Platform LSF Version 9 Release 1.3. Migrating on Windows SC

Version 1.2 Tivoli Integrated Portal 2.2. Tivoli Integrated Portal Customization guide

IBM Maximo Spatial Asset Management Version 7 Release 5. Installation Guide

Oracle Enterprise Single Sign-on Provisioning Gateway. Installation and Setup Guide Release E

Limitations and Workarounds Supplement

IBM Tivoli Identity Manager Authentication Manager (ACE) Adapter for Solaris

Application and Database Protection in a VMware vsphere Environment

IBM Directory Server 4.1 Release Notes

IBM Maximo for Service Providers Version 7 Release 6. Installation Guide

Best practices. Starting and stopping IBM Platform Symphony Developer Edition on a two-host Microsoft Windows cluster. IBM Platform Symphony

IBM Tivoli OMEGAMON XE for R/3

Configuring IBM Rational Synergy to use HTTPS Protocol

IBM emessage Version 8.x and higher. Account Startup Overview

Installation and User s Guide

Getting Started with InfoSphere Streams Quick Start Edition (VMware)

IBM Copy Services Manager Version 6 Release 1. Release Notes August 2016 IBM

Release 6.2 Installation Guide

Patch Management for Solaris

A Quick Look at IBM SmartCloud Monitoring. Author: Larry McWilliams, IBM Tivoli Integration of Competency Document Version 1, Update:

IBM Endpoint Manager Version 9.1. Patch Management for Ubuntu User's Guide

IBM Rational Synergy DCM-GUI

Lotus Forms Designer 3. What s New

Tivoli Endpoint Manager for Patch Management - AIX. User s Guide

IBM Storage Management Pack for Microsoft System Center Operations Manager (SCOM) Version Release Notes

IBM OpenPages GRC Platform Version 7.0 FP2. Enhancements

Tivoli Access Manager for Enterprise Single Sign-On

SMASH Proxy Version 1.0

IBM i2 ibridge 8 for Oracle

IBM Decision Server Insights. Installation Guide. Version 8 Release 6

IBM. IBM i2 Enterprise Insight Analysis Understanding the Deployment Patterns. Version 2 Release 1 BA

Using application properties in IBM Cúram Social Program Management JUnit tests

System i. Networking RouteD. Version 5 Release 4

Build integration overview: Rational Team Concert and IBM UrbanCode Deploy

IBM XIV Provider for Microsoft Windows Volume Shadow Copy Service. Version 2.3.x. Installation Guide. Publication: GC (August 2011)

IBM Integration Designer Version 8 Release 5. Hello World for WebSphere DataPower Appliance IBM

IBM UrbanCode Cloud Services Security Version 3.0 Revised 12/16/2016. IBM UrbanCode Cloud Services Security

IBM LoadLeveler Version 5 Release 1. Documentation Update: IBM LoadLeveler Version 5 Release 1 IBM

Version 2 Release 1. IBM i2 Enterprise Insight Analysis Understanding the Deployment Patterns IBM BA

IBM Maximo Spatial Asset Management Version 7 Release 5. Installation Guide

IBM BladeCenter Chassis Management Pack for Microsoft System Center Operations Manager 2007 Release Notes

IBM License Metric Tool Version Readme File for: IBM License Metric Tool, Fix Pack TIV-LMT-FP0001

IBM. IBM i2 Analyze Windows Upgrade Guide. Version 4 Release 1 SC

IBM Operations Analytics - Log Analysis: Network Manager Insight Pack Version 1 Release 4.1 GI IBM

Release Notes. IBM Tivoli Identity Manager I5/OS Adapter. Version First Edition (January 9, 2012)

IBM Maximo Spatial Asset Management Version 7 Release 6. Installation Guide IBM

IBM OpenPages GRC Platform - Version Interim Fix 1. Interim Fix ReadMe

Determining dependencies in Cúram data

IBM Optim. Compare Introduction. Version7Release3

IBM Operational Decision Manager Version 8 Release 5. Configuring Operational Decision Manager on Java SE

IBM Netcool/OMNIbus 8.1 Web GUI Event List: sending NodeClickedOn data using Netcool/Impact. Licensed Materials Property of IBM

IBM Tivoli AF/Remote

IBM Security QRadar Version Forwarding Logs Using Tail2Syslog Technical Note

IBM Maximo Calibration Version 7 Release 6. Installation Guide

IBM Storage Driver for OpenStack Version Release Notes

Chapter 1. Fix Pack 0001 overview

Transcription:

Tivoli Access Manager for Enterprise Single Sign-On Version 5.0 Provisioning Adapter Installation and Setup Guide

Tivoli Access Manager for Enterprise Single Sign-On Version 5.0 Provisioning Adapter Installation and Setup Guide

Note: Before using this information and the product it supports, read the information in Notices, on page 1. First Edition (March 2006) Copyright International Business Machines Corporation 1996, 2006. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Table of Contents Welcome to TAM E-SSO: Provisioning Adapter... 4 Installation Overview... 4 System Requirements and Supported Applications... 5 Minimum System Requirements... 5 Software Requirements... 5 Installation Steps... 7 Uninstalling TAM E-SSO: Provisioning Adapter... 16 Reference and Troubleshooting... 17 Customization Notes...17 Installation and Configuration Notes...18 3

Welcome to TAM E-SSO: Provisioning Adapter IBM Tivoli Access Manager for Enterprise Single Sign-On: Provisioning Adapter (TAM E-SSO: Provisioning Adapter) provides the ability for an administrator to automatically provision TAM E-SSO with a user s ID and password by using a provisioning system. An administrator is able to add, modify and delete IDs and passwords for particular applications within the provisioning system and have the changes reflected in IBM Tivoli Access Manager for Enterprise Single Sign-On (TAM E-SSO). From the provisioning system, all usernames and passwords inside of TAM E-SSO can also be deleted so that a user s access to all protected applications is eliminated. Installation Overview TAM E-SSO: Provisioning Adapter is installed as an add-on component to TAM E-SSO v5.0. TAM E-SSO version 5.0 must be installed prior to installing TAM E-SSO: Provisioning Adapter. TAM E-SSO automatically recognizes TAM E-SSO: Provisioning Adapter once it is installed. The following is a brief overview of the steps that must be taken in order to successfully install TAM E-SSO: Provisioning Adapter. Each step is explained in detail in the Installation Steps section. Review System Requirements Install TAM E-SSO: Provisioning Adapter Server o Install the TAM E-SSO: Provisioning Adapter Server Program Files o Create or identify a User Account for Anonymous Logon o Enable SSL Install TAM E-SSO: Provisioning Adapter Client CLI/SDK (optional) Install TAM E-SSO: Provisioning Adapter Client (Support for TAM E-SSO Agent) o Set CycleInterval Registry Key 4

System Requirements and Supported Applications Unless otherwise indicated, the information in this section applies to the TAM E-SSO: Provisioning Adapter Server. Minimum System Requirements In order for TAM E-SSO: Provisioning Adapter to install and function properly, your system must meet at least the following requirements. Pentium III class processor at 900MHZ 512MB RAM Disk Space: a complete Installation requires ~3MB o TAM E-SSO: Provisioning Adapter Support for SSO Agent needs < 1 MB of additional disk space. Software Requirements In order for TAM E-SSO: Provisioning Adapter to install and function properly, your system must have the following applications installed: Internet Explorer 6.0 or higher with 128-bit encryption Microsoft.NET Framework 1.1 (installed by TAM E-SSO: Provisioning Adapter installer) Microsoft Web Services Enhancements (WSE) 2.0 SP3 for Microsoft.NET (installed by TAM E-SSO: Provisioning Adapter installer) TAM E-SSO: Provisioning Adapter Support for SSO Agent In order for the TAM E-SSO: Provisioning Adapter support for the SSO Agent to function properly, TAM E-SSO version 5.0 must be installed. TAM E-SSO: Provisioning Adapter Server In order for TAM E-SSO: Provisioning Adapter Server to function properly, your system have the following applications installed: Microsoft Windows 2000 Server, or Windows Server 2003 Microsoft Internet Information Server 5.x or 6.x (6.x recommended) Microsoft Active Directory, Microsoft ADAM, Sun Java System Directory, or IBM LDAP Directory Microsoft SQL Server 2000 or Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) (only required if using Event Logging) IIS Requirements: Microsoft Internet Information Server (IIS), version 5.0 or later. TAM E-SSO: Provisioning Adapter uses the IIS Web server to provide a browser-based interface for user enrollment, general setup and administrative tasks. Note: If Active Directory or ADAM is used, the IIS account must have Administrative privileges and must be in the same domain. 5

Note: If you are running Windows 2000 SP4, make sure that the ASPNET account (or IWAM_Machine if ASPNET does not exist) has the privilege to impersonate a client after authentication. Please refer to http://support.microsoft.com/kb/821546 for more information. TAM E-SSO: Provisioning Adapter Repository Requirements: TAM E-SSO: Provisioning Adapter can use any the following as the repository: o Microsoft Active Directory or Active Directory Application Mode (ADAM). The Active Directory server or ADAM instance (that is, Active Directory running as a user service) can be on any server and in the same domain. o Sun Java System Directory o IBM LDAP Directory Installer Requirements To install TAM E-SSO: Provisioning Adapter, you need to have Administrative privileges for the PM/IIS server. You need to provide the following information to configure a Directory server: localhost port name1[.name2.name3] Host name of the server for Directory server instance. Port number of Directory server instance. Distinguished name of the Directory server domain root. Certificate Requirements An X.509 Certificate for SSL must be obtained from a Certificate Authority. A Trusted Root CA Certificate should also be downloaded from your Certificate Authority into the list of trusted root CA s on the local computer. For more information see the Enable SSL section. A certificate setup guide is provided with the TAM E-SSO: Provisioning Adapter documentation suite. If you do not have a certificate authority set up and want to use Microsoft Certificate Services to obtain certificates, please refer to the TAM E- SSO Provisioning Adapter Certificate Setup Guide which walks you though obtaining the necessary certificates using Microsoft Certificate Services. 6

Installation Steps Follow these steps to install and configure TAM E-SSO: Provisioning Adapter. Step 1: Review System Requirements Make sure you have carefully reviewed the system requirements on the previous page. Step 2: Install PM Server Complete all the steps in this section to install and configure the TAM E-SSO: Provisioning Adapter server. Step 2a: Install the TAM E-SSO: Provisioning Adapter Server Program Files Step 2b: Create or identify a User Account for Anonymous Logon Step 2c: Enable SSL Step 2a. Install the TAM E-SSO: Provisioning Adapter Server Program Files Follow these steps to install and configure the TAM E-SSO: Provisioning Adapter Server. 1. Close all programs. 2. Open the TAM E-SSO PA directory on the CD-ROM. 3. Double-click the TAM E-SSO PA Server.exe file to begin the installation. 4. The Choose Setup Language dialog appears. Select your language and click OK. 5. The Welcome Panel appears. Click Next. 6. The License Agreement panel appears. Read the license agreement carefully. Click the I accept the terms in the license agreement button and click Next to continue. 7. The Customer Agreement Panel appears. Enter your User Name, Organization name, and select who to Install this application for: All Users or Only for you. Click Next. 8. The Setup Type Panel appears. Select Complete or Custom. Complete installs all program files. Custom allows you to choose what program files are installed and the location. Custom installations are only recommended for advanced users. Click Next. 9. TAM E-SSO: Provisioning Adapter is ready to be installed. Click Install. Wait for the installation to complete. When it is done, click Finish. 7

Step 2b. Create or Identify a User Account for Anonymous Logon A dedicated Anonymous User account through which TAM E-SSO: Provisioning Adapter users and administrators access TAM E-SSO: Provisioning Adapter Web Services must be created or identified. This Anonymous User account should be a member of the Administrators group. Notes: Because the default Anonymous User account for a Web service, IUSR_<MACHINE_NAME>, is not a member of the Administrator group, you must create or choose a domain user account that is an Administrator; this will allow the account to perform these tasks: 1. Start, stop, and change services. 2. Read from/write to the directory. 3. Write to the local-machine registry (HKLM). To create a new user account or assign Administrator rights to an existing account, use the Active Directory Users and Computers console (for an Active Directory domain) or the Computer Management console (for non-ad domains). The user account you create or choose is specified as the Anonymous User dialog of the Services tool during this step. 1. Click Start, point to Program Files, point to Administrative Tools, and click Internet Information Services. 2. Locate the TAM E-SSO: Provisioning Adapter Console node in the tree, rightclick on it, and click Properties. 3. Click the Directory Security tab and click the Edit button next to Anonymous Access. 4. Check the Anonymous Access checkbox and type in the username and password of the anonymous user. The anonymous user must have local Administrative access. Note: By default, the TAM E-SSO: Provisioning Adapter Management Console is not restricted. Any user with a credential in the backend storage can log in. If you want to restrict access to a particular group, please see the Additional Security Settings in the TAM E-SSO: Provisioning Adapter Administrator Guide. Give the Anonymous Logon Access to ADAM: Note: This step only applies to ADAM users. 1. Click Start, point to Program Files, point to ADAM, and then click ADAM Tools Command Prompt. 2. Type: "dsacls \\SERVER:PORT\DISTINGUISHED_NAME /g USER:ga /i:t" For example: \\localhost:50000\ou=pm,dc=passlogix,dc=com /g Passlogix\PMWeb:ga /i:t 8

3. To make sure the account was given access, type: "dsacls \\SERVER:PORT\DISTINGUISHED_NAME" The output shows the security information for the directory object. The TAM E-SSO: Provisioning Adapter Anonymous Account should appear in the list with full access. Give the ASPNET Additional Privileges: Note: The following step is for Windows 2000 Users only. You must give ASPNET the Act as part of the operating system privilege: 1. Open the MMC console by clicking Start > Run. Type mmc and then click OK. The Microsoft Management Console opens. 2. On the File menu, click Add/Remove Snap-in. 3. On the Standalone tab, click Add. 4. In the Add Standalone Snap-in dialog, highlight Group Policy and click Add. 5. On the Group Policy dialog, select Local Computer and click Finish. Click OK. Note: If you are installing the TAM E-SSO: Provisioning Adapter Console on a box that is a domain controller, instead of selecting Local Computer, click Browse and search for Default Domain Controller Policy. In the next step, in the MMC, Default Domain Controller Policy will appear instead of Local Computer Policy. 6. In the MMC, click the + sign to expand Local Computer Policy, and continue expanding Computer Configuration > Windows Settings > Security Settings > Local Policies. Double-click on User Rights Assignment. 7. Double-click Act as part of the operating system and click the Add User or Group button. 8. Select the ASPNET account and click OK. Click OK again. Step 2c. Enable SSL An X.509 Certificate for SSL must be obtained from a trusted Certificate Authority. This trusted CA must be installed in the list of trusted Root CAs. The certificate must be valid for the current date and must contain the name of the website (machine name). The following instructions assume that these certificates are available at known locations. Notes: The following articles from the Microsoft Web site can be referred to for information on installing certificates and setting up SSL: 9

How to: Obtain an X.509 Certificate http://msdn.microsoft.com/library/default.asp?url=/library/enus/wse/html/1011e2ed-f3b0-4f3b-a5b7-8e1d8ae476d8.asp How To Set Up SSL on a Web Server http://msdn.microsoft.com/library/default.asp?url=/library/enus/secmod/html/secmod30.asp If you use Microsoft Certificate Services to obtain the X.509 certificate, choose a Server Authentication Certificate. Also, enable the Mark keys as exportable and Use local machine store options under the Key Options section. 1. Open IIS and right click the Web Site the will be the TAM E-SSO: Provisioning Adapter Web Site, for example Default Web Site. Click Properties. 10

2. Click the Directory Security tab and under Secure Communications, click Server Certificate. 3. The Web Server Certificate Wizard appears. This is where we will generate a request for a certificate. Click Next. 4. Select Assign an existing certificate and click Next.. 11

5. Highlight the certificate to assign and click Next. 6. The default SSL port should be 443. Leave this default and click Next. 7. Review the summary of your request. Click Next. 8. Click Finish. 9. The Directory Security tab will still be open. Under Secure Communications, click Edit. 12

10. On the Secure Communications dialog, check Require secure channel (SSL) and Require 128-bit encryption. 13

Step 3: Install TAM E-SSO: Provisioning Adapter Client CLI/SDK Note: This installation step is optional. The TAM E-SSO: Provisioning Adapter Client CLI/SDK is supplied as an integration component for Provisioning Solutions. The TAM E-SSO: Provisioning Adapter server exposes a Web service interface which allows any provisioning server to submit instructions to the PM server. The TAM E-SSO: Provisioning Adapter Client CLI/SDK is used to integrate TAM E- SSO: Provisioning Adapter with other provisioning solutions. Follow these steps to install and configure the TAM E-SSO: Provisioning Adapter Client CLI/SDK. For more information on the CLI syntax and usage, please refer to the TAM E-SSO Provisioning Adapter Client CLI/SDK Guide. 1. Close all programs. 2. Open the TAM E-SSO PA directory on the CD-ROM. 3. Double-click the TAM E-SSO PA Client SDK.exe file to begin the installation. 4. The Choose Setup Language dialog appears. Select your language and click OK. 5. The Welcome Panel appears. Click Next. 6. The License Agreement panel appears. Read the license agreement carefully. Click the I accept the terms in the license agreement button and click Next to continue. 7. The Customer Agreement Panel appears. 8. Enter your User Name, Organization name, and select who to Install this application for: All Users or Only for you. Click Next. 9. The Setup Type Panel appears. Select Complete or Custom. Complete installs all program files. Custom allows you to choose what program files are installed and the location. Custom installations are only recommended for advanced users. Click Next. 10. TAM E-SSO: Provisioning Adapter is ready to be installed. Click Install. 11. Wait for the installation to complete. When it is done, click Finish. 14

Step 4: Install TAM E-SSO: Provisioning Adapter Support for TAM E-SSO Agent Follow these steps to install and configure the TAM E-SSO: Provisioning Adapter Support for TAM E-SSO Agent. 1. Close all programs. 2. Open the TAM E-SSO PA directory on the CD-ROM. 3. Double-click the TAM E-SSO PA Client.exe file to begin the installation. 4. The Choose Setup Language dialog appears. Select your language and click OK. 5. The Welcome Panel appears. Click Next. 6. The License Agreement panel appears. Read the license agreement carefully. Click the I accept the terms in the license agreement button and click Next to continue. 7. TAM E-SSO: Provisioning Adapter is ready to be installed. Click Install. 8. Wait for the installation to complete. When it is done, click Finish. Step 4a. Set CycleInterval Registry Key In order for TAM E-SSO: Provisioning Adapter to function properly, the TAM E- SSO agent must synchronize to retrieve the provisioning instructions from the directory. When deploying, one of the decisions that must be made is the synchronization interval. The CycleInterval registry key is used to force synchronization to occur on a regular interval. If this is not set to a non-zero value, synchronization only occurs on some user action. This would not be the desired behavior with TAM E-SSO: Provisioning Adapter. It is recommended that this key is set to some value, for example 15 minutes. This would guarantee that the provisioning instructions get pulled down from the directory within 15 minutes (or whatever interval is set) of when they are put there by the TAM E-SSO: Provisioning Adapter Server. The CycleInterval registry key can be set through the TAM E-SSO Console: 1. Open the TAM E-SSO Administrative Console by clicking Start, point to Programs > IBM > TAM E-SSO and click TAM E-SSO Console. 2. Expand TAM E-SSO, Global Agent Settings, expand Live, and click Synchronization. 3. Set the Interval for automatic re-sync setting to the desired value. 4. Click Tools > Write Global Agent Settings to HKLM. 5. The Apply Settings dialog appears. Click Yes. 15

Note: This only applies to running TAM E-SSO agents. If a user doesn't have TAM E- SSO running, the provisioning instructions are not processed until the user starts TAM E-SSO. Processing the provisioning instructions requires that the user be authenticated to TAM E-SSO. If the user isn't authenticated to TAM E-SSO (for example, the timeout expired) then an authentication UI is presented and the synchronization process is blocked until the user authenticates. Uninstalling TAM E-SSO: Provisioning Adapter Follow these steps to uninstall TAM E-SSO: Provisioning Adapter. 1. Click Start, point to Settings, and then click Control Panel. 2. Open Add/Remove Programs. 3. Select IBM Tivoli Access Manager for Enterprise Single Sign-On Provisioning Adapter v5.0 and click Remove. 4. Follow the prompts to uninstall TAM E-SSO: Provisioning Adapter. 16

Reference and Troubleshooting Customization Notes Creating default access pages You can create HTML pages to provide end users with easy web access to TAM E- SSO: Provisioning Adapter Administrative Console. Here is an example of the HTML markup for an end user access page: <html> <head> <title>v-go PM Console</title> <style> body { font-family: Verdana; font-size: 12px; text-align: Center } h1 { font-size: 18px } </style> </head> <body> <h1>v-go Provisioning Manager</h1> <!--substitute the host computer name or http-protocol address for yourhost --> <p><a href="yourhost/v-go PM Console/overview.aspx"> v-go PM Administrative Console</a> </p> </body> </html> You can then create and distribute desktop shortcuts or Internet Explorer favorites to access this page. You can also make your access page the default (home) page for the host Web server ("yourhost," in the example URLs above). To do this, follow these steps: 1. Open IIS Manager. 2. Right-click the Default Web Site, and choose Properties from the shortcut menu. 3. Click the Documents tab. 4. Make sure the Enable default content page option is checked (note the name of the first-listed default page) then click OK. 5. Place your access page in the root folder of the default Web site and rename it as the default content page. Note the link URL can now be relative to the root (e.g., href="v-go PM Console"). 6. Use these URLS in an access page or shortcut to access Administrative Console functions; again substitute you host server name for "yourhost": <a href="yourhost/v-go PM Console/overview.aspx">Overview</a> <a href="yourhost/v-go PM Console/storage.aspx">Storage Settings</a> <a href="yourhost/v-go PM Console/users.aspx">Users</a> <a href="yourhost/v-go PM Console/eventLog.aspx">Event Log</a> <a href="yourhost/v-go PM Console/report.aspx">Report</a> 17

Installation and Configuration Notes Please review the following installation and configuration notes: o TAM E-SSO: Provisioning Adapter does not support File Sync o Multiple Locators require an Entlist at each locator site o Using AD/ADAM and IIS Web Services on different servers o Installing ASP.NET 1.1 with Windows 2000 SP4: "Access is Denied" error o Windows Installer Error 1720 o Internet Security settings (Windows 2003 users) o Internet Security settings (Windows Domain and Citrix MetaFrame users) Multiple Locators require an Entlist at each locator site If two users are stored in different containers, a matching application configuration list (entlist) must exist in each locator site in order for provisioning to work down to the client. The matching entlists must exist under both containers that store the user credentials. Using AD/ADAM and IIS Web Services on different servers If IIS and Active Directory (or the ADAM-instance) are on different computers, then you must provide the IIS Web services with a user account that is in the same domain as (or a trusted domain of) AD/ADAM, and that is provided with read/write access to the directory. Installing ASP.NET 1.1 with Windows 2000 SP4: "Access is Denied" error When you install ASP.NET 1.1 on a computer running on a Windows 2000 Server domain controller with Service Pack 4 (SP4) installed, the built-in IWAM user account (used by IIS Web services with ASP) is not granted "Impersonate User" rights for ASP.NET 1.1. A request for any ASP resources, including TAM E-SSO: Provisioning Adapter, can produce an "Access is denied" error message. Microsoft has acknowledged that this is an issue in SP4 (Knowledge Base article 824308), and provides the following workaround to manually assign "Impersonate a client after authentication" to the IWAM account: 1. Click Start, point to Programs, point to Administrative Tools, and then click Domain Controller Security Policy. 2. Click Security Settings. 3. Click Local Policies, and then click User Rights Assignment. 4. In the right pane, double-click Impersonate a client after authentication. 5. In the Security Policy Setting window, click Define these policy settings. 6. Click Add, and then click Browse. 7. In the Select Users or Groups window, select the IWAM account name, click Add, and then click OK. 8. Click OK, and then click OK again. 18

9. To enforce an update of computer policy, type the following command: secedit /refreshpolicy machine_policy /enforce 10. At a command prompt, type iisreset. Windows Installer Error 1720 Error 1720 occurs during TAM E-SSO: Provisioning Adapter client software installation when the logged-on user does not have sufficient rights to install software on the workstation. You must log on to workstation as a user with Administrator rights or contact support personnel. Internet Security settings (Windows 2003 users) The default settings for Windows 2003 Internet Security are more stringent than those for Windows 2000 and XP. If Internet Explorer Enhanced Security Configuration is enabled (on by default in Windows 2003), you must add the TAM E- SSO: Provisioning Adapter Web Console URL to the workstation's Trusted Sites Internet Zone or the Local Intranet Zone in order to use TAM E-SSO: Provisioning Adapter without issues. Internet Security settings (Windows Domain and Citrix MetaFrame users) In order for Windows domain users and Citrix MetaFrame users to access TAM E- SSO: Provisioning Adapter, you must add the TAM E-SSO: Provisioning Adapter Web service to the workstation's Local Intranet zone. 19

Appendix. Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user s responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106-0032, Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Copyright IBM Corp. 1996, 2006 1

Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 78758 U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. All statements regarding IBM s future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy, modify, and distribute these sample programs in any form without payment to IBM for the purposes of developing, using, marketing, or distributing application programs conforming to IBM s application programming interfaces. 2 IBM Tivoli Access Manager for Enterprise Single Sign-On: Provisioning Adapter Installation and Setup Guide

If you are viewing this information softcopy, the photographs and color illustrations may not appear. Trademarks The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both: AIX DB2 IBM IBM logo Tivoli Tivoli logo Universal Database WebSphere z/os zseries Lotus is a registered trademark of Lotus Development Corporation and/or IBM Corporation. Domino is a trademark of International Business Machines Corporation and Lotus Development Corporation in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, and service names may be trademarks or service marks of others. Appendix. Notices 3

4 IBM Tivoli Access Manager for Enterprise Single Sign-On: Provisioning Adapter Installation and Setup Guide

Printed in USA SC32-0155-00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback