Tivoli Access Manager for Enterprise Single Sign-On

Similar documents
Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

IBM Tivoli Access Manager for Enterprise Single Sign-On: Authentication Adapter Version 6.00 September, 2006

Release Notes. IBM Tivoli Identity Manager Rational ClearQuest Adapter for TDI 7.0. Version First Edition (January 15, 2011)

IBM Tivoli OMEGAMON DE for Distributed Systems

IBM Tivoli OMEGAMON XE for R/3

Release Notes. IBM Security Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

Release Notes. IBM Tivoli Identity Manager Oracle PeopleTools Adapter. Version First Edition (May 29, 2009)

Release Notes. IBM Tivoli Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

Release Notes. IBM Tivoli Identity Manager Universal Provisioning Adapter. Version First Edition (June 14, 2010)

IBM Tivoli Directory Server Version 5.2 Client Readme

Workplace Designer. Installation and Upgrade Guide. Version 2.6 G

Netcool/Impact Version Release Notes GI

iscsi Configuration Manager Version 2.0

IBM Tivoli AF/Remote

Migrating Classifications with Migration Manager

Limitations and Workarounds Supplement

IBM Tivoli Monitoring for Databases. Release Notes. Version SC

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide IBM

IBM Maximo for Aviation MRO Version 7 Release 6. Installation Guide IBM

IBM WebSphere Sample Adapter for Enterprise Information System Simulator Deployment and Testing on WPS 7.0. Quick Start Scenarios

IBM Maximo for Service Providers Version 7 Release 6. Installation Guide

IBM Tivoli Identity Manager Authentication Manager (ACE) Adapter for Solaris

IBM Directory Server 4.1 Release Notes

Getting Started with InfoSphere Streams Quick Start Edition (VMware)

IBM Tivoli OMEGAMON XE for Databases

CONFIGURING SSO FOR FILENET P8 DOCUMENTS

Networking Bootstrap Protocol

Patch Management for Solaris

Tivoli Access Manager for Enterprise Single Sign-On

IBM Spectrum LSF Process Manager Version 10 Release 1. Release Notes IBM GI

Printing Systems Division. Infoprint Manager for AIX NLV Release Notes

Tivoli Endpoint Manager for Patch Management - AIX. User s Guide

Integrated use of IBM WebSphere Adapter for Siebel and SAP with WPS Relationship Service. Quick Start Scenarios

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

IBM Rational Synergy DCM-GUI

Configuring IBM Rational Synergy to use HTTPS Protocol

Chapter 1. Fix Pack 0001 overview

IBM License Metric Tool Version Readme File for: IBM License Metric Tool, Fix Pack TIV-LMT-FP0001

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

Release Notes. IBM Tivoli Identity Manager I5/OS Adapter. Version First Edition (January 9, 2012)

IBM Endpoint Manager Version 9.1. Patch Management for Ubuntu User's Guide

IBM Maximo Calibration Version 7 Release 5. Installation Guide

Printing Systems Division. Infoprint Manager for Windows NLV Release Notes

Best practices. Starting and stopping IBM Platform Symphony Developer Edition on a two-host Microsoft Windows cluster. IBM Platform Symphony

Build integration overview: Rational Team Concert and IBM UrbanCode Deploy

Platform LSF Version 9 Release 1.1. Migrating on Windows SC

Release 6.2 Installation Guide

Version 1.2 Tivoli Integrated Portal 2.2. Tivoli Integrated Portal Customization guide

Platform LSF Version 9 Release 1.3. Migrating on Windows SC

IBM Maximo Spatial Asset Management Version 7 Release 6. Installation Guide IBM

IBM Storage Driver for OpenStack Version Installation Guide SC

Oracle Enterprise Single Sign-on Password Reset. Client Installation and Setup Guide Release E

IBM License Metric Tool Enablement Guide

Development tools System i5 Debugger

IBM. Tivoli Usage and Accounting Manager (ITUAM) Release Notes. Version GI

IBM Operational Decision Manager Version 8 Release 5. Configuring Operational Decision Manager on Java SE

IBM Decision Server Insights. Installation Guide. Version 8 Release 6

IBM Integration Designer Version 8 Release 5. Hello World for WebSphere DataPower Appliance IBM

IBM Security QRadar Version Customizing the Right-Click Menu Technical Note

Limitations and Workarounds Supplement

Using application properties in IBM Cúram Social Program Management JUnit tests

IBM Operations Analytics - Log Analysis: Network Manager Insight Pack Version 1 Release 4.1 GI IBM

Version Release Notes GI

Lotus Forms Designer 3. What s New

IBM Maximo Spatial Asset Management Version 7 Release 5. Installation Guide

IBM BladeCenter Chassis Management Pack for Microsoft System Center Operations Manager 2007 Release Notes

IBM Directory Integrator 5.1.2: Readme Addendum

Installing Watson Content Analytics 3.5 Fix Pack 1 on WebSphere Application Server Network Deployment 8.5.5

IBM Maximo Spatial Asset Management Version 7 Release 5. Installation Guide

Tivoli Switch Analyzer

IBM Storage Driver for OpenStack Version Release Notes

Installation and User s Guide

IBM Storage Driver for OpenStack Version Installation Guide SC

Application and Database Protection in a VMware vsphere Environment

System i. Networking RouteD. Version 5 Release 4

IBM Operational Decision Manager. Version Sample deployment for Operational Decision Manager for z/os artifact migration

Rational Focal Point Technical Overview 2(15)

A Quick Look at IBM SmartCloud Monitoring. Author: Larry McWilliams, IBM Tivoli Integration of Competency Document Version 1, Update:

IBM Content Analytics with Enterprise Search Version 3.0. Expanding queries and influencing how documents are ranked in the results

Limitations and Workarounds Supplement

IBM Netcool/OMNIbus 8.1 Web GUI Event List: sending NodeClickedOn data using Netcool/Impact. Licensed Materials Property of IBM

IBM Security QRadar Version Forwarding Logs Using Tail2Syslog Technical Note

IBM Optim. Compare Introduction. Version7Release3

Express Edition for IBM x86 Getting Started

IBM Kenexa LCMS Premier on Cloud. Release Notes. Version 9.3

RSE Server Installation Guide: AIX and Linux on IBM Power Systems

IBM Extended Command-Line Interface (XCLI) Utility Version 5.2. Release Notes IBM

IBM. Networking INETD. IBM i. Version 7.2

IBM emessage Version 8.x and higher. Account Startup Overview

IBM Maximo Calibration Version 7 Release 6. Installation Guide

IBM Worklight V5.0.6 Getting Started

SMASH Proxy Version 1.0

Transcription:

Tivoli Access Manager for Enterprise Single Sign-On Version 6.0 DPRA Installation and Setup Guide GC23-6351-00

Tivoli Access Manager for Enterprise Single Sign-On Version 6.0 DPRA Installation and Setup Guide GC23-6351-00

Note: Before using this information and the product it supports, read the information in Notices, on page 17. First Edition (January 2007) This edition applies to version 6.0 of this adapter and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright International Business Machines Corporation 2007. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Installing TAM E-SSO: Desktop Password Reset Adapter Service... 3 System platform requirements... 3 Installation Steps... 4 Step by step: Install TAM E-SSO: Desktop Password Reset Adapter Server... 6 Step-by-Step: Assign password reset permission to Reset Service... 8 Step-by-Step: Restrict Management Console Access... 8 Installing the TAM E-SSO: Desktop Password Reset Adapter Client... 9 Client system requirements... 9 Client installation settings... 9 Installing the client at the command line...10 Reference and Troubleshooting... 11 Installation and Configuration Notes...11 Compatability Issues...12 TAM E-SSO: Desktop Password Reset Adapter Registry Settings...13 Additional Procedures...14 13 February 2006 2 of 2

Installing TAM E-SSO: Desktop Password Reset Adapter Service System platform requirements The following products must be installed on one or more physical servers running Windows 2000 or 2003 server, with Microsoft.NET Framework version 1.1 or later. One of the following for the TAM E-SSO: Desktop Password Reset Adapter repository: TAM E-SSO: Desktop Password Reset Adapter can use one of the following as the repository for the password-reset challenge questions, and the enrolled users, and their responses. Microsoft Active Directory or Active Directory Application Mode (ADAM). The Active Directory server or ADAM instance (that is, Active Directory running as a user service) can be on any server and in any domain, see the Note below. Also see Step by step: Install an ADAM instance on page 14 for more information. Microsoft SQL Server Oracle Database For the TAM E-SSO: Desktop Password Reset Adapter Service Microsoft Internet Information Server (IIS), version 5.0 or later. TAM E-SSO: Desktop Password Reset Adapter uses the IIS Web server to provide a browser-based interface for user enrollment, password-reset challenge, and general setup and administrative tasks. The TAM E- SSO: Desktop Password Reset Adapter server application and IIS must reside on the same server. Note: If IIS and Active Directory (or the ADAM-instance) are on different computers, then the Anonymous Logon for IIS Web Services (Step 2 below) must be a user account in the same domain as (or a trusted domain of) Active Directory or the ADAM instance, and provided with read/write access to Active Directory or the ADAM instance. Installer Requirements To install TAM E-SSO: Desktop Password Reset Adapter, you will need to have Administrative privileges for the TAM E-SSO: Desktop Password Reset Adapter/IIS server. You will need to provide the following information to configure ADAM: localhost port name1[.name2.name3] The host name of the server for Active Directory the ADAM instance the port number of Active Directory or he ADAM instance The distinguished name of the AD/ADAM domain root. 13 February 2006 3 of 3

Installation Steps Follow these steps to install and configure the TAM E-SSO: Desktop Password Reset Adapter service. Refer to the detailed, step-by-step instructions for more information. Step 1. Install the TAM E-SSO: Desktop Password Reset Adapter server program files Run one of the TAM E-SSO: Desktop Password Reset Adapter Server installers: TAM E-SSO Desktop Password Reset Adapter Server.exe or TAM E-SSO Desktop Password Reset Adapter Server.MSI See step by step instructions, page 6. Step 2. Create or identify a user account for Anonymous logon Create or identify a user account that will be the dedicated Anonymous User account through which TAM E-SSO: Desktop Password Reset Adapter users and administrators access Web Services. This Anonymous User account, referred to in this guide as SSPRweb, should be a member of the Administrators group Notes: Because the default Anonymous User account for a Web services, IWAM (for Windows 2000) or IUSER (Windows 2003), is not a member of the Administrator group, you must create or choose a domain user account that is an Administrator; this will allow the account to perform these tasks: Start, stop, and change services. Read from/write to Active Directory, ADAM-instance, SQL Server, or Oracle database. Write to the local-machine registry (HKLM). To create a new user account or assign Administrator rights to an existing account, use the Active Directory Users and Computers console (for an Active Directory domain) or the Computer Management console (for non-ad domains). The user account you create or choose is specified as the Anonymous User dialog of the Services tool when you complete Step 4 below. Step 3. Create or identify a user account for the Reset Service Create or identify a Service Account; this is the domain account that the TAM E-SSO: Desktop Password Reset Adapter uses to log on as a service. The Reset Service user account, referred to in this guide as SSPRadmin, must have password-reset permission. Notes: Because the default user account for a service, typically "LocalSystem," does not have passwordchange permission, you must create or select a domain user account that does have this permission. This can be an Administrator account (with full permissions) or a non-administrator user account with this specific permission only. To grant this permission to a non-administrator account, see Step-by-Step: Assign password reset permission to Reset Service on page 8 To create a new user account or assign Administrator rights to an existing account, use the Active Directory Users and Computers console (for an Active Directory domain) or the Computer Management console (for non-ad domains). The user account you create or specify appears in the Log On As column of the Services tool when you complete Step 4 below. 13 February 2006 4 of 4

Step 4. Configure the Reset Service Open Internet Explorer and enter this address: http://serverhost/vgoselfservicereset/managementclient/webservice.aspx The TAM E-SSO: Desktop Password Reset Adapter Management Console opens, displaying the Web Service Account dialog page. (Within the Management Console, click the System tab to display this dialog page). Type the User Name and Password of the Anonymous Logon account you created or identified in Step 2. Type the password again to Confirm, then click Submit. Click Storage. Enter the requested connection information for Active Directory, ADAM, SQL Server, or Oracle Database. Select Initialize Storage for SSPR. For Connect As, type the user name of an administrator of the directory server. Type the administrator password and click Submit. Click Reset Service. Type the User Name and Password of the Reset Service user account you created or identified in Step 3. Type the password again to Confirm, then click Submit. Step 5. Restrict Management Console access Set the access permission for the folder \Program Files\v-GO SSPR\Management Client to only those users who should have administrative rights to TAM E-SSO: Desktop Password Reset Adapter Management Console. See step by step instructions, page 8. Step 6. Deploy the TAM E-SSO: Desktop Password Reset Adapter client software See step by step instructions, page 9. 13 February 2006 5 of 5

Step by step: Install TAM E-SSO: Desktop Password Reset Adapter Server 1. Double click the Setup icon (TAM E-SSO Desktop Password Reset Adapter Server.exe or TAM E-SSO Desktop Password Reset Adapter Server.MSI) The Choose Program Language dialog appears. Make selection and click [OK]. 2. The Install Wizard appears. Click [Next]. 3. Select I accept the terms in the license agreement and click [Next]. 4. Click [Next]. 13 February 2006 6 of 6

5. Click [Install]. 6. When the installation is complete, click [Finish]. 13 February 2006 7 of 7

Step-by-Step: Assign password reset permission to Reset Service 1. Open the Active Directory Users and Computers console snap-in. 2. Right-click Users in the left pane and select Delegate Control from the shortcut menu. The Delegation of Control Wizard appears. Click [Next]. 3. The Users or Groups page appears. Click [Add] to display the Select Users or Groups dialog box. 4. Select the TAM E-SSO: Desktop Password Reset Adapter Admin from the list box and click [Add], then click [OK] to close the Select Users dialog box. Click [Next]. 5. For Active Directory Object Type, select Only the objects in the folder, then select User objects from the list. Click [Next]. 6. For Permissions, select General, then select Reset Password from the list. Click [Next]. 7. Click [Finish] to complete the Wizard. Step-by-Step: Restrict Management Console Access 1. Open Windows Explorer and navigate to x:\program Files\v-GO SSPR\ 2. Right-click the Management Client and select Properties from the shortcut menu. 3. In the Properties dialog, Click the Security tab. 4. Click [Advanced] 5. Click Inheritable rights for Users to clear the selection. A dialog appears. 6. Click Copy then click [OK] 7. In the Security tab, remove unauthorized users, then click [OK] 8. Click [Add]. 9. Select Object Type [Users, Groups, or Built-in security principle] 10. Select From this Location [the server name] and click [OK] 11. Choose an Advanced search and select IIS_WPG (for Windows 2003) or IIS_WAM (for Windows 2000). Click [OK] Note: All permissions except Full should be checked under the Allow column. 13 February 2006 8 of 8

Installing the TAM E-SSO: Desktop Password Reset Adapter Client The TAM E-SSO: Desktop Password Reset Adapter Client Installer supplies the components needed to run TAM E-SSO: Desktop Password Reset Adapter through the Windows interface. It also sets the registry values that point the TAM E-SSO: Desktop Password Reset Adapter client to the enrollment and reset service and, optionally, offers or obliges workstation users to enroll in the password reset service. Installation can be performed with the Windows Install Wizard or at the command line. The installer package TAM E-SSO Desktop Password Reset Adapter Client.msi can also be customized with site-specific settings using any standard MSI package editor, such as InstallShield AdminStudio or Wise Package Studio. Client system requirements Windows 2000 or XP Professional, with Internet Explorer 6.0 SP1 or later. Client installation settings The settings Enroll URL, Reset URL, Check Enroll URL, Check Force Enroll URL and Check Status URL must be set during installation. These settings are URLs that point the TAM E-SSO: Desktop Password Reset Adapter client to the appropriate Web service resources for enrollment and password reset. The optional settings, Automatic Enroll and Force Enrollment, control whether a workstation user is asked or required to enroll in the password reset service at their next logon. These optional values can be set using command-line installation or by modifying the installer package; they are not added by the Install Wizard on the client. Setting Enroll URL Reset URL CheckEnrollURL Type the URL of the Enrollment service default page http://host/vgoselfservicereset/enrollmentclient/enrollments.aspx Type the URL of the reset service default page http://host /vgoselfservicereset/resetclient/default.aspx Type the URL of the Enrollment check service (checks if user is enrolled) http://host/vgoselfservicereset/resetclient/checkenrollment.aspx CheckStatusURL Automatic Enroll Force Enrollment Type the URL of the status check service (checks for SSPR service availability) http://host /vgoselfservicereset/resetclient/checkstatus.aspx Set to 1 to offer enrollment option to unenrolled user at next logon. Set to 0 (default) not to offer enrollment upon logon. Set to 1 to require unenrolled user to enroll at next logon. Set to 0 (default) not to require enrollment upon logon. If set to 1 this option overrides AutomaticEnroll. 13 February 2006 9 of 9

Installing the client at the command line TAM E-SSO: Desktop Password Reset Adapter Client can be installed as a DOS command, using the following command syntax: msiexec /i [/q] c:\sspr_client.msi programurls [enrolloption] /q Quiet mode: suppress all installer user interface messages. Refer to the description of other Windows Installer command line options for msiexec at http://msdn.microsoft.com. programurls (required): REG_CHECKENROLLURL=" http://host/vgoselfservicereset/resetclient/checkenrollment.aspx" REG_ENROLLURL="http://host/vgoselfservicereset/enrollmentclient/enrollments.aspx" REG_RESETURL=" http://host /vgoselfservicereset/resetclient/default.aspx" REG_CHECKSTATUSURL="http://host /vgoselfservicereset/resetclient/checkstatus.aspx" where: host is the server name (or domain name/ip address) and path of the folder that holds the TAM E-SSO: Desktop Password Reset Adapter service root folder. enrolloption (select one) REG_ AUTOMATICENROLL={1 0} 1 Set AutomaticEnroll on (to offer enrollment in the password reset service to user at the next system logon). 0 Set AutomaticEnroll off (default, no enrollment offered). REG_ CHECKFORCEENROLLURL={1 0} 1 Set ForceEnrollment on (to require users to enroll in the password reset service at their next logon). 0 Set ForceEnrollment off (default, no enrollment required). If selected, this option overrides AutomaticEnroll. Example: The following command (on a single line) installs the client and points it to the password reset service. It also requires end users at this workstation to enroll the next time they logon. msiexec /i c:\sspr_client.msi REG_CHECKENROLLURL="http://sspr.passlogix.com/vgoselfservicereset/ resetclient/checkenrollment.aspx"reg_enrollurl="http://sspr.passlogix.com/vgoselfservicereset/ enrollmentclient/enrollments.aspx"reg_reseturl="http://sspr.passlogix.com/vgoselfservicereset/ resetclient/default.aspx"reg_statusurl="http://sspr.passlogix.com/vgoselfservicereset/resetclient/ checkstatus.aspx"reg_forceenrollment=1 13 February 2006 10 of 10

Reference and Troubleshooting Installation and Configuration Notes Using AD/ADAM and IIS Web Services on different servers If IIS and Active Directory or the ADAM-instance are on different computers, then you must provide the IIS Web services with a user account that is in the same domain as (or a trusted domain of) AD/ADAM, and that is provided with read/write access to the directory. Installing ASP.NET 1.1 with Windows 2000 SP4: "Access is Denied" error When you install ASP.NET 1.1 on a computer running on a Windows 2000 Server domain controller with Service Pack 4 (SP4) installed, the built-in IWAM user account (used by IIS Web services with ASP) is not granted "Impersonate User" rights for ASP.NET 1.1. A request for any ASP resources, including TAM E-SSO: Desktop Password Reset Adapter can produce an "Access is denied" error message. Microsoft has acknowledged that this is an issue in SP4 (Knowledge Base article 824308), and provides the following workaround to manually assign "Impersonate a client after authentication" to the IWAM account: 1. Click Start, point to Programs, point to Administrative Tools, and then click Domain Controller Security Policy. 2. Click Security Settings. 3. Click Local Policies, and then click User Rights Assignment. 4. In the right pane, double-click Impersonate a client after authentication. 5. In the Security Policy Setting window, click Define these policy settings. 6. Click Add, and then click Browse. 7. In the Select Users or Groups window, select the IWAM account name, click Add, and then click OK. 8. Click OK, and then click OK again. 9. To enforce an update of computer policy, type the following command: secedit /refreshpolicy machine_policy /enforce 10. At a command prompt, type iisreset. Windows Installer Error 1720 Error 1720 occurs during TAM E-SSO: Desktop Password Reset Adapter client software installation when the logged-on user does not have sufficient rights to install software on the workstation. You must log on to workstation as a user with Administrator rights or contact support personnel. Group Security Policy: Password History setting should be increased TAM E-SSO: Desktop Password Reset Adapter makes use of the password history setting of the Windows 2000 Group Security Policy. You should allow for one additional prior password in addition to the Enforce password history setting. For example, if the setting is 3 (ensuring that a user s last three prior passwords cannot be reused), TAM E-SSO: Desktop Password Reset Adapter uses one of these, so the actual setting is 2. A higher setting for Enforce password history is recommended for optimal security. 13 February 2006 11 of 11

Internet Security settings (Windows 2003 users) The default settings for Windows 2003 Internet Security settings are more stringent than those for Windows 2000 and XP. You must add the TAM E-SSO: Desktop Password Reset Adapter Web service to the workstation's Trusted Sites Internet zone or the Local Intranet zone in order to use TAM E-SSO: Desktop Password Reset Adapter as a Windows 2003 client. Internet Security settings (Windows Domain and Citrix MetaFrame users) In order for Windows domain users and Citrix MetaFrame users to access TAM E-SSO: Desktop Password Reset Adapter, you must add the TAM E-SSO: Desktop Password Reset Adapter Web service to the workstation's Local Intranet zone. Compatability Issues Fast User Switching not available (Windows XP users only) Installing the TAM E-SSO: Desktop Password Reset Adapter client on Windows XP disables the Fast User Switching feature, which allows multiple users to be logged on to a computer at the same time and to switch among logons by pressing +L. This feature is unavailable because TAM E-SSO: Desktop Password Reset Adapter utilizes a custom GINA (Graphical Identification and Authentication) component that replaces the Microsoft default GINA dynalink library (Msgina.dll). To change logons on a Windows XP computer, a user must log off to allow the next user to logon. To do this, open Task Manager (CTRL+ALT+DELETE), and click Log off. 13 February 2006 12 of 12

TAM E-SSO: Desktop Password Reset Adapter Registry Settings TAM E-SSO: Desktop Password Reset Adapter Server Registry Under HKLM\Software\Passlogix\SSPR Key Value Name Data Type Data Storage StorageOrder string (REG_SZ) AD or ADAM Extensions Under HKLM\Software\Passlogix\SSPR\Storage\Extensions\ Key Value Name Data Type Data ADAM Root string (REG_SZ) ADAM partition root Classname string (REG_SZ) adam Under HKLM\Software\Passlogix\SSPR\Storage\ Extensions\ADAM\ Key Value Name Data Type Data Servers Server1 string (REG_SZ) server:port (of the ADAM instance) Under HKLM\Software\Passlogix\SSPR\Storage\Extensions\ AD Root string (REG_SZ) AD root Classname string (REG_SZ) ad Under HKLM\Software\Passlogix\SSPR\Storage\ Extensions\AD\ Key Value Name Data Type Data Servers Server1 string (REG_SZ) server:port TAM E-SSO: Desktop Password Reset Adapter Client Registry Under HKLM\Software\Passlogix\SSPR Key Value Name Data Type Data [URLRoot] : http://[host]/vgoselfservicereset WindowsInterface EnrollURL string (REG_SZ) URL of the Enrollment service default page: [URLroot]/enrollmentclient/enrolluser.aspx ResetURL string (REG_SZ) URL of the reset service default page: [URLroot]/resetclient/default.aspx StatusURL string (REG_SZ) URL of the checkstatus page (notifies reset client that reset service is available: [URLroot]/resetclient/checkstatus.aspx CheckEnrollURL string (REG_SZ) URL of Enrollment check service (checks if user is enrolled in service): [URLroot]/resetclient/checkenrollment.aspx AutomaticEnroll dword (REG_DWORD) Set to 1 to offer enrollment option to unenrolled user at next logon. Set to 0 (default) not to offer enrollment upon logon. ForceEnrollment dword (REG_DWORD) Set to 1 to require unenrolled user to enroll at next logon. Set to 0 (default) not to require enrollment upon logon. If set to 1 this option overrides AutomaticEnroll. CheckForceEnrollment string (REG_SZ) URL of Enrollment check service (sets number of times user can bypassforce Enrollment): [URLroot]/resetclient/checkforceenrollment.aspx 13 February 2006 13 of 13

Additional Procedures Install an ADAM instance 1. Start ADAMSetup.exe 2. Select A unique instance and click [Next] 3. Provide your Instance name and click [Next] 4. Specify port numbers of 10000 and 10001 (Ten thousand range, for easy recall) and click [Next] 13 February 2006 14 of 14

5. Specify the root DN (e.g., DC=SSPR, DC=Passlogix,DC=Com ) and click [Next]. 6. Specify an easy-to-find base location (e.g.; %RootDrive%\ADAM\Instance ) and click [Next] 7. Specify the run privileges and click [Next] 8. Specify the Administrative Permissions and click [Next] 13 February 2006 15 of 15

9. Select Do not import LDIF files for this instance of ADAM and click [Next] 10. Click [Next] as requested to proceed. 11. Click [Finish]. 13 February 2006 16 of 16

Appendix. Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user s responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106-0032, Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Copyright IBM Corp. 2007 17

Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged should contact: IBM Corporation 2ZA4/101 11400 Burnet Road Austin, TX 78758 U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. Trademarks The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both: AIX DB2 developerworks eserver IBM iseries Lotus Passport Advantage pseries RACF Rational Redbooks Tivoli WebSphere zseries Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. 18 IBM Tivoli Access Manager for Enterprise Single Sign-On: DPRA Installation and Setup Guide

Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a trademark of Linus Torvalds in the U.S., other countries, or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Other company, product, and service names may be trademarks or service marks of others. Appendix. Notices 19

20 IBM Tivoli Access Manager for Enterprise Single Sign-On: DPRA Installation and Setup Guide

Printed in USA GC23-6351-00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback