Friday, January 26, 2007

TAI++ Solved my WPM SSO problem

There's a really good Developerworks document on setting up TAI++ for WAS. I used this to configure SSO between WPM and WebSEAL. In my prior posting {Link} I described the problem I was having with TAI where some users could login to WPM via WebSEAL, but other users (most importantly sec_master) could not login.

So we decided to try TAI++ instead. I used this doc from Developerworks {Link} and it solved the problem quite nicely. One thing that I was stuck on for quite a while though was the WAS Configuration section where they have you configure the TAM Java Runtime environment. I originally skipped this section because it looked like it had to do with SSL and I had no intention of doing SSL between WebSEAL and WPM. I'm only dong SSL on WebSEAL. When a web browser hits WebSEAL the HTTPS is terminated and then it is HTTP from there so naturally if this section had to do with SSL then I figured I did not need to do it. The problem was when I started WAS the TAI++ would initialize and throw an error that it could not find PdPerm.properties. Well this file only gets created if you run SSL Configuration. I guess it doesn't mean you have to do SSL, it's just that the file doesn't get created unless you go through this configuration. On my WPM server I ran the following commands to set this up. Note that the document doesn't really mention anything about setting up the classpath.

// Setup the WAS environment:
wpm:/opt/IBM/WebSphere/AppServer/bin # . ./setupCmdLine.sh

// Setup the classpath:
wpm:/opt/IBM/WebSphere/AppServer/bin # CLASSPATH=$WAS_HOME/java/jre/lib/ext/PD.jar:$WAS_CLASSPATH

// Configure the AMJrte (Access Manager Java runtime environment)
wpm:/opt/IBM/WebSphere/AppServer/bin # java -cp $CLASSPATH -Djava.ext.dirs -Dpd.home="/opt/IBM/WebSphere/AppServer/java/jre/PolicyDirector" com.tivoli.pd.jcfg.PDJrteCfg -action config -was -host "FQDN of my policy server"

// If the above command works you should see something like this:
HPDBF0021E This Java Runtime Environment (/opt/IBM/WebSphere/AppServer/java/bin/../jre) has already been configured.
Unconfigure first then retry the command.
Configuration of Access Manager Runtime for Java is in progress.
This might take several minutes.
Configuration of Access Manager Runtime for Java completed successfully.

// Run SSL Configuration
wpm:/opt/IBM/WebSphere/AppServer/bin # java -cp $CLASSPATH -Dpd.cfg.home=$WAS_HOME/java/jre -Xnoargsconversion com.tivoli.pd.jcfg.SvrSslCfg -action config -admin_id sec_master -admin_pwd ******** -appsvr_id wpm -policysvr policysrv.whatever.com:7135:1 -port 7135 -authzsvr authsrv.whatever.com:7136:1 -mode remote -cfg_file $WAS_HOME/java/jre/PdPerm.properties -key_file $WAS_HOME/java/jre/lib/security/PdPerm.ks -cfg_action replace

Note: Make sure that the PdPerm.properties file is named exactly as it is here if you are running Unix/Linux as I am. I mistakenly named it PDPerm.properties and still had problems until the file name had the proper case.

10 comments:

Anonymous said...

Useful info..

Log on to http://ibmmiddleware.googlepages.com/ for latest updates,RSS,Videos,Documents,Demos,Downloads,Podcasts,Webcasts and Downloads on IBM WebSphere Products suite.

Anonymous said...

[url=http://sunkomutors.net/][img]http://sunkomutors.net/img-add/euro2.jpg[/img][/url]
[b]autocad help, [url=http://sunkomutors.net/]ms office application software[/url]
[url=http://sunkomutors.net/][/url] student discount software uk acedemic software
to buy the software for [url=http://sunkomutors.net/]soft cheap software[/url] cheap downloadable oem software
[url=http://sunkomutors.net/]nero move it[/url] buy software license
[url=http://sunkomutors.net/]microsoft office 2003 key generator[/url] to be a software reseller
download windows vista [url=http://sunkomutors.net/]good educational software[/b]

Anonymous said...

Good day !.
might , probably very interested to know how one can manage to receive high yields .
There is no need to invest much at first. You may start to get income with as small sum of money as 20-100 dollars.

AimTrust is what you thought of all the time
The firm incorporates an offshore structure with advanced asset management technologies in production and delivery of pipes for oil and gas.

It is based in Panama with affiliates around the world.
Do you want to become really rich in short time?
That`s your choice That`s what you really need!

I feel good, I began to take up income with the help of this company,
and I invite you to do the same. It`s all about how to select a proper partner who uses your savings in a right way - that`s it!.
I make 2G daily, and what I started with was a funny sum of 500 bucks!
It`s easy to get involved , just click this link http://ikelarafor.lookseekpages.com/yvukoni.html
and lucky you`re! Let`s take our chance together to become rich

Anonymous said...

Good day !.
You may , probably very interested to know how one can manage to receive high yields .
There is no need to invest much at first. You may start earning with as small sum of money as 20-100 dollars.

AimTrust is what you need
AimTrust represents an offshore structure with advanced asset management technologies in production and delivery of pipes for oil and gas.

Its head office is in Panama with offices everywhere: In USA, Canada, Cyprus.
Do you want to become really rich in short time?
That`s your choice That`s what you desire!

I`m happy and lucky, I started to get income with the help of this company,
and I invite you to do the same. It`s all about how to select a proper companion utilizes your money in a right way - that`s the AimTrust!.
I take now up to 2G every day, and my first investment was 500 dollars only!
It`s easy to start , just click this link http://yrohoreg.lookseekpages.com/ofegogu.html
and go! Let`s take our chance together to feel the smell of real money

Anonymous said...

Hi !.
might , perhaps very interested to know how one can reach 2000 per day of income .
There is no initial capital needed You may start to receive yields with as small sum of money as 20-100 dollars.

AimTrust is what you haven`t ever dreamt of such a chance to become rich
The firm incorporates an offshore structure with advanced asset management technologies in production and delivery of pipes for oil and gas.

It is based in Panama with affiliates everywhere: In USA, Canada, Cyprus.
Do you want to become an affluent person?
That`s your chance That`s what you really need!

I`m happy and lucky, I started to take up real money with the help of this company,
and I invite you to do the same. If it gets down to choose a proper companion utilizes your savings in a right way - that`s the AimTrust!.
I take now up to 2G every day, and my first investment was 500 dollars only!
It`s easy to get involved , just click this link http://syhunefi.fcpages.com/muxihe.html
and go! Let`s take our chance together to become rich

Anonymous said...

[url=http://vioperdosas.net/][img]http://sapresodas.net/img-add/euro2.jpg[/img][/url]
[b]adobe photoshop cs4 crack, [url=http://sapresodas.net/]buy microsoft server software[/url]
[url=http://vioperdosas.net/]filemaker pro tab layouts[/url] manager software canada software stores london
microsoft office professional 2007 student discount [url=http://sapresodas.net/]autocad reader[/url] discount software for educators
[url=http://vioperdosas.net/]starting coreldraw with rdp wheel mouse fails to work[/url] educator discounts on software
[url=http://sapresodas.net/]mobile educational software[/url] Pro Apple
banner academic software [url=http://vioperdosas.net/]buy sat nav software[/url][/b]

Anonymous said...

Vice versa.

Anonymous said...

Brim over I assent to but I think the brief should prepare more info then it has.

Anonymous said...

Look here…
---------------------------------------------------------
Signature:buy levitra professional online rrj

Anonymous said...

Here you are!
---------------------------------------------------------
Signature:lipitor 40mg djycb
cheap lexapro lpboh