Tuesday, June 26, 2007

Stand-Alone configuration for TAM ESSO

I recently have been doing some work with TAM ESSO. Pretty cool product from Passlogix. The idea is that if you have many applications that users have to remember names and passwords for both client/server, web apps and even terminal applications you can use TAM ESSO to manage the user credentials for each of those apps. When you login to Windows, you must also login to TAM ESSO. TAM will detect when you attempt to access an application that requires a name and password and will login for your so that you are not prompted. Administrators can build templates for all the corporate apps and deploy these templates on an Active Directory Server. AD group membership can then be used to control who has access to which templates.

One of the problems I encountered early this week was in trying to deploy the TAM ESSO client stand alone while including the templates for applications in the stand alone client. The documentation is not very clear on a lot of things including this one so I figured I would go ahead and mention what I had to do.

First I had created templates for 3 applications (Web, Client/Server, and Terminal). Next, you need to click on Global Agent Settings and if you haven't already done so, Import from Live HKLM. Next, open the End-User Experience -> Environment key and select the check box for Location of entlist.ini file. Specify the path to the file including the file name. The default is:

C:\Program Files\Passlogix\v-GO SSO\Plugin\LogonMgr\entlist.ini

There are numerous settings that can be controlled here so make any other settings you desire to be packaged in the distributions MSI.

Next, to create the MSI click Tools -> Generate Customized MSI. Complete the fields similar to the following screen shot:

The BASE MSI file should be stored in the location where you extracted the TAM ESSO binaries. You can store your target MSI where you prefer. Obviously if you want applications templates to be included in the MSI then you will want to add the ones necessary for your purposes. The one part that I was not aware of until working with some other TAM folks was the Global Agent Settings. This must be done in order for the application template show up in the client agent. Once you click OK, your distribution MSI is complete.

This is definitely not one of the more complex areas of working with TAM ESSO, but it was a bit annoying when the documentation did not seem to spend much time on a stand-alone implementation. For folks who just simply want to try it out to get an idea how it works, there will not necessarily be an AD server or even ADAM for that matter.h


fthomas said...


First of all, thanks a lot for these very interesting articles.
I'm using Oracle Enterprise Single Sign-On (Logon Manager), and as we can see in your blog, it's really difficult to find something in the documentation.
I've successfully deployed the Administrative Console where the AD server is also running. A dedicated container is available for the config, the locator (name: default) refers to AD, and the Global Agent uses (I hope, because there are too much parameters) the correct settings for the synchronizatio.

When I try the synchronization from a user desktop (only the ESSO-Agent is installed)....there is absolutely no way to get the pre-configured applications from AD. I'm pretty sure that the connection with my AD server is wrong. Did you already try a syncho with AD in the backend? Waht did you use for the connection parameters (username AND user path)?

Thanks a lot in advance.

c u

Marco Z said...

Hi! I am having trouble with the client like this: I can distribute, I can - almost - sincronyze with an ADAM repository...
I see the TAMESSO icons, and the tray icon too, but when I try to use it - i.e. with Notes - it is just stuck there doing nothing...
So, at the end it doesnt work...
amy suggestion?

Anonymous said...

You may probably be very interested to know how one can make real money on investments.
There is no need to invest much at first.
You may begin to get income with a money that usually goes
on daily food, that's 20-100 dollars.
I have been participating in one company's work for several years,
and I'll be glad to share my secrets at my blog.

Please visit blog and send me private message to get the info.

P.S. I make 1000-2000 per daily now.

http://theinvestblog.com [url=http://theinvestblog.com]Online Investment Blog[/url]

Anonymous said...

i surely love your writing taste, very remarkable,
don't give up and keep posting mainly because it simply just nicely to look through it,
looking forward to look into much more of your content pieces, stunning day ;)

Anonymous said...

hi there, great web page
so how to create blog posts which smash in people:

honey said...

i am using oracle ESSO can you specify what are all the requiered configurations for generating an msi file...
like :passoligx
registery setting
global variable settings etc..........
my maill id is koribilli.mohankumar@gmail.com

pls respond to me