Server User Manual

ManualsBrandsIBM ManualsServer5.1

IBM Tivoli Access Manager for e-business

BEA WebLogic Server

kU H;-

5.1

SA30-2210-00

򔻐򗗠򙳰

Summary of content (104 pages)

PAGE 1
IBM Tivoli Access Manager for e-business 򔻐򗗠򙳰 BEA WebLogic Server kU H;v| 5.
PAGE 2
PAGE 3
IBM Tivoli Access Manager for e-business 򔻐򗗠򙳰 BEA WebLogic Server kU H;v| 5.
PAGE 4
V! L $8M L $8! vxOB &0; gkOb |!, 71 dLvG NO C :VGgW;; P8JC@ JG(2003b 11y) L 3$G: u 3$G! 05N mCOv JB Q, IBM Tivoli Access Manager(&0 x# 5724-C08)G v| 5, 1.: 1, v$ gW 0 W pg DS 1.:M v$gW! {kKOY. © Copyright International Business Machines Corporation 2003. All rights reserved.
PAGE 5
qw -. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii L %G gkZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii L %G ;k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii |C -{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii 1.: $8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii b; $8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix % 8H $8 . . . . . . .
PAGE 6
Windows! 3! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 & & & & 3 e 8: }w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 N: Tivoli Access Manager Java Runtime Environment 8: . . . . . . . . . . . . . . . 2 N: startWebLogic! kQ CLASSPATH 3$ . . . . . . . . . . . . . . . . . . . . 3 N: Tivoli Access Manager for WebLogic 8: . . . . . . . . . . . . . . . . . . . Console Extension Web Application; gkO) Tivoli Access Manager for WebLogic 8:. . . . .
PAGE 7
AMWLSConfigure -action unconfig . . . . . . . . . . . . . . . . . . . . . . . . . . 66 AMWLSConfigure -action create_realm . . . . . . . . . . . . . . . . . . . . . . . . . 67 AMWLSConfigure -action delete_realm . . . . . . . . . . . . . . . . . . . . . . . . . 69 NO C. VGgW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 s% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 kn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 8
vi IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
PAGE 9
-. IBM® Tivoli® Access Manager for BEA® WebLogic Server®(LDNB Tivoli Access Manager for WebLogic)& gkOCT H M; /5UOY. L &0: IBM Tivoli Access ManagerG bI; .eO) BEA WebLogic Serverk8N [:H nC.I LG; vxUOY. IBM® Tivoli® Access Manager(Tivoli Access Manager)B IBM Tivoli Access Manager &0:!- nC.ILG; G`OB % JdQ b; RA.~nTOY. L & 0: IBM Tivoli Access Manager nC.ILG; kUO) $|'Q GQ N) W |. VgG; &xUOY. kU VgG8N GEGB Li &0: e-business nC. ILG; 'Q W.v) W nC.ILG 8H policy& _S }_D8N |.OB W <: &n |. VgG; &xUOY.
PAGE 10
L %G ;k L %: Y=z 0L 8:Gn V@OY. v & 1 e, “R3 W 3d” Tivoli Access Manager for WebLogicL &xOB Nu W GQ -q:G 3d& R3UOY. v & 2 e, “3! vCgW″ Tivoli Access Manager for WebLogic; 3!OB f}! kX 3mUOY. v & 3 e, ″8: }w” Tivoli Access Manager for WebLogic; 8:OB f}! kX 3mUOY. v & 4 e, “|. B:)” %C nC.ILG; gkOB f}! kX 3mOm, gk A, .&! Xa $8 W &QgW; &xUOY. v & 5 e, “&E vCgW” Tivoli Access Manager for WebLogic; &EOB f}! kX 3mUOY. |C -{ n2 %L 5rL GBv G0OAi Tivoli Access Manager sLj/., Uz Pn _ R % W |C %G 3m; KdOJC@.
PAGE 11
RA.~n &QgW, .& Xa 8f 3m W .- ;EgWz 0: VE $8& & xUOY. b; $8 v IBM Tivoli Access Manager b; 3! H;-(SA30-2207-00) Web Portal Manager NMdL:& wTQ Tivoli Access Manager b; RA. ~nG 3! W 8: f}! kX 3mUOY. L %: IBM Tivoli Access Manager for e-business % 8H 3! H;-G -j<.Lg, IBM Tivoli Access Manager for Business Integration W IBM Tivoli Access Manager for Operating Systems M 0: b8 Tivoli Access Manager &0z T2 gkOb 'Q %TOY.
PAGE 12
% -vk C/WN; gkO) % 5^N 8H; 'Q 3!, |. }w W bz | 6 $8& &xUOY. v IBM Tivoli Access Manager for e-business BEA WebLogic Server kU H;(SA30-2210-00) Tivoli Access Manager& BEA WebLogic ServerM kU! kQ 3!, &E W |. vCgW; &xUOY. v IBM Tivoli Access Manager for e-business IBM Tivoli Identity Manager Provisioning Fast Start Guide(SC32-1364-00) Tivoli Access Manager W Tivoli Identity Manager kU! |CH B:)G 3 d& &xOm Provisioning Fast Start ]:GG gk W 3! f}; 3mUOY.
PAGE 13
bz 8f 3mv IBM Tivoli Access Manager for e-business Command Reference(SC32-1354-00) Tivoli Access ManagerM T2 &xGB mI` /?.< W :)3.! |Q $ 8& &xUOY. v IBM Tivoli Access Manager Error Message Reference(SC32-1353-00) Tivoli Access Manager!- }:GB ^CvG 3mz Ge 6!& &xUOY. v IBM Tivoli Access Manager for e-business Problem Determination Guide(SC32-1352-00) Tivoli Access Manager! |Q .&! G0 $8& &xUOY. v IBM Tivoli Access Manager for e-business Performance Tuning Guide(SC32-1351-00) gkZ 9v:..
PAGE 14
v IBM Global Security Kit Secure Sockets Layer and iKeyman User’s Guide(SC32-1363-00) Tivoli Access Manager /f!- SSL kEL !IO5O h9OB W.v) GB C:[ 8H |.Z& 'Q $8& &xUOY. IBM Tivoli Directory Server IBM Tivoli Directory Server, v| 5.2B gkOB n5 <&G IBM Tivoli Access Manager Directory Server CD! wTGn V@OY . V: IBM Tivoli Directory ServerB L|! Y=G L'8N 1.:Gzx RA.~ nG uNn L'TOY. v IBM Directory Server(v| 4.1 W v| 5.1) v IBM SecureWay Directory Server(v| 3.2.2) IBM Directory Server v| 4.1, IBM Directory Server v| 5.
PAGE 15
IBM WebSphere Application Server! |Q _! $8B Y=!- #; v V@O Y. http://www.ibm.com/software/webservers/appserv/infocenter.html IBM Tivoli Access Manager for Business Integration IBM Tivoli Access Manager for Business Integration: 05N V.R v VB & 08N, IBM MQSeries® v| 5.2 8H VgGz IBM WebSphere® MQ v| 5.3 ^Cv& &xUOY. IBM Tivoli Access Manager for Business Integration: [v E nC.ILGz ,|H 0& gkO) WebSphere MQSeries nC.ILGL As LvCM +a:; !vm %LM& [ER v V5O UOY.
PAGE 16
http://www.ibm.com/software/tivoli/products/access-mgr-bus-integration/ IBM Tivoli Access Manager for WebSphere Integration Broker, v| 5.1! kQ Y= |C .-B Tivoli Information Center % gL.!- gkR v V@OY.
PAGE 17
http://www.ibm.com/software/tivoli/products/identity-mgr/ BsN -{ W<: &0 sLj/.G -{: Y= Tivoli software library! PDF GB HTML |D8 N in V@OY. http://www.ibm.com/software/tivoli/library &0 sLj/.! W<:OAi Product manuals 5)& )#JC@. Tivoli Software Information Center! VB &0 L'; #F )#JC@. &0 -{: 3!Ob |!, 3! H;-, gkZ H;-, |.Z H;- W 3_Z | 6-& wTUOY. V: PDF .-& NbR fl, Adobe Acrobat Nb k- sZ(DO → Nb& )#i %CJ)!- dLv! B_b& 1CO) NbOJC@. /v W<: bI /v W<: bI: E?L RmOE* C" eV n E<{ aTL VB gkZ! R A.~n &0; gkR v V5O 5M]OY.
PAGE 18
L %! gkH T" L %!-B /v knM 6!, n5<&0 mIz fN! kX )/ T"; gkUO Y. [Z< T" L %!-B Y=z 0: [Z< T"L gkKOY. =T X:. ;! %CGB R.Z W kR.Z %U mI, 0ve, E3/v, IG, Java ,!: L' W @j'.B =T %CKOY. boSC /v, -{ &q, -6OB }L* \nB boSCN %CKOY. pk:dL: X:. ;! %CGB p:d., DO, bB, mI`, Ze 9&, C:[ ^C v, TBX_ OB X:. W Nv* GB mI IG: pk:dL:N %C KOY. n5<&! {% /v W fN L %!-B p:d. %b W /f /v v$! UNIX T"; gkUOY. Windows mI; gkR flB, /f /vG $variable; %variable%N YYm, p:d. fN G =!C(/)& i=!C(\)N YYJC@.
PAGE 19
& 1 e R3 W 3d Tivoli Access Manager for WebLogic: Tivoli Access ManagerG 8H bI; g kO) BEA WebLogic Server nC.ILG! kQ W<:& 8#OB Tivoli Access Manager! kQ .eTOY. BEA WebLogic Server Security Service Provider Interface& gkR fl, Tivoli Access Manager for WebLogic: Tivoli Access Manager! |.OB gkZ 9v:..& gkO) ,sLp.& NuUOY. IBM Tivoli Access Manager WebSEAL(WebSEAL) GB IBM Tivoli Access Manager Plug-in for Web Server& gkO) O] gkZ L[ gN B! kQ vx; &xO 5O Tivoli Access Manager for WebLogicG 8H bI; .eR v V@OY.
PAGE 20
KOY. Tivoli Access Manager GQ -q:B xC Tivoli Access Manager -v W -eD<(third-party) nC.ILGG W<: d;! kQ ck W EN& a$U OY. WebSEAL: % b] Zx! kQ Tivoli Access Manager Zx 8H |.ZTOY. WebSEAL: 8# % Zx!
PAGE 21
Tivoli Access Manager Security Service Provider Interface 8:d R Tivoli Access Manager for WebLogic: [:H b; 8H |'& " BEA WebLogic Server 8H 5^Nz YYm Y=z 0: BEA WebLogic Server 8H &xZ& & xUOY. v Nu &xZ v GQ &xZ v *R JN &xZ Tivoli Access Manager for WebLogic: b; BEA WebLogic Server GQ $8 JN 8H &xZ W b; 0:dn& gkUOY. '! *-H " &xZB GQ WebLogic \V; kX 8: m}; R v VT OB Management Bean(MBean); wTUOY. F!G }!-B Li " &xZ W MBeanL &xOB bI! kX Z
PAGE 22
WebLogic: Z< NWN pb; &xOB%, L pb: Tivoli Access Manager Java 18S 8:dR& gkO) Tivoli Access Manager Authorization Server! kX NuUOY. v Nu MBean WebLogic \V; kX Nu &xZ& 8:R v V5O UOY. GQ gkZ! Tivoli Access Manager for WebLogic \V .e; gkO) gkZ& _!Om h&OB Mz 0: gkZ 9v:.. |. B:)& v`R v V5O UOY. GQ &xZ GQ &xZB BEA WebLogic ServerM \N GQ -q: #G NMdL:& &xU OY. GQ &xZB BEA WebLogic Server Zx! kQ W<:! ckGBv GB ENGBv )N& G0UOY. W<: a$: Tivoli Access Manager Java 18S 8 :dR& gkO) PhH PDPermission ,!:& gkO) [:KOY.
PAGE 23
Policy W *R h! Policy W *R; h! p:)3M! $GOE* WebLogic \V; kX [:R v V @OY. J2EE nC.ILGG h! C, nC.ILG h! p:)3M ;! $GH * R W policyB Tivoli Access Manager 8# @j'. x#8N ]bKOY. Tivoli Access Manager |. /?.
PAGE 24
Li Tivoli Access Manager 8# @j'. AWLJ L': Tivoli Access Manager for WebLogic8N 8:H /: DO; gkO) O|w 8:I v V@OY. {spg BEA WebLogic Server W b8 nC.ILG -v& ?OQ Tivoli Access Manager 5^N ;! 8:R v V@OY. LB pg nC.ILG -v /|G *R W policy! kQ }_H '!& [:R v V5O UOY. Tivoli Access Manager Nu gk Tivoli Access Manager& gkO) \N gkZ GB ;N gkZ! kQ Nu; & xR v V@OY. \N gkZ! kQ Nu: WebSEAL GB Tivoli Access Manager Plug-in for Web ServersG L[ gN B bI! G8UOY. V{G W.
PAGE 25
WebSEAL: gkZ L' W O#, Nu-, gkZ L' W RSA SecureID GB gkZ $G Nu ^?OrG Nu ^Re& vxUOY. WebSEAL: d;H URL W Tivoli Access Manager W<: policy! {s Z < GQ a$; {kUOY. WebSEAL: mAgW(9: h$ /?:, C# W Nu ^?Or); {kR v V@OY. 3. gkZG URL d;L GQ N)H D, WebSEAL: L& WebLogic -vN | ^UOY. d;!B \N gkZ L'z b; Nu lu ;G /v O#! wTK OY. /v O#B sso_user! SOg Security Service Provider Interface! WebSEAL; d; @.x8N .NR v V5O UOY. sso_user! kQ Z
PAGE 26
Y= qO!-B 'G W2! %CH AN<:! kX 3mUOY. 1. ;N gkZ! 8# Zx! kQ W<:& d;UOY. 2. WebLogic gkZ Nu pbL gkZG ID& Security Service Provider Interface N 8@OY. 3. Security Service Provider InterfaceB Nu d;; gkZ 9v:..N 8@O Y. NuL OaGi, Security Service Provider InterfaceB L gkZ L'; NuH gkZN- WebLogic -vN .OUOY. 4. d;; GQ N)Ob 'X BEA WebLogic ServerB vg NuH gkZ(F65 GQL N)Gv J:)! d;H Zx! W<:R v V5O GQL N)GzBv )N& G0OB Tivoli Access Manager for WebLogic GQ &xZ!T 68U OY.
PAGE 27
W<: a$: Tivoli Access Manager for WebLogicz T2 &xGB Tivoli Access Manager Authorization Server N8L2U. -q: GB Tivoli Access Manager Policy Server& gkO) v`R v V@OY. Tivoli Access Manager Policy Server 8:: GP W :IG \O v! .& '. ! W:. /f!-8 gkX_ UOY. N8L2U. -q:B ANvG /f!- g kG5O /$OT 3_Gz@OY. Z
PAGE 28
10 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
PAGE 29
& 2 e 3! vCgW L e: Y= V&N 8:Gn V@OY. v :vxGB C'{; v :p:) W ^p. d8gW; v 12 dLvG :g| 3! RA.~n; v 14 dLvG :3! 6}g& gkO) 3!; v 17 dLvG :xC /?.<& gkO) 3!; vxGB C'{ Tivoli Access Manager for WebLogic, v| 5.1: Y=; vxUOY. v BEA WebLogic Server v| 7.0 SP2 v BEA WebLogic Server v| 8.1 SP1 Tivoli Access Manager for WebLogic: L 1.:! kQ gkZ $G |'& vx Ov J@OY. kE, L kU: BEA WebLogic Server SSPI(Security Service Provider Interface)& vxUOY. Tivoli Access Manager for WebLogic: Y= n5 <&!- vxKOY. v IBM AIX 5.
PAGE 30
BEA WebLogic Server W b8 Tivoli Access Manager 8:dR! v$H Jv ^p. L\! JdQ ^p. gTOY. _! 64MB RAM: 3L :I; V{-O B % gkKOY. Y% Tivoli Access Manager 8:dR! JdQ ^p. g: #:. C:[! 3 !H Tivoli Access Manager 8:dR! {s ^s}OY. Z
PAGE 31
Tivoli Access Manager WebSEAL GB Tivoli Access Manager Plug-in for Web Servers Tivoli Access Manager WebSEAL(WebSEAL) W Tivoli Access Manager Plug-in for Web Servers(C/WN): Tivoli Access Manager for WebLogicL gkR v V B % b] 8H -q:& &xUOY. Li nC.ILGL 3! OaGi BEA WebLogic Server L[ gN B VgG; &xOB % gkR v V@OY. WebSEAL GB C/WN: Tivoli Access Manager for WebLogic; 3!Ob 'Q g| 3! RA.~n! FUOY. W/* L[ gN B VgG; d8R fl!B J dUOY.
PAGE 32
Tivoli Access Manager Java 18S Tivoli Access Manager for WebLogic; #:.R C:[! Tivoli Access Manager b;G Tivoli Access Manager Java 18S v| 5.1 /f; 3! W 8:X_ UO Y. Tivoli Access Manager Java 18S /f: Java b] Nu W GQ bI; &xU OY. Java ,!:B BEA WebLogic Server! gkOB JRE(Java Runtime Environment)& .eUOY. Tivoli Access Manager for WebLogic; #:.R C:[! Tivoli Access Manager Java Runtime Environment& 8:Ob |! Tivoli Access Manager 8H 5^N; .3X_ UOY.
PAGE 33
5. Windows C:[!- G` _N pg ANW%; >aOJC@. 6. BEA WebLogic Server& C[OJC@. UNIX /WLS_install_dir/user_projects/domain_name/ startWebLogic.sh Windows C:\WLS_install_dir\user_projects\domain_name/ startWebLogic.cmd 7. BEA WebLogic Server WebLogic_install_dir/server/bin p:d.!- Y = :)3.& G`O) CLASSPATH W PATH /v& 3$Q D WebLogic .jars& CLASSPATH, bin W lib p:d.! _!OJC@. UNIX .setWLSEnv.sh Windows setWLSEnv.cmd 3! 6}g& G`Ob |! BEA WebLogic ServerM T2 &xH Java G` DOL C:[ fN!- G U! VBv .NOJC@. 8.
PAGE 34
3! 6}g! C[Gn 16 dLvG :install_amwls IG;! 3mH kN 8: $8! kQ ARA.& %CUOY. \ Windows C:[!-B Tivoli Access Manager for WebLogic! kX b; 3! p:d.& $CX_ UOY. V: L $8& &xOi(GB b;*; $COi), u Ls 3TGv Jm 8:d R! 3!Gm 8:KOY. 3! 6}gG G !!B 3!H 8:dR, C5H 8:gW W Oa )N& 8) VB d` -iL %CKOY. 3!! OaGzv8 8:L GPH fl, 23 dL vG & 3 e :8: }w;G \h! {s Tivoli Access Manager for WebLogic ; v?8N 8:OE* Y= \h& hS v`R v V@OY. 9. BEA WebLogic Server& _vOJC@. 10. 3! ANW%L AMSSPIProviders.
PAGE 35
% 1. install_amwls 3! 6}g 8: IG (hS) Policy Server w. x#* Policy Server! d;; NDOB w. x 7135 #. b; w. x#B 7135TOY. Authorization Server #:. L'* Tivoli Access Manager Authorization Server #:. L' Authorization Server w. x#* Authorization Server w. x# TrueN 3$R fl AMWLS5.1 \V .e h! 7136 true WebLogic 5^N |.Z* BEA WebLogic Server 5^NG |.Z. L gkZB WebLogic 5^N; [:R ' .3Gz@OY. WebLogic 5^N |. O#* WebLogic 5^N |.
PAGE 36
3. IBM Tivoli Access Manager Web Security for AIX CD& CD esLj! V8 JC@. 4. ) ARA.! Y= mI; TBOJC@. installp -acgNXd cd_mount_point/usr/sys/inst.images PDWLS V: 3! ANW%L AMSSPIProviders.jar DO; /bea_install_dir/ weblogic/server/lib/mbeantypes p:d.! 9g_Bv !KOJC@. L p:d.! Xg DOL 8gOv J; fl /amwls_install_dir/lib!- v ?8N DO; 9gOJC@. 5. W1 Y= Tivoli Access Manager for WebLogic; 8:OJC@. 23 dLvG & 3 e :8: }w;N L?OJC@ HP-UX! 3! VG HP-UX C'{! 3!R ' Tivoli Access Manager for WebLogic: BEA WebLogic Server v| 7.
PAGE 37
P. \h! OaGz=; *8;B ^Cv! %CKOY. G` \h! C[J; * 8;B Y% ^Cv! %CKOY. DOL CD!- _bGn Oe p:)! 3!K OY. G` \h! OaGz=; *8;B ^Cv! %CKOY. swinstall /?. aKOY. V: 3! ANW%L AMSSPIProviders.jar DO; /bea_install_dir/ weblogic/server/lib/mbeantypes p:d.! 9g_Bv !KOJC@. L p:d.! Xg DOL 8gOv J; fl, /amwls_install_dir/lib!v?8N DO; 9gOJC@. 5. W1 Y=, Tivoli Access Manager for WebLogic; 8:OJC@. 23 dLvG & 3 e :8: }w;N L?OJC@ Solaris! 3! Tivoli Access Manager for WebLogic; 3!Oi P0v 8:!- DOL _bKO Y.
PAGE 38
V: 3! ANW%L AMSSPIProviders.jar DO; /bea_install_dir/ weblogic/server/lib/mbeantypes p:d.! 9g_Bv !KOJC@. L p:d.! Xg DOL 8gOv J; fl, /amwls_install_dir/lib!v?8N DO; 9gOJC@. 5. W1 Y=, Tivoli Access Manager for WebLogic; 8:OJC@. 23 dLvG & 3 e :8: }w;N L?OJC@. Windows! 3! Tivoli Access Manager for WebLogic; 3!Oi P0v 8:!- DOL _bKO Y. Tivoli Access Manager for WebLogic DO; 3!OAi InstallShield setup.exe & gkOJC@. InstallShield! OaGi 23 dLvG & 3 e :8: }w;G vC gW; gkO) Tivoli Access Manager for WebLogic; 8:OJC@.
PAGE 39
DO 9g C[ "L -3OY. 9. %CH 3! '!! CY%v .NQ D Y=; )#JC@. DOL p:)N _bKOY. DOL 3!Gz=; K.B ^Cv! %CKOY. 10. Oa& -/ 3! ANW%; >aOJC@. 11. 3! ANW%L AMSSPIProviders.jar DO; c:\bea_install_dir\weblogic\server\lib\mbeantypes p:d.! 9g_B v !KOJC@. L p:d.! Xg DOL 8gOv J; fl, c:\amwls_install_dir\lib!- v?8N DO; 9gOJC@. 12. W1 Y=, Tivoli Access Manager for WebLogic; 8:OJC@. 23 dLvG & 3 e :8: }w;N L?OJC@.
PAGE 40
22 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
PAGE 41
& 3 e 8: }w Tivoli Access Manager for WebLogic; 8:OAi Y=G ""! 3mH vCgW ; OaOJC@. v :& 1 N: Tivoli Access Manager Java Runtime Environment 8:; v 25 dLvG :& 2 N: startWebLogic! kQ CLASSPATH 3$; v 26 dLvG :& 3 N: Tivoli Access Manager for WebLogic 8:; v 29 dLvG :& 4 N: Tivoli Access Manager |' 8:; v 32 dLvG :& 5 N: BEA WebLogic Server L[ gN B 8:; v 34 dLvG :& 6 N: ,/:MH /f; wTO) BEA WebLogic Server Y_ -v /f!- Tivoli Access Manager for WebLogic 8:; v 34 dLvG :& 7 N: 8: W:.
PAGE 42
ezInstall; G`Ob |! BEA WebLogic ServerM T2 &xH Java G` DO L C:[ fN!- G U! VBv .NOJC@. 3. Tivoli Access Manager Java Runtime EnvironmentB BEA WebLogic ServerM T2 &xGm 3!H JDK! kX 8:Gn_ UOY. L& v`OAi Y=z 0 L OJC@. a. Tivoli Access Manager 3! fN!- p:d.& sbin p:d.N /fOJ C@. 9& ii, Y=z 0@OY. UNIX: /opt/PolicyDirector/sbin Windows: C:\Program Files\Tivoli\Policy Director\sbin b. Y=z 0L pdjrtecfg mI; G`OJC@.
PAGE 43
pdjrtecfg gk! kQ Z
PAGE 44
& 3 N: Tivoli Access Manager for WebLogic 8: Tivoli Access Manager for WebLogic: mI`; gkO) 8:OE* Tivoli Access Manager Console Extension Web Application; gkO) 8:R v V@OY. L i N !v IG! kQ
PAGE 45
f. h! ks; 1CQ D 8: W %C& )#JC@. Console Extension Web ApplicationL :x{8N h!GzBv !KOAi ^ J -i PR"G h! zu& n!JC@. % nC.ILG zu& n!JC@. AMWLSConsoleExtensions! qO! %CGn_ UOY. GQ \V % nC. ILG .e; |3Oi \V "G ^J! %CH BEA WebLogic Server = v PR"! Tivoli Access Manager FL\; _!UOY. 5. Tivoli Access Manager 5^N; 8:OAi BEA WebLogic Server =v PR "G Access Manager FL\; )#JC@. 6. 8: -iL %CKOY. pg Jv $8 W 1C{ E3/v& TBOJC@. TB R $8! kQ vCgW: F!G %& |6OJC@. config 6!! gk !IQ IGL F!G %! *-KOY. 9 x0 %!B Jv IGL *-KOY.
PAGE 46
mI`!- Tivoli Access Manager for WebLogic 8: 1. BEA WebLogic Server& C[OJC@. UNIX /WLS_install_dir/user_projects/domain_name/startWebLogic.sh Windows C:\WLS_install_dir\user_projects\domain_name\startWebLogic.cmd 2. Tivoli Access Manager for WebLogic; 8:OAi Y= mI; G`OJC@. V: DO _b _ Tivoli Access Manager for WebLogicL GeH '!! 3! Gv J: fl(L| e!- 3mQ kN), AMWLSConfigure :)3.G AMSSPI_DIR /v& ]eC G& 3! p:d.G '!N 3$OJC@. 6y !vN, WebLogicL b; '!! 3!Gv JR8i, WLS_JAR /v& ALWLSConfigure :)3.! VB WebLogic.
PAGE 47
Y= %!B config 6!! kQ 1C{ IGL *-KOY. IG L' 3m deploy_extension trueN 3$R fl, Tivoli Access Manager for Web Logic Server \V .e; h!UOY. b;*: trueTOY. wls_server_url NC WebLogic -v! kQ URL; v$UOY. b;*: t3://localhost:7001TOY. pdmgrd_port Tivoli Access Manager Policy Server w. x# pdacld_port Tivoli Access Manager Authorization Server w. x# am_domain Tivoli Access Manager 5^NG L'; v$UOY. b;*: DefaultT OY. amwls_home Tivoli Access Manager for WebLogic Server 3! p:d.! kQ fN & v$UOY.
PAGE 48
5. u Access Manager |'! CYN bIOBv W:.OAi, @%J -i PR" G Access Manager zu ;! VB gkZ W Wl FL\! Tivoli Access Manager gkZ 9v:..G WqL wTGn Vn_ UOY. V: LL 8gOB SSO gkZ& v$_v8 b8 gkZ! kX $.Ov J: O# & TBQ fl, |' [: 6!! OaGbB Ov8 SSOB %CGv J@OY. L/Q fl, Tivoli Access Manager for WebLogic rbpf.properties DO! - {}Q Wq; ;EO) SSO& 1T gk !IOT R v V@OY. rbpf.properties! kQ Z
PAGE 49
group_dn_suffix Console Extension Web Application; kX Wl; [:R ' gk R 80 L'(DN) "Ln& v$UOY. admin_group ;N 8: k5! gkR Tivoli Access Manager Wl; v$UOY. V: O#B TBR Jd! x8g kE 6!! v`Gb |! ARA.N %CKO Y. L8T Oi O#! mI w:d.! 2T Gv J@OY. Y= %!B create_realm 6!! kQ 1C{ IGL *-KOY. IG L' 3m user_dn_prefix Console Extension Web Application; kX gkZ& [:R ' gkR 8 0 L'(DN) "Nn& v$UOY. group_dn_prefix Console Extension Web Application; kX Wl; [:R ' gkR 8 0 L'(DN) "Nn& v$UOY.
PAGE 50
4. u Access manager |'! CYN bIOBv W:.OAi ^J PR "G Access Manager zu ;! VB gkZ W Wl FL\! Tivoli Access manager gk Z 9v:..G WqL wTGn Vn_ UOY. & 5 N: BEA WebLogic Server L[ gN B 8: L }!-B WebSEAL GB Tivoli Access Manager Plug-in for Web Servers& gkO) BEA WebLogic Server! kQ L[ gN B; 8:OB AN<:! kX 3mUOY. L[ gN B 8:; 8vOv J8AB fl L }; +CR v V@O Y. WebSEAL W Tivoli Access Manager Plug-in for Web ServersB 8H W L[ g N B; -N Y% f}8N 8vOm -N Y% C:[ 86& gkUOY.
PAGE 51
V: Tivoli Access Manager 8H 5^N! VB pg C:[!- L \h& v` R v V@OY. WebSEAL C:[!-B L& G`R Jd! x@OY. 9& in, Tivoli Access Manager Policy Server C:[!- L& G`R v V @OY. -b IG; gkO) junction ks URL; &xX_ UOY. LB L[ gN B! JvTOY. 9& in, Y= mI; Q mI`! ,SX- TBOJC@. pdadmin> server task webseald_server_name create -t tcp -p WebLogic_Server_listen_port -h WebLogic_Server -b supply junction_target Y= %!-B ' pdadmin mIG /v& $GUOY. % 2. pdadmin mI! kQ IG IG 3m webseald_server_name WebSEAL -vG L'.
PAGE 52
[common-modules] post-authzn = BA W1 Y=, [BA} :DZ! VB add-hdr W supply-password E3/v& "" BA W sso_userG O#N 3$OJC@. o, Y=z 0L OJC@. [BA] add-hdr = supply supply-password = sso_pwd Tivoli Access Manager Plug-in for Web Servers 8:! kQ Z
PAGE 53
Tivoli Access Manager for WebLogic L[ gN B VgG; gkOi BEA WebLogic Server! kX gkZ& umOT NuOB WebSEAL; kX L[ Nu \h& v`R v V@OY. %p nC.ILG; G`O) NuL CYN 8:GzB v .NR v V@OY. %p nC.ILG: 41 dLvG :%p nC.ILG gk; ! 3mGn V@OY.
PAGE 54
36 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
PAGE 55
& 4 e L[ gN B gk !I Tivoli Access Manager WebSEAL; gkQ L[ gN B Tivoli Access Manager for WebLogic: b8 Tivoli Access Manager &0(9: Tivoli Access Manager WebSEAL, Tivoli Access Manager Plug-in for Web Servers W Tivoli Access Manager Plug-in for Edge Server)!-G % L[ gN B; vxU OY. WebSEALz BEA WebLogic Server #G EZ |hB 8:H HTTP b; Nu dummy O#& gkO) Lgn}OY. gkZ $G 8H |' NMdL:& 8vOB L|G Tivoli Access Manager for BEA WebLogic Server &0!-B L[ gN B; v`Ob 'X L/Q ?OQ f}; gk_@OY.
PAGE 56
1. gkZB WebSEALL vxOB Nu ^?Or(9: gkZ L'/O# GB ,sL p. Nu); gkO) WebSEAL! kX NuUOY. W1 Y=, gkZB BEA WebLogic Server Zx! kQ d;; &bUOY. 2. WebSEAL: -b supply IG; gkO) BEA WebLogic Server! kQ $G 8N 8:KOY. WebSEAL: Y=; wTOB b; Nu lu& gkO) BEA WebLogic ServerN d;; |^UOY. v WebSEAL Nu gkZ ID(YLnW%!- user-1) v webseald.confG basicauth-dummy-passwd. LB '!- p^H qP O# TOY. 3. BEA WebLogic ServerB Ku; 'X Tivoli Access Manager for WebLogic Nu &xZ!T gkZ ID W qP O#& |^UOY. 4.
PAGE 57
& 5 e |. B:) L e: Tivoli Access Manager for WebLogic! kQ Y= $8N 8:Gn V@O Y. v :Tivoli Access Manager Authorization Server!- N8L2U. -q: gk; v 40 dLvG :Tivoli Access Manager for WebLogic!- gkZ W Wl |.; v 41 dLvG :%p nC.ILG gk; v 43 dLvG :gk A; v 44 dLvG :38 C5 NWB policy; v 45 dLvG :Tivoli Access Manager |' h&; v 46 dLvG :Tivoli Access Manager for WebLogic 8: X&; v 46 dLvG :.&! Xa A; v 47 dLvG :&QgW; Tivoli Access Manager Authorization Server!- N8L2U.
PAGE 58
Tivoli Access Manager for WebLogicL N8L2U. -q:& gk _Nv .NO Ai Y= \h& v`OJC@. 1. Tivoli Access Manager for WebLogic #:.!- Tivoli Access Manager Authorization Server #:.N rbpf_ent_pos_browser x/ sLj/.& 9g Q D, C:[ PATH! '!Q SGG p:d.! V8JC@. rbpf_ent_pos_browser x/ sLj/.B Y=G Tivoli Access Manager for WebLogic #:.!- #; v V@OY. UNIX /opt/PolicyDirector/lib Windows c:\Program Files\Tivoli\pdwls\bin 2. Tivoli Access Manager Authorization #:.!- Y= '!! VB ivacld.conf DO; )JC@.
PAGE 59
gkZ FL\; 1COi gkZ |. dLv! %CKOY. L dLv!- Y=; v `R v V@OY. v Tivoli Access Manager for WebLogic gkZ& *-R v V@OY. v 30 gkZG
PAGE 60
doPost() ^ReB L' #bZ! ServletRoleL N)GzBv ANW%8N .N OB _! 8H bI; !}OY. L& gkOi \O % 8:dR ;! ANW% W 1p 8H; QY W:.R v V@OY. GQ !K; v`OAi HTTPRequest.isUserInRole() ^Re& gkUOY. EJB 8:dRG < !v 8H 9': Y=z 0L 3mR v V@OY. v 1p 8H: EJBRoleLsB ejb-jar.xml h! p:)3M ;! \O *RL $GKOY. weblogic-ejb-jar.xml h! p:)3MB EJBRole Wlz BankMembersEJB Wl #G A0C^ JN; $GUOY. ejb-jar.xml h! p:)3MG ^Re G Q: gkZ! getBalance() ^Re! W<:OAi ]eC EJBRole *RL N )Gn_ QYB M; *8@OY. v ANW% 8H: getBalance() ^ReB #bZ! EJBRoleL N)GzBv ANW%8N .
PAGE 61
http://WebLogic_Server_host:WebLogic_Server_listening_port/pddemo/PDDemo '! $GH Banker gkZ _ O*N NuOJC@. WebLogic_Server_hostB BEA WebLogic Server C:[G #:. L'TOY. WebLogic_Server_listening_portB BEA WebLogic Server! ND _N w.T OY. 6. BankMembersServlet Wl! VB gkZ8 Servlet! W<:R v VBv Ku OJC@. 7. BankMembersEJB WlG 8:xN NuH gkZ! ZEG k1:& < v V v8 Y% gkZG k1:& < v xBv KuOJC@. WebSEAL L[ gN B; W:.OAi Y= \h& OaOJC@. 1. Y= URL! W<:OJC@.
PAGE 62
& v$OB 8H 8: 3$; /v8vUOY. gkZB N 3$ _!- [: 3 $! GX aiOY. 9& in, WebLogic -v! 5xG NWN GP& ckOv 8 Tivoli Access Manager! < xG NWN GP8 ckO5O 8:H fl, g kZB < xG NWN GP D aiOY. 38 C5 NWB policy LDAP b] Tivoli Access Manager 3!! gkR v VB 38 C5 NWB policy& gkOi Vk NWB C5 GP =v W dN< a] C#; v$O) D;M O# x ]; 9fR v V@OY. PolicyB NWB C5 GP! u 8invbnv O$ C# kbX_ OB 6G; [:UOY. 9& in, policyB 38G GP C5& vCR v V8g W Z!B 180JG dN
PAGE 63
Y= pdadmin mI: LDAP 9v:..! kX gkR '8 {}UOY. % 3. pdadmin LDAP NWB policy mI mI 3m policy set max-login-failures {number|unset} [-user username] policy get max-login-failures [-user username] dN
PAGE 64
V: DO _b _ Tivoli Access Manager for WebLogicL Ge '!! 3!Gv J : fl, AMWLSConfigure :)3.G AMSSPI_DIR /v& ]eC G& 3! p:d.G '!N 3$OJC@. 6y!vN, WebLogicL b; '!! 3!Gv JR8i, WLS_JAR /v& ALWLSConfigure :)3.! VB WebLogic.jar G CY% '!N ;EOJC@. Tivoli Access Manager for WebLogic 8: X& Tivoli Access Manager for WebLogic; 8: X&OAi Y=; v`OJC@. 1. BEA WebLogic Server! C[GzBv .NOJC@. 2. Tivoli Access Manager |'! h&GzBv .NOJC@. 45 dLvG :Tivoli Access Manager |' h&;& |6OJC@. 3.
PAGE 65
b; Nu; gkR ' L/Q @y! _}R fl, 'G ^Cv! FQ Nu
PAGE 66
6. Tivoli Access ManagerB b;{8N N C# ?H gkZ GQ $8& 3CUO Y. PdPerm.propertiesG appsvr-credcache-life /:; ;EO) L C# * ; 8:R v V@OY. 7. WebLogic Server Console Extension! kQ Tivoli Access Manager Plug-in for Web Servers GB WebSEAL!- L[ gN BL vxGv J@OY. W/* N M]!- W<:OB gkZB O]{8N WebLogic -v \V; gkR v x8 GN LB + .&! Gv J@OY. KAx .&! W .&Xa f} 1. Active Directory gkZ 9v:..& gkO) 3!Oi Nu nC.ILG; h !R ' .&! _}R v V@OY. L .&!: Administrator Wl W C:[ gkZ! kX OeZeH *R JN! GQ MTOY.
PAGE 67
& 6 e &E vCgW L e!-B IBM Tivoli Access Manager for WebLogic Server& &EOB f}! kX 3mUOY. Y= }G vCgW; OaOJC@. v :Solaris!- &E; v 50 dLvG :Windows!- &E; v 50 dLvG :AIX!- &E; v 51 dLvG :HP-UX!- &E; Solaris!- &E Tivoli Access Manager for WebLogicG &E& x`Ob |! Tivoli Access Manager |'& h&Om Tivoli Access Manager for WebLogic; 8: X&_Bv .NOJ C@. Li B:)G v`! kQ Z
PAGE 68
Windows!- &E Tivoli Access Manager for WebLogicG &E& x`Ob |! Tivoli Access Manager |'& h&Om Tivoli Access Manager for WebLogic; 8: X&_Bv .NOJ C@. Li B:)G v`! kQ Z
PAGE 69
HP-UX!- &E Tivoli Access Manager for WebLogicG &E& x`Ob |! Tivoli Access Manager |'& h&Om Tivoli Access Manager for WebLogic; 8: X&_Bv .NOJ C@. Li B:)G v`! kQ Z
PAGE 70
52 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
PAGE 71
NO A. /: DO |6 Tivoli Access Manager for WebLogic; 8:Om |'& [:R ' TBGB %L MB /: DO! zeKOY. Li /: DO: Tivoli Access Manager for WebLogic G [?; /fOB % gkR v V@OY. /: DO: java_home/amwls/wls_domain_name/wls_realm_name/! 8gUOY. )b- wls_domain_name: 8:H BEA WebLogic Server 5^NG L'Lm wls_realm_name: L 5^N ;! 8:H BEA WebLogic Server |'G L'TO Y. Y=z 0L < 3G /: DOL V@OY. v amsspi.properties BEA WebLogic Server! /$Q SSPI bI! kQ 8: /:L in V@OY. v rbpf.properties Tivoli Access Manager for WebLogic! kQ 8: /:L in V@OY.
PAGE 72
com.tivoli.amwls.sspi.config.DeployerGroupProp*** b;*: DeployersTOY. b;{8N, BEA WebLogic Server!B W 3G |. WlL VB%, L /:: gkZ! Deployers |. WlG L'; Deployers L\G Y% L'8N /fR v V5O UOY. com.tivoli.amwls.sspi.config.MonitorGroupProp*** b;*: MonitorsTOY. b;{8N, BEA WebLogic Server!B W 3G |. WlL VB%, L /:: gkZ! Monitors |. WlG L'; Monitors L\G Y% L'8N /fR v V5O UOY. com.tivoli.amwls.sspi.config.OperatorGroupProp*** b;*: OperatorsTOY. b;{8N, BEA WebLogic Server!B W 3G WlL VB%, L /:: gkZ! Operators |.
PAGE 73
com.tivoli.amwls.sspi.Authentication.ssoPasswdExpiry b;*: 120(P)TOY. L /:: SSO EZ IDG NuL 3CGB C#(P) ; v$UOY. L C#L OaGi, SSO gkZB Y= x SSO C5 C Tivoli Access Manager! kX NuKOY. com.tivoli.amwls.sspi.RoleMapper.EnableWebProgRolecheck b;*: trueTOY. L /:: % ANW%D *R !K; gk !I GB g k R!IOT UOY. L /:: |.Z! % nC.ILG! kQ ANW% D 8H; x v V5O UOY. com.tivoli.amwls.sspi.RoleMapper.EnableEjbProgRolecheck b;*: trueTOY. L /:: EJB ANW%D *R !K; gk !I GB gk R!IOT UOY. L /:: |.Z! EJB! kQ ANW%D 8H; x v V5O UOY. com.tivoli.
PAGE 74
com.tivoli.pd.as.rbpf.PosRoot*** b;*: WebAppServerTOY. L /:: Tivoli Access Manager for WebLogic! VB pg *R W Zx! kQ @j'. x#G }k g.TO Y. com.tivoli.pd.as.rbpf.ProductId*** b;*: WLSTOY. L /:: PosRoot *z aUO) pg *R W Zx ! kQ @j'. x#G g.& |:UOY. com.tivoli.pd.as.rbpf.AMActionGroup*** b;*: WebAppServerTOY. L /:: Tivoli Access Manager for WebLogic W<: a$L !KR 6!& zeOB % gkGB 6! WlG b ; L'TOY. com.tivoli.pd.as.rbpf.AMAction*** b;*: #b(invoke)! kQ iTOY.
PAGE 75
PdPerm.properties * appsvr-credcache-lifeB GQ $8! PDJRTE! 3 CGB C#; a$QYB !; VvOJC@. Tivoli Access Manager for WebLogic: PDJRTE!- pg GQ $8& .8UOY. {s- L *L appsvr-credcache-life8Y {; fl, LB Tivoli Access Manager for WebLogicL PDJRTE!- 3CH GQ $8& KvR ' cDa}OY. com.tivoli.pd.as.cache.EnableStaticRoleCaching b;*: trueTOY. L /:: ${ *R 3L; gk !I GB gk R! IOT UOY. ${ `R 3CB |. *R! kQ `$ W N$ *R 8:x ; 3COB % gkKOY. L 3CB WqL 8aGv JB M; &\OmB ?{ *R 3CM ?OUOY. LB L/Q *R! kQ 8:xL /fGv J 8GN |. *RG :I; 31UOY. com.
PAGE 76
com.tivoli.pd.as.cache.ObjectCache.MaxResources b;*: 10000TOY. L /:: 3C! VB pg v6! kQ Q Wq v & v$UOY. L }Z& NumBucketsN *)i " v6G Vk )b! a $KOY. com.tivoli.pd.as.cache.ObjectCache.ResourceLifeTime b;*: 20TOY. L /:: @j'. 3C!- @j'.! 88GB C#(P) ; v$UOY. com.tivoli.pd.as.rbpf.UncheckedRoles b;*: Unchecked, AmasUnckeched, AnonymousTOY. L /:: 0%N 8PH J2EE 1C kR *R qO; v$UOY. *-H *R _!- BEA WebLogic Server Zx! kQ W<:! N)Gv J: *RL VB fl, p g gkZB n2 8k *RL 7NGzBv! |hxL L! kQ W<:& N)^@OY. gkZM Wl: Li *R! _!I v x@OY.
PAGE 77
com.tivoli.pd.as.rbpf.PropagateChildRole*** b;*: falseTOY. |.ZB L /:; gkO) s' 9'! $GH *R 8:x(9: [Nz *R)! [:H /fgWL O' *R(9: nC.ILG 9 'G *R)!5 [:GBv )N& v$R v V@OY. o, userA& [Nz * R RoleA! _!R ' userA& GQ nC.ILG 9'G RoleA! _!UO Y. L8T Oi *R 8:x; ;ER ' CopyParentRole; bsC0m u *F! *R 8:x sS; {kUOY. O]{8N L /:: CopyParentRole z ?OQ *8N 3$Gn_ UOY. com.tivoli.pd.as.rbpf.UseEntitlements b;*: falseTOY. L /:: n2 *R! n2 Zx! kQ W<:! N) GzBv! |Q $8& v}OB % Tivoli Access Manager Authorization ServerG N8L2U.
PAGE 78
amwlsjlog.properties amwlsjlog.properties DO: %X JLog /: DOTOY. L DO: Tivoli Access Manager for WebLogicz PDJRTE!- ^Cv |^ W _{; &nOB % gkK OY. amwlsjlog.properties DO! wTH /:L kNP L %G q{! {UOv J8 GN L }!-B pg /:; *-Ov J@OY. L DO!- ^Cv |^ W _{; gk GB gk R!IOT R v V@OY. amwlsjlog.properties DOG Wq: h~ 86{TOY. )/ 8:dR! kQ N k; Qx! QE* \O 8:dR! kX Nk; S v V@OY. Nk; QAi, \xw Nk; gk !IOT OAB 8:dR! isLogging /:; _ !OJC@. F!! *-H Wq: Tivoli Access Manager for WebLogicL vxO B _{ W ^Cv |^ 8:dRTOY.
PAGE 79
8:dR 3m AMSSPIAuthnMessageLogger Tivoli Access Manager for WebLogicG Nu & xZ! kQ ^Cv |^ AMSSPIRoleMapperMessage Logger Tivoli Access Manager for WebLogicG *R J N &xZ! kQ ^Cv |^ AMSSPIResourceManager MessageLogger Tivoli Access Manager for WebLogic ;G Zx |.Z! kQ ^Cv |^ 'G " 8:dRB baseGroup traceLogger W baseGroup messageLogger& . eUOY. {s-, /: DO!- LiG /:: Y= 9&M /gOT *83OY. baseGroup.AMSSPIAuthnMessageLogger.
PAGE 80
62 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
PAGE 82
AMWLSConfigure -action config Tivoli Access Manager for WebLogic Server& 8:UOY. 8.
PAGE 83
-remote_acl_user remote_acl_user Authorization Serverk8N [:GB Tivoli Access Manager A0C^(gkZ) ; v$UOY. -sec_master_pwd sec_master_pwd Tivoli Access Manager |. gkZ O#(8k sec_master)& v$UOY. -verbose {true|false} trueN 3$R fl Z
PAGE 84
AMWLSConfigure -action unconfig Tivoli Access Manager for WebLogic Server& 8: X&UOY. 8. AMWLSConfigure -action unconfig -domain_admin_pwd domain_admin_pwd -sec_master_pwd sec_master_pwd [-verbose {true|false}] E3/v -domain_admin_pwd domain_admin_pwd Tivoli Access Manager for WebLogic Server 5^N |.Z O#& v$UOY. -sec_master_pwd sec_master_pwd Tivoli Access Manager |. gkZ O#(8k sec_master)& v$UOY. -verbose {true|false} trueN 3$R fl Z
PAGE 85
AMWLSConfigure -action create_realm WebLogic -v ;! 8H |'& [:UOY. 8. AMWLSConfigure -action create_realm -realm_name realm_name -domain_admin_pwd domain_admin_pwd -user_dn_suffix user_dn_suffix -group_dn_suffix group_dn_suffix -admin_group admin_group [-user_dn_prefix user_dn_prefix] [-group_dn_prefix group_dn_prefix] [-sso_enabled {true|false}] [-sso_user sso_user] [-sso_pwd sso_pwd] [-verbose {true|false}] E3/v -admin_group admin_group ;N 8: k5! gkR Tivoli Access Manager Wl; v$UOY.
PAGE 86
!k: L mI: Y=z 0: b; 3! p:d.! '!UOY. v UNIX: /opt/pdwls/sbin/ v Windows C:[G fl: C:\Program Files\Tivoli\pdwls\sbin\ b;* L\G Y% 3! p:d.& 1CR ', L /?.a sB Ze! .OI v V@OY. 0 mIL OaGz@OY. 1 mI! GP_@OY. mI! GPOi @y ^Cv! %CKOY. .&!G Z
PAGE 87
AMWLSConfigure -action delete_realm WebLogic -v!- 8H |'& h&UOY. 8. AMWLSConfigure -action delete_realm -domain_admin_pwd domain_admin_pwd [-registry_clean {true|false}] [-verbose {true|false}] E3/v -domain_admin_pwd domain_admin_pwd WebLogic 5^N |.Z O#& v$UOY. -registry_clean {true|false} 8: _ [:H gkZ W Wl; &EUOY. b;*: falseTOY. -verbose {true|false} trueN 3$R fl Z
PAGE 88
70 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
PAGE 89
NO C. VGgW L $8B L9!- &xGB &0 W -q:k8N [:H MTOY. IBM: Y% 9 !!-B L Za! bzH &0, -q: GB bI; &xOv J; v5 V@OY. v g gkR v VB &0 W -q:! kQ $8B Q9 IBM cgZ!T .GOJC @. L %!- IBM &0, ANW% GB -q:& p^OB ML Xg IBM &0, A NW% GB -q:8; gkR v VYB M; GLOvB J@OY. IBMG v{ g jG; 'XOv JB Q, bIs8N ?nQ &0, ANW% GB -q:& kE gk R v V@OY. W/* qIBM &0, ANW% GB -q:G nk! kQ r! W K u: gkZG %STOY. IBM: L %!- Ygm VB /$ ;k! kX /c& 8/Om VE* vg /c bx _O v V@OY. L %; &xQYm X- /c! kQ sL>:nv N)OB M: FUOY. sL>:! kQ G.gW: Y=8N .GOJC@.
PAGE 90
L $8!- p^GB qIBMG % gL.B \v mGs &xH M8N, n2 fD8 Ng Li % gL.& K#OmZ OB M: FUOY. Xg % gL.G ZaB ; IBM &0 ZaG ON! FOGN Xg % gL. gk8N NQ 'h: gkZ ;N L (vX_ UOY. IBM: MOG G.& 'XOv JB |' ;!- {}OYm }"OB fD8N MO ! &xQ $8& gkOE* hwR v V@OY. (i) 63{8N [:H ANW%z b8 ANW%(; ANW% wT) #G $8 3/ W (ii) 3/H $8G s# Lk; q{8N $8& xOB ANW% sL>: gkZB Y= VRN .GOJC@. 135-270 -o/0C -28 5n? 467-12, :Nx&8|ty Q9 FL.q.% VD8g m487>M L/Q $8B Xg 6G(9& in, gka vR n)! {s gkR v V@OY.
PAGE 91
L $8& RA.+GN 8B fl!B gxz C/ p-! %CGv J; v5 V@O Y. s% Y= knB L9 GB b8 9!!- gkGB IBM CorporationG s% GB nO s%TOY. AIX DB2 IBM IBM Nm SecureWayTivoli Tivoli Nm Microsoft, Windows, Windows NT W Windows NmB L9 GB b8 9!!gkGB Microsoft CorporationG s%TOY. Java W pg Java b] nO s%M NmB L9 GB b8 9!!- gkGB Sun Microsystems,IncG s% GB nO s%TOY. UNIXB L9 GB b8 9!!- gkGB Open GroupG nOs%TOY. b8 8g, &0 W -q: L': 8gG s% GB -q:%TOY. NO C.
PAGE 92
74 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
PAGE 93
kn ! |., \N GQ, GQ $8 v$, N8L2U. W PAC 6[ N MdL:! V@OY. m4: GQ ADK& gkO) L/Q - !s #:.(virtual hosting). NM]! Q LsG #:.N * 8*5O OB % -vG bI GQ $8 v$ -q:(credentials modification service). 3Nk 0(private key). D;M 8H!- R/Z8L gkR v Tivoli Access Manager GQ $8& v$Ob 'X gkR v VB GQ API 18S C/WN. m4L \N!- 3_Q GQ VB 0. xk 0M k6 xk 0(public key). C:[ 8H!- pg gwL gkR v VB 0. 3Nk 0M k6 $8 v$ -q:B GQ $8 S: qO! _!Om L qO! - &EOB 6[; v`O5O &QGg, v$ !IQ M8N # VGB S:i88N &QKOY. |. 5^N(management domain).
PAGE 94
* pU(daemon). ,S GB Vb{8N C:[ |'G bI(9: W.v) &n); v`Ob 'X +N8N G`GB ANW%. O W.v) b] Nu(network-based authentication). gkZ G IP(Internet Protocol) VR& YA8N @j'. W<:& & nOB POP(Protected Object Policy). POP(Protect Object Policy) |6 N pU: Xg B:)& v`Ob 'X Z?8N ..EGm, * Sv pU: $b{8N [?UOY. pvP -m(digital signature). e-commerce!- %LM \' ! _!GE* %LM \'G O# |[! XgOB %LMN, % LM \' vEZ! \'G +a: W R:& .NOm '6 ! Y I:; NDR v VT UOY. Y_ dR Nu(multi-factor authentication).
PAGE 95
B G& C:[ ZxG !s @j'. %C. 8# @j'. (protected object) W POP(Protect Object Policy) |6 8# @j'.(protected object). ACL W POP& {kOb ' X gkOg gkZ W<: GQ N)! gkOB G& C:[ ZxG m. %C. POP(Protect Object Policy) W 8# @j '. x#(protected object space) |6 9&;(replica). Y% -vG p:d. g;; wTOB -v. F O#-(encryption). C:[ 8H!- x! %LM& O# X 6 AN<:8; gkO) < v V5O -XQ |BN //O B AN<: O#(cipher). 0& gkO) 8k %LMN //(O# X6)G b |!B P; v x5O O#-H %LM 9&;: :I GB @d C#; bsC0m %LM +a:; 8 W<: GQ(access permission). |< @j'.
PAGE 96
b 'X gkOB AN<:. Y_ dR Nu, W.v) b] N m0(cookie). -v! ,sLp. C:[! zeOm DS
PAGE 97
O CGI(Common Cateway Interface). HTTP d;; kX % -v!- nC.ILG8N $8& |^OB :)3.& $GO W.v)(9: NM] GB SNA W.v))! , b 'Q NM] %X. ]kG fl5 6y!vTOY. CGI :) aGn Vm W W.v)! W<:OB v!; &xOB C:[. 3.B :)3. pn(9: Perl)N [:H CGI ANW%TOY. #:.(host). GQ #:.B /f! {s W.v)G _S }_-H &n& & xR v5 V@OY. #:.B ,sLp. -v, GB ?C! , D sLp.M -v QY! I v V@OY. DN. 80 L'(distinguished name:DN) |6 A E ACL(Access Control List) |6 ACL. EAS. \N GQ -q:(External Authorization Service) |6 ACL(Access Control List). C:[ 8H!- @j'.
PAGE 98
!5 gkR v V@OY. m4: GQ ADK& gkO) L/ J Q -q:& 3_R v V@OY. PAC(Privilege Attribute junction. AP.#e WebSEAL -vM i#e % nC.I LG -v #G HTTP GB HTTPS ,a. WebSEAL: junction ; gkO) i#e -v kE 8# -q:& &xOT UOY. Certificate) |6 PAC(Privilege Attribute Certificate). A0C^(gkZ)G N uz GQ N) S: W A0C^(gkZ)G bI; wTOB p vP .- L policy. LDAP. LDAP(Lightweight Directory Access Protocol) |6 |. Zx! {kGB j <. Policy Server. 8H 5^N!- Y% -v! kQ '! $8 LDAP(Lightweight Directory Access Protocol). (a) X.500 p(; vxOB p:d.
PAGE 99
Yw& D0Ob 'X gkGB .Z-. URIG Q 9NB m/ Q Zx '! v$Z, o URLL V@OY. URL. URL(Uniform Resource Locator) |6 URL(Uniform Resource Locator). C:[ GB NM]z 0 : W.v)(9: NM])!- $8 Zx; %COB .Z Cv:. L .Z Cv:!B (a) $8 Zx! W<:Ob 'X gkOB ANd]G ``H L'z (b) $8 Zx; #b 'X ANd] !- gkOB $8! V@OY. 9& in, NM] AX:.! - Li: YgQ $8 Zx! W<:Ob 'X gkOB AN d]G ``H L'TOY(9: http, ftp, gopher, telnet W news). IBM ( dLvG URL: http://www.ibm.comTOY. W WebSEAL. Tivoli Access Manager m9Le. WebSEAL: 8# @j'.
PAGE 100
82 IBM Tivoli Access Manager for e-business: BEA WebLogic Server kU H;-
PAGE 101
vN [!] [F] |C -{ xi pn Q 8:H gkZ 7, 43 GQ q5n 25 /?.< 1p 41 AMWLSConfigure -action config ANW% 41 AMWLSConfigure -action create_realm 67 AMWLSConfigure -action delete realm 69 b; Nu 8:H gkZ 7 AMWLSConfigure -action unconfig 64 66 Nu \N gkZ 6 [Y] Access Manager %p nC.ILG 41 WebSEAL gk 6 p:) d8gW 11 WebSEAL x= 7 [s] NWB policy 6 [Z] 44 [: WebSEAL junction pdadmin gk 32 [6] &E vCgW ^p. d8gW 11 AIX .&! G0 46 HP-UX 51 .&! Xa Solaris 49 ^p. N7 .
PAGE 102
Solaris (hS) AIX 3! 17 &E 49 &E 50 startWebLogic AMWLSConfigure -action config mI '! 25 64 AMWLSConfigure -action create_realm 67 startWebLogic, CLASSPATH 3$ 25 AMWLSConfigure -action delete realm 69 swinstall AMWLSConfigure -action unconfig 66 18 swremove 51 C T CLASSPATH Tivoli Access Manager for WebLogic &E pn Q8N startWebLogic 3$ 25 f} 49 startWebLogic 3$ 25 W H WebLogic -v v| 7.
PAGE 103
PAGE 104
򔻐򗗠򙳰 Printed in Denmark by IBM Danmark A/S SA30-2210-00