LEADER 11544nam 2200601Ia 450 001 9910816209003321 005 20200520144314.0 035 $a(CKB)1000000000243509 035 $a(SSID)ssj0000280569 035 $a(PQKBManifestationID)12094327 035 $a(PQKBTitleCode)TC0000280569 035 $a(PQKBWorkID)10291061 035 $a(PQKB)10036088 035 $a(OCoLC)63686640 035 $a(MiAaPQ)EBC3306546 035 $a(EXLCZ)991000000000243509 100 $a20060117d2005 uy 0 101 0 $aeng 135 $aurcn||||||||| 181 $ctxt 182 $cc 183 $acr 200 00$aIdentity and access management solutions $eusing WebSphere Portal V5.1, Tivoli Identity Manager V4.5.1, and Tivoli Access Manager V5.1 /$fJohn Ganci ... [et al.] 205 $a1st ed. 210 $aResearch Triangle Park, N.C. $cIBM, International Technical Support Organization$d2005 215 $axviii, 608 p. $cill 225 1 $aRedbooks 300 $a"August 2005." 300 $a"This edition applies to IBM Tivoli Identity Manager V4.5.1, IBM Tivoli Access Manager V5.1 for e-business, IBM Tivoli Directory Server V5.2, IBM Tivoli Directory Integrator V6.0, IBM WebSphere Portal V5.1, IBM DB2 Content Manager V8.3, Enterprise Edition, and IBM Rational Application Developer V6.0.0.1 on the Microsoft Windows platform." 311 $a0-7384-9019-9 320 $aIncludes bibliographical references and index. 327 $aFront cover -- Contents -- Notices -- Trademarks -- Preface -- The team that wrote this redbook -- Become a published author -- Comments welcome -- Part 1 Introduction to identity and access management -- Chapter 1. Introduction -- 1.1 Introduction to identity and access management -- 1.1.1 Key concepts -- 1.1.2 High level solution architecture -- 1.2 Solution software -- 1.2.1 Runtime environment solution software -- 1.2.2 Development environment solution software -- 1.3 Target audience -- 1.3.1 Roles and skills -- 1.3.2 Matching redbook topics to roles and skills -- Chapter 2. Architecture and design guidelines -- 2.1 Operational modeling guidelines -- 2.1.1 Operational model overview -- 2.1.2 Topology zones -- 2.1.3 Application architecture components -- 2.1.4 Product mapping -- 2.1.5 Runtime environment topology selection -- 2.1.6 Development environment topology selection -- 2.2 Design principles -- 2.2.1 Centralized authority -- 2.2.2 Access decision evaluated on demand -- 2.2.3 Capture authentication events and logs -- 2.3 User provisioning guidelines -- 2.3.1 Identity management overview -- 2.3.2 Common LDAP directory -- 2.3.3 Tivoli Identity Manager services, workflows, and policies -- 2.3.4 Tivoli Directory Integrator assembly lines -- 2.3.5 Tivoli Directory Integrator connectors -- 2.4 Single sign-on authentication guidelines -- 2.4.1 WebSphere Portal authentication -- 2.4.2 DB2 Content Manager authentication -- 2.4.3 Single sign-on for WebSphere Portal and Content Manager -- 2.4.4 Single sign-on authentication using Tivoli Access Manager -- 2.5 Authorization guidelines -- 2.5.1 WebSphere Portal authorization -- 2.5.2 DB2 Content Manager authorization -- 2.5.3 Tivoli Access Manager authorization -- 2.5.4 WebSphere Portal vs. Tivoli Access Manager authorization -- 2.6 Product-specific integration guidelines -- 2.6.1 WebSEAL junctions. 327 $a2.6.2 Junction considerations for use with TAI -- 2.6.3 Handling of back-end application cookies -- 2.6.4 Junction Mapping Table (JMT) -- 2.6.5 WebSEAL URL-based access control -- 2.6.6 Access control of WebSphere Portal resources -- 2.6.7 Access control of resources within portlet applications -- 2.6.8 WebSEAL and WebSphere Portal session considerations -- 2.7 Sequence diagrams for common access patterns -- 2.7.1 UCT1: Access unprotected portal page -- 2.7.2 UCT2: Access protected portal page, provide valid credentials -- 2.7.3 UCT3: Access protected portal page with existing valid session -- 2.7.4 UCT4: Access protected portal page with invalid credentials -- 2.7.5 UCT5: WebSEAL session times out before portal session -- 2.7.6 UCT6: Portal session times out before WebSEAL session -- 2.7.7 UCT7: Both WebSEAL and WebSphere Portal sessions time out -- 2.7.8 UCT8: WebSphere Portal logout after WebSEAL session timeout -- Part 2 ITSO identity and access management working example -- Chapter 3. Requirements analysis and solution design -- 3.1 Business scenario -- 3.1.1 Initial context -- 3.1.2 Business challenges -- 3.2 Business requirements -- 3.2.1 Functional requirements -- 3.2.2 Non-functional requirements -- 3.3 Use case model -- 3.3.1 Use case overview -- 3.3.2 Use case details -- 3.4 Solution architecture -- 3.4.1 Architecture overview -- 3.4.2 Architectural decisions -- 3.4.3 Solution architecture details -- 3.4.4 Runtime topology and product mapping -- 3.4.5 Development environment topology and product mapping -- Chapter 4. Runtime environment installation -- 4.1 Planning -- 4.1.1 Hardware and software prerequisites -- 4.1.2 Hardware used within the ITSO runtime environment -- 4.1.3 Software used within the ITSO runtime environment -- 4.2 Directory node installation -- 4.2.1 Windows 2000 Server installation. 327 $a4.2.2 DB2 Universal Database V8.2 installation -- 4.2.3 IBM GSKit installation -- 4.2.4 WebSphere Application Server V5.0.2 installation -- 4.2.5 Tivoli Directory Server V5.2 installation -- 4.2.6 Tivoli Directory Server configuration -- 4.2.7 Tivoli Web Administration Tool configuration -- 4.2.8 Tivoli Directory Integrator installation -- 4.2.9 DB2 Information Integrator for Content installation -- 4.3 Access Manager node installation -- 4.3.1 Windows 2000 Server installation -- 4.3.2 IBM Java Runtime Environment (JRE) V1.3.1 installation -- 4.3.3 IBM GSKit installation -- 4.3.4 Tivoli Directory Client SDK 5.2 installation -- 4.3.5 WebSphere Application Server V5.0.2 installation -- 4.3.6 Configure Directory Server for Tivoli Access Manager -- 4.3.7 Tivoli Access Manager installation -- 4.3.8 Tivoli Access Manager configuration -- 4.3.9 Tivoli Access Manager Web Portal Manager installation -- 4.3.10 Tivoli Access Manager V5.1 Base Fixpack 9 installation -- 4.3.11 Configure Web Portal Manager -- 4.3.12 Verify the Web Portal Manager -- 4.3.13 Tivoli Identity Manager Agent for TAM installation -- 4.3.14 Tivoli Identity Manager Agent for TAM configuration -- 4.4 Reverse Proxy node installation -- 4.4.1 Windows 2000 Server installation -- 4.4.2 Java Runtime Environment (JRE) V1.3.1 installation -- 4.4.3 IBM GSKit installation -- 4.4.4 Tivoli Directory Client installation -- 4.4.5 Tivoli Access Manager: WebSEAL installation -- 4.4.6 Tivoli Access Manager: WebSEAL configuration -- 4.4.7 Tivoli Access Manager V5.1 Base Fixpack 9 installation -- 4.4.8 Tivoli Access Manager V5.1 WebSEAL Fixpack 9 installation -- 4.5 Identity Management node installation -- 4.5.1 Windows 2000 Server installation -- 4.5.2 DB2 Universal Database V8.2 installation -- 4.5.3 IBM GSKit V7.0.3.8 installation -- 4.5.4 Tivoli Directory Server V5.2 installation. 327 $a4.5.5 Tivoli Directory Server configuration -- 4.5.6 WebSphere Application Server V5.1 -- 4.5.7 Tivoli Identity Manager V4.5.1 Fixpack 16 (full install) -- 4.5.8 Install Tivoli Identity Manager V4.5.1 FP42 -- 4.5.9 Tivoli Identity Manager Agent for TAM profile configuration -- 4.6 Content Management node installation -- 4.6.1 Windows 2000 Server installation -- 4.6.2 Tivoli Directory Client SDK installation -- 4.6.3 WebSphere Application Server V5.1.1 installation -- 4.6.4 DB2 Universal Database V8.2 installation -- 4.6.5 Create user IDs with privileges for Content Manager -- 4.6.6 DB2 Content Manager V8.3 installation -- 4.6.7 DB2 Content Manager V8.3 Client for Windows installation -- 4.7 Portal Server node installation -- 4.7.1 Windows 2000 Server installation -- 4.7.2 WebSphere Portal V5.1 installation -- 4.7.3 IBM HTTP Server and WebSphere plug-in installation -- 4.7.4 Java Runtime Environment (JRE) V1.3.1 installation -- 4.7.5 Tivoli Access Manager Java Runtime Environment installation -- 4.7.6 DB2 UDB V8.2 ESE installation -- 4.7.7 DB2 UDB Client configuration to Content Manager -- 4.7.8 Information Integrator for Content V8.3 installation -- 4.7.9 Tivoli Identity Manager V4.5.1 API installation -- Chapter 5. Runtime environment configuration -- 5.1 Configure WebSphere Portal for DB2 UDB -- 5.1.1 Create a DB2 user for WebSphere Portal -- 5.1.2 Create DB2 UDB databases for WebSphere Portal -- 5.1.3 Migrate the data from Cloudscape to DB2 UDB -- 5.2 Configure WebSphere Portal with IBM HTTP Server -- 5.2.1 IBM HTTP Server configuration -- 5.2.2 Configure WebSphere Portal for the external IBM HTTP Server -- 5.3 Configure WebSphere Portal with LDAP -- 5.3.1 Create a suffix -- 5.3.2 Create LDIF file containing users and groups -- 5.3.3 Import the LDIF file (wp-itso.ldif) to create users and groups -- 5.3.4 Enable LDAP security for WebSphere Portal. 327 $a5.3.5 Verify the LDAP configuration -- 5.4 Configure DB2 Content Manager with LDAP -- 5.4.1 Back up the DB2 Content Manager databases -- 5.4.2 Generate the cmbcmenv.properties file -- 5.4.3 Copy the cmbcmenv.properties file -- 5.4.4 Copy the icmxlslg.dll (user exit) -- 5.4.5 Enable trusted logons for Library Server -- 5.4.6 Create the ClientUserEditSSO privilege sets -- 5.4.7 Test the configuration -- 5.4.8 Configure LTPA for WebSphere Application Server -- 5.4.9 Enable SSL for LDAP server communication -- 5.5 Enable mutual SSL between WebSEAL and Portal -- 5.5.1 IBM HTTP Server SSL configuration -- 5.5.2 Configure WebSphere Portal for SSL -- 5.5.3 Export IBM HTTP Server CA certificate -- 5.5.4 Import IBM HTTP Server certificate into WebSEAL keystore -- 5.5.5 Export WebSEAL certificate -- 5.5.6 Import WebSEAL certificate into IBM HTTP Server keystore -- 5.5.7 Enable mutual SSL for IBM HTTP Server -- 5.6 Configure Portal authentication with TAM using TAI -- 5.6.1 Apply Tivoli Access Manager ACLs to new LDAP suffixes -- 5.6.2 Define additional MIME types for WebSphere Application Server -- 5.6.3 Create a WebSEAL junction -- 5.6.4 Enable forms authentication on WebSEAL -- 5.6.5 Configure WebSEAL to modify URLs to back-end systems -- 5.6.6 Configure additional WebSEAL parameters -- 5.6.7 Import WebSphere Portal users and groups into TAM -- 5.6.8 Define access controls for WebSphere Portal URIs -- 5.6.9 Configure the junction mapping table (JMT) -- 5.6.10 Configure SSO for WebSEAL and WebSphere via TAI -- 5.6.11 Configure Portal login/logout for use with WebSEAL -- 5.7 Configure WebSphere Portal authorization with TAM -- 5.7.1 Configure SSL between WebSphere and TAM -- 5.7.2 Configure WebSphere Portal authorization for TAM -- 5.7.3 Verify entries in TAM for Portal external authorization -- 5.8 Configure reverse password synchronization. 327 $a5.8.1 Prerequisites. 410 0$aIBM redbooks. 606 $aWeb portals$xSecurity measures 606 $aComputer networks$xSecurity measures 606 $aComputers$xAccess control 615 0$aWeb portals$xSecurity measures. 615 0$aComputer networks$xSecurity measures. 615 0$aComputers$xAccess control. 701 $aGanci$b John$01598676 712 02$aInternational Business Machines Corporation.$bInternational Technical Support Organization. 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910816209003321 996 $aIdentity and access management solutions$94003303 997 $aUNINA