Chapter 3. Installation 79
access to the authorization service for third-party applications that use the Tivoli
Access Manager authorization API in remote cache mode. The Authorization
Server also acts as a logging and auditing collection server to store records of
The Authorization Server is also part of the base install set and requires the
Access Manager Runtime as depicted in Figure 3-1 on page 75. Configuration of
PDAcld can be done using the pdconfig utility or using the svrsslcfg command.
This command configures, unconfigures, or modifies the configuration
information of a resource manager to use an SSL connection for communicating
with the Policy Server.
The svrsslcfg command is used to configure C-based application servers only.
For Java-based application servers, use the equivalent
com.tivoli.pd.jcfg.SvrSslCfg Java class.
3.2.8 Access Manager Policy Proxy Server (PDProxy)
The Access Manager Policy Proxy Server is used to set up a proxy server, which
acts as an intermediary between a less trusted network and a more trusted
network. This server ensures security and provides administrative control and
caching services. It is associated with, or part of, a gateway server that separates
the enterprise network from the outside network, and a firewall server that
protects the enterprise network from outside intrusion. In a Tivoli Access
Manager environment, the proxy server runs on behalf of the Policy Server for a
given number of authorization applications and administrative functions, such as
The Tivoli Access Manager Policy Proxy Server is another base component that
can be configured using the pdconfig tool, which calls the pdproxycfg command
in the background. This command configures or unconfigures a Policy Proxy
3.2.9 Tivoli Access Manager development (PDAuthADK) system
The Access Manager Application Development Kit provides a development
environment that enables you to code third-party applications to query the
authorization server for authorization decisions. This kit contains support for
using both C APIs and Java classes for authorization and administration
functions. To run the Java program or to compile and run your own Java
programs, you must install and configure a Java runtime environment system.