Chapter 3. Installation 87
If you plan to use Access Manager certificates to authenticate with PDSMS, or if
you want to use the Access Manager sec_master user (or other users and
groups defined in the secAuthority=Default suffix) to administer PDSMS using
either the session management command line or Web interface, then you must
unconfigure the base DN in the LDAP user registry used by WebSphere
Application Server.
An optional prerequisite component is a DB2 database. DB2 is required only if
you are intending to use a DB2 database to store login history information. Also,
an IBM DB2 JDBC™ driver must be available to the WebSphere Application
Server.
Setting up a Session Management Server system is a three-step process that
consists of installation, deployment to the application server or cluster, and
configuration. After installing the Session Management Server using native
installation utilities, the DSess.ear file must be deployed as a WebSphere
Application Server application.
After installing the Session Management Server you can configure the server
using the following command:
smscfg -action config
After installing the Session Management Server, you must reconfigure WebSEAL
or the Plug-in for Web Servers (or both) to use the Session Management Server
for managing sessions.
Along with the PDSMS installation, the structure of your session realms and
associated replica set must be planned and mapped. Determine whether you
want to have replicated Session Management Server instances that provide
failover capability and improved performance.
3.4.1 Session Management Server administrative interfaces
The Session Management Server offers two kinds of administration interfaces:
The session management Web interface (PDSMSWP)
The session management command line interfaces (PDSMSCLI)
Both interfaces and dependent software are shown in Figure 3-7 on page 88.
Note: After deployment, do not start the DSess.ear application until the
Session Management Server has been configured using the smscfg
command.
88 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
Figure 3-7 Session Management Server administrative interfaces
You can administer the Session Management Server either by using the Tivoli
Access Manager pdadmin command line utility located on the participating Tivoli
Access Manager Authorization Server or by using a Web interface, which is part
of the Tivoli Access Manager Web Portal Manager.
Session Management Server command line interface
Before you install and configure the session management command line
interface, the following steps are required:
As you can see from the Figure 3-7, to administer the Session Management
Server from the command line, the Access Manager Command Line package
(PDSMSCLI) must be installed on the Authorization Server.
WebSEAL or the Plug-in for Web Servers component must be installed,
configured, and running before the Session Management Server can operate.
The Session Management Server and the Authorization Server components
must be installed and configured before configuring the Access Manager
session management command line component.
The configuration requires the name of the server that hosts the Session
Management Server and the port number to be used for communication
between the server where the Session Management Server is hosted and the
Authorization Server that is hosting the command line extension utility.
If more than one Session Management Server is installed for failover and
performance reasons, the host names and communication port numbers for
each Session Management Server must be configured.
Determine whether you want to enable SSL for session management
command line interface communications. You can enable SSL between the
Session Management Server and the Authorization Server so that all pdadmin
command communications are secure.
PDJRTE
Operating System
WebSphere
Application
Server + GSKit
Tivoli Security Utilities
PDlic
PDWPM
Operating System
GSKit
LDAP Client
Tivoli Security Utilities
PDRTE
PDlic
PDACL
PDSMSCLI
PDSMSWPM
Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
