82 PDA Management with IBM Tivoli Configuration Manager
Figure 3-23 WebSEAL configured successfully
3.2.6 Installing Access Manager - Java Runtime Environment
To install and configure the Access Manager Java Runtime Environment (pdjrte),
follow these steps:
1. Make sure you stop IBM HTTP Server and IBM WebSphere Application
Server before installing the Access Manager Java Runtime Environment.
2. Delete the IBMJCEfw.jar file in the
jvm_path
\jre\lib\ext directory. The default
location is C:\WebSphere\AppServer\java\jre\lib\ext\ibmjcefw.jar.
3. To install the Access Manager JRE component, run the setup.exe command
in the <CDDrive>:\windows\PolicyDirector\Disk Images\Disk1\PDJRTE\Disk
Images\Disk1 directory.
4. Select the language. We are using the English version.
5. The Access Manager Java Runtime Setup window appears (Figure 3-24 on
page 83). Select Next.
Important: This step should be performed on the Tivoli Web Gateway system.
Chapter 3. Implementing security on the PDA management environment 83
Figure 3-24 Access Manager Java Runtime welcome window
6. Click Yes to accept the License Agreement.
7. Select the installation directory or accept the default value provided.
8. The installation completes with the success window, shown in Figure 3-25.
Click Finish to complete the installation.
Figure 3-25 Java Runtime setup installation complete
84 PDA Management with IBM Tivoli Configuration Manager
9. When the runtime installation has completed, the system must be rebooted.
Select Yes to restart your computer.
10.Make sure the IBM SecureWay Directory, IBM WebSphere Admin Server and
IBM HTTP Server services are running.
11.To successfully run Access Manager configuration commands, such as the
pdjrtecfg command, the Java binary for the WebSphere Application Server
must be the first entry in your PATH statement. On Windows, enter the
following command:
set PATH=C:\WebSphere\AppServer\java\jre\bin;%PATH%
12.You need to configure the Java Runtime Environment provided by IBM Tivoli
Access Manager. Enter the following commands:
cd C:\Program Files\Tivoli\Policy Director\sbin
pdjrtecfg -action config -java_home C:\WebSphere\AppServer\java\jre
This command sets the java_home variable of Access Manager Java
Runtime.
13.When the environment variable is set, create the SSL configurations file and
keystores. Run the following command on each Web Gateway server:
java com.tivoli.mts.SvrSslCfg application_name security_password
policy_server_hostname authorization_server_hostname policy_server_port
authorization_server_port configuration_file keystore_file operation
Where:
– application_name
Is the name of the Access Manager application to create and associate
with the SSL communication. The application name must be unique. Other
instances of the application, which are running on this or other systems,
must each be given a unique name. A distinguished name can be used
when an LDAP-based user registry is used with Access Manager.
– security_password
Is the sec_master user ID password.
– policy_server_hostname
Is the name of the system where the Access Manager Policy Server
process (ivmgrd) is running.
– authorization_server_hostname
Is the name of the system where the Access Manager Authorization
Server process (ivacld) is running. In our case, it is the same system as
the Policy Server.
Get PDA Management with IBM Tivoli Configuration Manager now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
