Migrating with Tivoli Access Manager for authentication enabled

When Tivoli Access Manager security is configured for your existing environment and security is enabled, you can migrate to WebSphere Application Server, Version 6.1.

Before you begin

Your profiles must be migrated using the tools in Using the migration tools to migrate product configurations.
Important: Do not restart the WebSphere Application Server Version 6.1 server until after performing the following procedure. The migration tools omit some files that enable the server to start correctly.

About this task

After migrating your profiles additional steps are required when Tivoli Access Manager security is configured.

Procedure

  1. Copy the following files from the existing directory to the same directory for Version 6.1.
    %WAS_HOME%\java\jre\PDPerm.properties
    %WAS_HOME%\java\jre\lib\security\PdPerm.ks
    %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
  2. Edit the PD.properties file, and change the following configuration settings:
    appsvr-plcysvrs=null\:0:\:1
    config_type=standalone
    Make the appropriate changes to point to your Tivoli Access Manager Policy Server, for example:
    appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1
    config_type=full
  3. Edit the PdPerm.properties file, and change all path names to the correct path name. Change the following configuration settings:
    pdvar-home=C\:\\Program
    Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
    baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program
    Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
    
    pdcert-url=file\:/c\:/progra~1/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
    
    baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program
    Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
    
    pd-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
    
    java-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre

What to do next

Also see the migration information with Tivoli Access Manager for authentication that is enabled on multiple nodes with security enabled.



In this information ...


Related concepts

IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 30, 2013 4:53:43 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-base-dist&topic=tsec_migratesinglenode
File name: tsec_migratesinglenode.html