IBM 5.1 manual Entitlement service

Page 96

￿ ￿￿ ￿￿￿￿ ￿￿￿￿. ￿￿ ￿￿ ￿￿, ￿￿￿￿ ￿￿ ￿

￿(authentication) ￿ ￿￿￿ ￿￿(authentication) ￿￿

￿￿￿￿￿￿ ￿￿￿(entitlement service). ￿￿￿￿ ￿￿ ￿￿

￿￿￿ ￿￿ ￿￿￿￿￿ ￿￿￿￿￿￿￿ ￿￿￿￿ ￿￿ ￿￿￿ ￿

￿￿ ￿￿ API ￿￿￿ ￿￿￿￿. ￿￿￿￿￿￿￿ ￿￿ ￿￿ ￿

￿￿￿ ￿￿ ￿￿￿ ￿￿￿￿￿￿￿￿ ￿￿￿￿￿ ￿￿￿ ￿￿ ￿

￿￿￿￿￿ ￿￿￿￿ ￿￿ ￿￿￿￿￿ ￿￿ ￿￿￿ ￿￿￿ ￿￿

￿￿￿￿ ￿￿ ￿￿￿￿￿￿. ￿￿￿ ￿￿ ADK￿ ￿￿￿￿ ￿

￿￿￿￿￿￿ ￿￿￿ ￿ ￿￿￿￿.

￿￿￿￿￿￿(entitlement). ￿￿￿￿ ￿￿ policy ￿￿￿ ￿￿

￿￿ ￿￿￿ ￿￿. ￿￿￿￿ ￿￿ ￿￿￿￿￿￿￿￿ ￿￿￿ ￿ ￿

￿￿￿￿￿ ￿￿￿￿ ￿￿ ￿￿ policy ￿￿￿￿ ￿￿￿￿.

￿￿￿ ￿￿￿￿￿(Internet suite of protocols). ￿￿￿￿￿

￿￿￿￿ ￿￿ ￿￿￿￿ IETF(Internet Engineering Task Force)

￿ ￿￿ RFC(Requests for Comment)￿ ￿￿￿ ￿￿￿￿ ￿￿

￿

￿￿ ￿￿(silent installation). ￿￿￿￿ ￿￿￿ ￿￿￿ ￿￿￿

￿￿ ￿￿ ￿￿￿ ￿￿￿￿ ￿￿￿ ￿￿￿￿ ￿￿. ￿￿ ￿￿ ￿

￿￿￿￿ ￿￿￿ ￿￿￿ ￿￿ ￿￿ ￿￿￿ ￿￿￿ ￿ ￿￿￿￿.

￿￿ ￿￿(response file) ￿￿

￿￿ ￿￿￿￿(resource object). ￿￿ ￿￿￿￿ ￿￿(￿: ￿￿

￿, ￿￿ ￿ ￿￿￿￿)￿ ￿￿

￿￿ ￿￿(self-registration). ￿￿￿￿ ￿￿￿ ￿￿￿￿ ￿￿￿

￿ ￿￿ ￿￿￿￿ ￿￿ ￿￿ ￿￿￿ Tivoli Access Manager ￿

￿￿￿ ￿ ￿ ￿￿ ￿￿￿￿

￿￿￿(suffix). ￿￿￿ ￿￿￿￿ ￿￿￿￿ ￿￿ ￿￿￿￿ ￿ ￿

￿￿￿ ￿￿￿￿ ￿￿ ￿￿. LDAP(Lightweight Directory Access Protocol)￿￿ ￿￿￿￿ ￿￿￿ ￿￿￿￿ ￿￿￿￿ ￿￿,

￿ ￿￿￿￿ ￿￿￿￿ ￿￿ ￿￿ ￿￿ ￿￿ ￿￿ ￿￿￿ ￿￿￿

￿￿. ￿￿￿￿ ￿￿￿￿ ￿￿￿ ￿￿￿￿ ￿￿￿￿ ￿￿ ￿￿ ￿

￿￿ ￿￿￿￿ ￿￿ ￿￿ ￿￿￿￿ ￿￿ ￿ ￿￿￿￿.

￿￿(action). ACL(Access Control List) ￿￿ ￿￿.

ACL(Access Control List) ￿￿

￿

￿￿￿￿ ￿￿￿￿(container object). ￿￿￿￿ ￿￿￿ ￿￿￿

￿￿ region￿ ￿￿￿￿ ￿￿￿ ￿￿

￿￿(cookie). ￿￿￿ ￿￿￿￿￿ ￿￿￿￿ ￿￿￿￿ ￿￿ ￿￿

￿￿ ￿￿￿￿￿ ￿￿. ￿￿￿ ￿￿￿ ￿￿￿￿￿￿ ￿￿ ￿￿ ￿

￿￿ ￿￿￿ ￿ ￿￿ ￿￿￿.

￿￿￿￿ ￿￿(scalability). ￿￿￿ ￿￿￿￿￿ ￿￿￿ ￿￿ ￿

￿￿￿￿￿￿ ￿￿ ￿￿￿￿ ￿￿￿ ￿￿

￿￿￿￿￿￿￿ ￿￿(key database file). ￿ ￿(key ring) ￿

￿￿(key ring). ￿￿￿ ￿￿￿￿ ￿￿ ￿, ￿￿￿ ￿, ￿￿￿

￿￿￿￿ ￿ ￿￿￿ ￿￿￿￿ ￿￿

￿￿(key pair). ￿￿￿ ￿￿￿￿ ￿￿ ￿ ￿ ￿￿￿ ￿. ￿

￿￿￿ ￿ ￿￿ ￿￿￿ ￿, ￿￿￿￿ ￿￿ ￿￿ ￿￿￿￿ ￿￿

￿￿￿￿￿￿￿, ￿￿￿￿ ￿￿￿ ￿￿ ￿￿￿￿ ￿￿￿￿ ￿￿

￿￿￿￿￿. ￿￿￿ ￿ ￿￿ ￿￿￿ ￿, ￿￿￿￿ ￿￿￿ ￿￿ ￿

￿￿￿ ￿￿￿ ￿￿￿ ￿￿￿￿￿, ￿￿￿￿ ￿￿ ￿￿ ￿￿￿￿

￿￿￿￿￿ ￿￿ ￿￿￿ ￿￿￿ ￿￿ ￿￿￿￿￿.

￿￿￿(key file). ￿ ￿(key ring) ￿￿

￿(key). ￿￿￿ ￿￿￿￿ ￿￿￿ ￿￿￿ ￿ ￿￿ ￿￿￿ ￿￿

￿￿￿ ￿￿￿￿￿￿ ￿￿￿￿ ￿￿￿ ￿￿. ￿￿￿ ￿(private key) ￿ ￿￿ ￿(public key) ￿￿

￿

￿￿(token). (1) ￿￿￿ ￿￿￿￿￿ ￿￿￿￿￿ ￿￿￿ ￿￿ ￿

￿ ￿￿ ￿￿ ￿￿￿ ￿￿￿￿ ￿￿ ￿￿￿ ￿￿￿￿ ￿￿ ￿￿

￿￿￿ ￿￿￿￿ ￿￿ ￿￿. ￿￿￿ ￿￿￿ ￿￿￿￿￿￿ ￿￿￿

￿￿￿￿ ￿￿ ￿￿￿ ￿￿￿￿ ￿￿￿ ￿￿￿ ￿￿￿￿. ￿￿￿

￿￿ ￿￿￿ ￿￿￿ ￿￿ ￿￿￿ ￿￿ ￿￿ ￿￿￿￿￿. (2) ￿

￿￿ ￿￿￿(LAN)￿￿ ￿￿ ￿￿￿ ￿￿ ￿￿￿￿ ￿￿ ￿￿￿

￿￿￿ ￿￿￿. ￿￿￿ ￿￿￿￿ ￿￿￿ ￿￿, ￿ ￿￿￿ ￿￿

￿￿ ￿￿￿.

￿

￿￿(portal). ￿￿ ￿￿￿￿ ￿￿￿ ￿￿￿ ￿￿￿￿, ￿￿ ￿

￿￿￿ ￿￿ ￿￿￿ ￿ ￿￿(￿: ￿￿, ￿￿ ￿￿ ￿￿￿)￿ ￿

￿￿ ￿￿ ￿￿￿ ￿￿￿￿ ￿￿￿￿ ￿￿ ￿ ￿￿￿

￿￿(polling). ￿￿￿￿ ￿￿ ￿￿￿ ￿￿￿￿ ￿￿ ￿￿￿￿￿

￿￿ ￿￿￿￿￿ ￿￿￿￿ ￿￿￿￿

78IBM Tivoli Access Manager for e-business: BEA WebLogic Server ￿￿ ￿￿￿

Image 96
Contents BEA WebLogic Server Page BEA WebLogic Server 2003 Iii BEAWebLogic Page Page Business Policy Policy ServerTivoli Access Manager WebSEAL API Tivoli Access Manager API C Provisioning Fast StartTivoli Software Glossary Tivoli GSKitTivoli Access Manager SSL DB2WebSphere MQSeries JMSXiii Tivoli Information Center Unix policyTivoli Identity Agent IBM . IBM Tivoli Identity ManagerProduct manuals . Tivoli Software Information Center IBM Software Support GuideJava Unix . Windows $variable %variable% \ . Windows bash Tivoli Access Manager Tivoli Access Manager PolicyTivoli Access Manager WebLogic Policy IBM Tivoli Access ManagerThird-party BEA WebLogic ServerTivoli Access Manager Security Service Provider Interface WebLogic Management BeanMBeanJaas Jaas WebLogic PDPermissionWebLogic . WebLogic Policy BEA WebLogic Server MBean WebLogic . WebLogicPolicy Policy WebLogic J2EETivoli Access Manager WebSEALWebSEAL , , RSA SecureID WebSEAL URL , WebSEAL WebLogicSsouser 23 WebSEAL ssouserWebLogic BEA WebLogic Server JLog BEA WebLogic ServerTivoli Access Manager Authorization Server IBM Tivoli Access Manager for e-business BEA WebLogic Server Copyright IBM Corp Tivoli Access Manager Policy Server Tivoli Access Manager Authorization Server64MB RAM Tivoli Access Manager Authorization ServerBEA WebLogic Server BEA WebLogic Server startWebLogicTivoli Access Manager Java Windows Installamwls InstallamwlsAmwlsinstalldir/lib 32 5 BEA WebLogic ServerRoot Tivoli Access Manager AIXAIX HP-UX Solaris Windows AIXRoot Tivoli Access Manager Pfsmountd pfsd Pfsmount CD HP-UXSwinstall SolarisInstallShield 23 Administrator Windows Tivoli Access ManagerInstallShield Windows\amwlsinstalldir\lib IBM Tivoli Access Manager for e-business BEA WebLogic Server Tivoli Access Manager Java Runtime Environment WebLogic . Java RuntimeSun v1.4d JRE , pdjrtecfg Pdconfig JRE JDKPdjrtecfg Solaris, HP-UXStartWebLogic Classpath StartWebLogic WebLogic . startWebLogicJava Classpath WebLogic StartWebLogic Classpath StartWebLogic BEA WebLogic ServerTivoli Access Manager for WebLogic 53 aBEA WebLogic BEA WebLogic Config AMWLSConsoleExtensions BEA WebLogic ServerTivoli Access Manager for WebLogic AMSSPIConfigureConsole Extension Web Application Tivoli Access Manager WebLogic URLAccess Manager AMSSPIConfigure CreaterealmSSO Rbpf.properties 53 aTivoli Access Manager WebSEAL IBM Tivoli Access Manager Ssopwd WebSEAL Pdadmin WebSEALBEA WebLogic Server WebSEALTivoli Access Manager Plug-in for Web Servers PdadminPlug-ininstalldir/etc pdwebpi.conf Junction URLBEA WebLogic Server Tivoli Access Manager for WebLogic BA add-hdr supply-password BASsouser Page IBM Tivoli Access Manager for e-business BEA WebLogic Server Tivoli Access Manager WebSEAL DummyWebSEAL ID user-1 Ws-passwd WebSEALTivoli Access Manager Authorization Server Tivoli Access Manager44 3 policy Aznapi-entitlement-services BEA WebLogic Server Access ManagerPath TrueWebSEAL EJB Web.xml Servlet ServletRoleEAR AMWLSinstalldir/demo BEA WebLogic Server DoPost ServletRoleEjb-jar.xml GetBalance EJBRole GetBalance Banker1 Banker1Banker BankMembersServlet Servlet BankMembersEJB WebSEAL URLWebLogic Tivoli Access Manager Policy Policy pdadmin policyPolicy Policy Ldap Web Portal Manager Ldap . , LdapPdadmin Ldap 63 BAMWLSConfigure Amsspidir WebLogic ServletActive Directory administrators WebLogicWebLogic Server BEA WebLogic Server BEAWebLogic Active Directory Administrator Certificate.war AdministratorTivoli Access Manager IBM Tivoli Access SolarisSolaris Windows AIX HP-UX RootAccess Manager for WebLogic Application Server Tivoli Access Manager IBM Tivoli Access ManagerWindows AIXHP-UX SwremoveIBM Tivoli Access Manager for e-business BEA WebLogic Server Config createrealm .in ACL Tivoli Access Manager Amsspi.propertiesWlsrealmname BEA WebLogic Server BEA WebLogic Server SspiCom.tivoli.amwls.sspi.config.DeployerGroupProp Com.tivoli.amwls.sspi.config.MonitorGroupPropCom.tivoli.amwls.sspi.config.OperatorGroupProp Com.tivoli.amwls.sspi.config.AdminGroupPropRbpf.properties Com.tivoli.pd.as.cache.EnableDynamicRoleCaching Com.tivoli.pd.as.rbpf.PosRootCom.tivoli.pd.as.rbpf.ProductId Com.tivoli.pd.as.rbpf.AMActionGroupCom.tivoli.pd.as.cache.EnableStaticRoleCaching Com.tivoli.pd.as.cache.EnableObjectCachingCom.tivoli.pd.as.cache.StaticRoleCache Com.tivoli.pd.as.cache.StaticRoleCache.RolesCom.tivoli.pd.as.rbpf.GrantUnprotectedAccess Com.tivoli.pd.as.cache.ObjectCache.MaxResourcesCom.tivoli.pd.as.rbpf.ExcludedRoles Com.tivoli.pd.as.rbpf.CopyParentRoleCom.tivoli.pd.as.rbpf.IgnorePasswordPolicyOnUserCreate Com.tivoli.pd.as.rbpf.PropagateChildRoleCom.tivoli.pd.as.rbpf.UseEntitlements Com.tivoli.pd.as.rbpf.EntitlementsUserAmwlsjlog.properties Amwlsjlog.properties IsLoggingBaseGroup traceLogger baseGroup messageLogger True True falseIBM Tivoli Access Manager for e-business BEA WebLogic Server Copyright IBM Corp AMWLSConfigure -action config Remoteacluser remoteacluser Secmasterpwd secmasterpwdVerbose truefalse True . falseAMWLSConfigure -action unconfig AMWLSConfigure -action createrealm Ssoenabled truefalseWLS False Ssopwd ssopwdIBM Tivoli Access Manager Error Message Reference AMWLSConfigure -action deleterealm Registryclean truefalseIBM Tivoli Access Manager for e-business BEA WebLogic Server IBM IBM , IBM 467-12 2DBCS IBMIBM 467-12 IBM IBM , IBM Ipla IBM Corporation Unix Open GroupIBM Tivoli Access Manager for e-business BEA WebLogic Server Virtual hosting Network-based authentication Protected object. ACL POP Entitlement service ACLAccess Control List PAC privilege attribute certificate service URLUniform Resource Locator IBM Tivoli Access Manager for e-business BEA WebLogic Server Page AIX Page SA30-2210-00