IBM 5.1 manual PAC privilege attribute certificate service

Page 98

J

junction. ￿￿￿￿￿ WebSEAL ￿￿￿ ￿￿￿ ￿ ￿￿￿￿

￿￿ ￿￿ ￿￿ HTTP ￿￿ HTTPS ￿￿. WebSEAL￿ junction

￿￿￿￿￿ ￿￿￿ ￿￿ ￿￿ ￿￿ ￿￿￿￿ ￿￿￿￿ ￿￿￿.

L

LDAP. LDAP(Lightweight Directory Access Protocol) ￿￿

LDAP(Lightweight Directory Access Protocol). (a) X.500

￿￿￿ ￿￿￿￿ ￿￿￿￿￿ ￿￿￿￿ ￿ ￿￿ ￿￿￿ ￿￿￿￿

￿￿ TCP/IP￿ ￿￿￿￿, (b) ￿ ￿￿￿ X.500 DAP(Directory Access Protocol)￿ ￿￿ ￿￿￿￿￿ ￿￿￿￿ ￿￿ ￿￿￿￿. LDAP￿ ￿￿￿￿ ￿￿￿￿￿￿(￿￿￿￿ ￿￿ ￿￿ ￿￿￿￿￿

￿￿￿￿￿ ￿)￿ ￿￿ ￿￿ ￿￿￿￿ ￿￿ ￿￿(￿: ￿￿ ￿￿

￿￿, ￿￿ ￿ ￿￿ ￿￿￿ ￿￿ ￿￿ ￿￿￿￿) ￿￿￿ ￿￿ ￿

￿ ￿￿￿ ￿￿￿￿ ￿￿￿￿￿ ￿￿￿ ￿ ￿￿￿￿. LDAP￿ ￿

￿RFC 1777￿ ￿￿￿￿ ￿￿￿￿￿. LDAP ￿￿ 3￿ RFC 2251￿ ￿￿￿￿ ￿￿￿, IETF￿ ￿￿￿￿ ￿￿ ￿￿ ￿￿￿ ￿

￿￿￿￿￿ ￿￿￿￿. IETF￿￿ ￿￿￿ ￿￿ LDAP￿ ￿￿ ￿

￿￿￿ RFC 2256￿￿ ￿ ￿ ￿￿￿￿.

LTPA. LTPA(Lightweight Third Party Authentication) ￿￿

LTPA(Lightweight Third Party Authentication). ￿￿￿ ￿

￿￿ ￿￿ ￿￿ ￿￿ ￿ ￿￿ ￿￿￿ ￿￿ ￿￿ ￿￿ ￿￿ ￿￿

￿￿ ￿￿ ￿￿￿￿￿

M

MPA(Multiplexing Proxy Agent). ￿￿ ￿￿￿￿￿ ￿￿￿

￿ ￿￿￿￿ ￿￿￿￿￿. ￿ ￿￿￿￿￿￿ ￿￿ ￿￿￿￿￿￿

WAP￿ ￿￿￿￿ ￿￿ ￿￿￿￿ ￿￿￿￿ ￿￿, WAP(Wireless Access Protocol) ￿￿￿￿￿￿￿￿ ￿￿￿. ￿￿￿￿￿￿ ￿￿

￿￿￿ ￿￿ ￿￿￿ ￿￿￿ ￿￿￿￿, ￿￿ ￿￿￿￿￿ ￿￿ ￿

￿￿￿ ￿ ￿￿￿ ￿￿ ￿￿￿￿￿￿.

P

PAC. PAC(Privilege Attribute Certificate) ￿￿.

PAC ￿￿￿(privilege attribute certificate service). ￿￿￿

￿￿￿ ￿￿￿ PAC￿ Tivoli Access Manager ￿￿ ￿￿￿, ￿

￿￿ ￿￿￿ ￿￿￿￿ ￿￿ API ￿￿￿ ￿￿￿￿￿ ￿￿￿￿.

￿￿￿ ￿￿￿￿ ￿￿ ￿￿￿￿ ￿￿ ￿￿￿￿￿ ￿￿￿￿ ￿￿

Tivoli Access Manager ￿￿ ￿￿￿ ￿￿￿￿￿￿ ￿￿￿ ￿￿

￿￿ ￿￿￿ ￿ ￿￿￿￿. ￿￿￿ ￿￿ ADK￿ ￿￿￿￿ ￿￿

￿￿￿￿￿ ￿￿￿ ￿ ￿￿￿￿. PAC(Privilege Attribute Certificate) ￿￿

PAC(Privilege Attribute Certificate). ￿￿￿￿(￿￿￿)￿ ￿

￿￿ ￿￿ ￿￿ ￿￿ ￿ ￿￿￿￿(￿￿￿)￿ ￿￿￿ ￿￿￿￿ ￿

￿￿ ￿￿

policy. ￿￿ ￿￿￿ ￿￿￿￿ ￿ ￿￿

Policy Server. ￿￿ ￿￿￿￿￿ ￿￿ ￿￿￿ ￿￿ ￿￿ ￿￿

￿ ￿￿￿￿￿￿ Tivoli Access Manager ￿￿

POP. POP(Protect Object Policy) ￿￿

POP(Protect Object Policy). ￿￿ ￿￿￿￿￿ ￿￿￿￿ ￿

￿￿￿ ACL policy￿ ￿￿￿￿ ￿￿￿ ￿￿ ￿￿￿ ￿￿￿￿ ￿

￿ policy ￿￿. POP ￿￿￿ ￿￿￿￿ ￿￿ ￿￿ ￿￿￿￿ ￿

￿￿￿￿. ACL(Access Control List), ￿￿ ￿￿￿￿(protected

object) ￿ ￿￿ ￿￿￿￿ ￿￿(protected object space) ￿￿

R

RSA ￿￿￿ ￿￿￿(RSA encryption). ￿￿￿ ￿ ￿￿￿ ￿

￿￿￿ ￿￿ ￿ ￿￿￿ ￿￿￿. 1977￿ Ron Rivest, Adi Shamir ￿ Leonard Adleman￿ ￿￿ ￿￿￿ ￿￿￿ ￿￿￿￿￿￿. ￿

￿￿ ￿ ￿￿￿ ￿￿ ￿￿￿￿￿￿ ￿￿￿￿ ￿￿￿ ￿￿, ￿￿

￿￿￿￿ ￿￿￿￿￿.

S

SSL. SSL(Secure Sockets Layer) ￿￿

SSL(Secure Sockets Layer). ￿￿ ￿￿￿￿￿￿ ￿￿￿￿ ￿

￿￿￿￿￿. SSL￿ ￿￿￿￿￿/￿￿ ￿￿￿￿￿￿￿ ￿￿, ￿￿

￿￿￿￿ ￿￿￿ ￿￿￿￿ ￿￿ ￿￿￿￿ ￿￿￿￿ ￿￿￿ ￿

￿￿ ￿￿￿. SSL￿ Netscape Communications Corp.￿ RSA Data Security, Inc.￿￿ ￿￿￿￿￿￿.

SSO. SSO(Single Signon) ￿￿

U

URI. URI(Uniform Resource Identifier) ￿￿

URI(Uniform Resource Identifier). ￿￿ ￿￿(￿￿￿￿ ￿

￿￿ ￿￿), ￿￿ ￿￿(￿￿￿￿ ￿ ￿￿ ￿￿￿ ￿￿ ￿￿￿) ￿

￿￿ ￿￿￿ ￿￿ ￿￿￿￿(￿: HTTP)￿ ￿￿￿￿ ￿￿￿￿ ￿

80IBM Tivoli Access Manager for e-business: BEA WebLogic Server ￿￿ ￿￿￿

Image 98
Contents BEA WebLogic Server Page BEA WebLogic Server 2003 Iii BEAWebLogic Page Page Business Policy Policy ServerTivoli Access Manager WebSEAL API Tivoli Access Manager API C Provisioning Fast StartTivoli Software Glossary Tivoli GSKitTivoli Access Manager SSL DB2Xiii WebSphere MQSeriesJMS Tivoli Identity Tivoli Information CenterUnix policy Agent IBM . IBM Tivoli Identity ManagerProduct manuals . Tivoli Software Information Center IBM Software Support GuideJava Unix . Windows $variable %variable% \ . Windows bash Tivoli Access Manager Tivoli Access Manager PolicyThird-party Tivoli Access Manager WebLogicPolicy IBM Tivoli Access Manager BEA WebLogic ServerJaas Jaas Tivoli Access Manager Security Service Provider InterfaceWebLogic Management BeanMBean WebLogic . WebLogic Policy BEA WebLogic Server WebLogicPDPermission MBean WebLogic . WebLogicPolicy Policy WebLogic J2EETivoli Access Manager WebSEALSsouser 23 WebSEAL , , RSA SecureIDWebSEAL URL , WebSEAL WebLogic WebSEAL ssouserWebLogic BEA WebLogic Server JLog BEA WebLogic ServerTivoli Access Manager Authorization Server IBM Tivoli Access Manager for e-business BEA WebLogic Server Copyright IBM Corp 64MB RAM Tivoli Access Manager Tivoli Access Manager Policy ServerTivoli Access Manager Authorization Server Authorization ServerBEA WebLogic Server BEA WebLogic Server startWebLogicTivoli Access Manager Java Windows Amwlsinstalldir/lib InstallamwlsInstallamwls 32 5 BEA WebLogic ServerAIX HP-UX Solaris Windows Root Tivoli Access ManagerAIX AIXRoot Tivoli Access Manager Pfsmountd pfsd Pfsmount CD HP-UXSwinstall SolarisInstallShield InstallShield 23Administrator Windows Tivoli Access Manager Windows\amwlsinstalldir\lib IBM Tivoli Access Manager for e-business BEA WebLogic Server Tivoli Access Manager Java Runtime Environment WebLogic . Java RuntimePdjrtecfg Sun v1.4d JRE , pdjrtecfg Pdconfig JREJDK Solaris, HP-UXJava Classpath WebLogic StartWebLogic Classpath StartWebLogic ClasspathStartWebLogic WebLogic . startWebLogic StartWebLogic BEA WebLogic ServerBEA WebLogic BEA WebLogic Tivoli Access Manager for WebLogic53 a Config AMWLSConsoleExtensions BEA WebLogic ServerTivoli Access Manager for WebLogic AMSSPIConfigureConsole Extension Web Application Tivoli Access Manager WebLogic URLSSO Access ManagerAMSSPIConfigure Createrealm Rbpf.properties 53 aTivoli Access Manager BEA WebLogic Server WebSEAL IBM Tivoli Access ManagerSsopwd WebSEAL Pdadmin WebSEAL WebSEALPlug-ininstalldir/etc pdwebpi.conf Tivoli Access Manager Plug-in for Web ServersPdadmin Junction URLSsouser BEA WebLogic Server Tivoli Access Manager for WebLogicBA add-hdr supply-password BA Page IBM Tivoli Access Manager for e-business BEA WebLogic Server Tivoli Access Manager WebSEAL DummyWebSEAL ID user-1 Ws-passwd WebSEAL44 3 policy Tivoli Access Manager Authorization ServerTivoli Access Manager Path Aznapi-entitlement-servicesBEA WebLogic Server Access Manager TrueWebSEAL EJB Web.xml Servlet ServletRoleEjb-jar.xml GetBalance EJBRole EAR AMWLSinstalldir/demo BEA WebLogic ServerDoPost ServletRole GetBalance Banker1 Banker1Banker BankMembersServlet Servlet BankMembersEJB WebSEAL URLPolicy WebLogic Tivoli Access ManagerPolicy Policy pdadmin policy Policy Ldap Web Portal Manager Ldap . , LdapPdadmin Ldap 63 BAMWLSConfigure Amsspidir WebLogic ServletWebLogic Server Active Directory administratorsWebLogic BEA WebLogic Server BEAWebLogic Active Directory Administrator Certificate.war AdministratorSolaris Windows AIX HP-UX Tivoli Access Manager IBM Tivoli AccessSolaris RootWindows Access Manager for WebLogic Application ServerTivoli Access Manager IBM Tivoli Access Manager AIXHP-UX SwremoveIBM Tivoli Access Manager for e-business BEA WebLogic Server Wlsrealmname BEA WebLogic Server Config createrealm .in ACL Tivoli Access ManagerAmsspi.properties BEA WebLogic Server SspiCom.tivoli.amwls.sspi.config.OperatorGroupProp Com.tivoli.amwls.sspi.config.DeployerGroupPropCom.tivoli.amwls.sspi.config.MonitorGroupProp Com.tivoli.amwls.sspi.config.AdminGroupPropRbpf.properties Com.tivoli.pd.as.rbpf.ProductId Com.tivoli.pd.as.cache.EnableDynamicRoleCachingCom.tivoli.pd.as.rbpf.PosRoot Com.tivoli.pd.as.rbpf.AMActionGroupCom.tivoli.pd.as.cache.StaticRoleCache Com.tivoli.pd.as.cache.EnableStaticRoleCachingCom.tivoli.pd.as.cache.EnableObjectCaching Com.tivoli.pd.as.cache.StaticRoleCache.RolesCom.tivoli.pd.as.rbpf.ExcludedRoles Com.tivoli.pd.as.rbpf.GrantUnprotectedAccessCom.tivoli.pd.as.cache.ObjectCache.MaxResources Com.tivoli.pd.as.rbpf.CopyParentRoleCom.tivoli.pd.as.rbpf.UseEntitlements Com.tivoli.pd.as.rbpf.IgnorePasswordPolicyOnUserCreateCom.tivoli.pd.as.rbpf.PropagateChildRole Com.tivoli.pd.as.rbpf.EntitlementsUserAmwlsjlog.properties Amwlsjlog.properties IsLoggingBaseGroup traceLogger baseGroup messageLogger True True falseIBM Tivoli Access Manager for e-business BEA WebLogic Server Copyright IBM Corp AMWLSConfigure -action config Verbose truefalse Remoteacluser remoteacluserSecmasterpwd secmasterpwd True . falseAMWLSConfigure -action unconfig WLS AMWLSConfigure -action createrealmSsoenabled truefalse False Ssopwd ssopwdIBM Tivoli Access Manager Error Message Reference AMWLSConfigure -action deleterealm Registryclean truefalseIBM Tivoli Access Manager for e-business BEA WebLogic Server IBM IBM IBM , IBM467-12 2DBCS IBM 467-12 IBM IBM , IBM Ipla IBM Corporation Unix Open GroupIBM Tivoli Access Manager for e-business BEA WebLogic Server Virtual hosting Network-based authentication Protected object. ACL POP Entitlement service ACLAccess Control List PAC privilege attribute certificate service URLUniform Resource Locator IBM Tivoli Access Manager for e-business BEA WebLogic Server Page AIX Page SA30-2210-00