Transcription
IBM Security Identity ManagerVersion 6.0RSA Authentication Manager AdapterInstallation and Configuration Guide SC27-4408-02
IBM Security Identity ManagerVersion 6.0RSA Authentication Manager AdapterInstallation and Configuration Guide SC27-4408-02
NoteBefore using this information and the product it supports, read the information in Appendix F, “Notices,” on page 57.Edition noticeNote: This edition applies to version 6.0 of IBM Security Identity Manager (product number 5724-C34) and to allsubsequent releases and modifications until otherwise indicated in new editions. Copyright IBM Corporation 2012, 2013.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.
ContentsFigures . . . . . . . . . . . . . . . vTables . . . . . . . . . . . . . . . viiPreface . . . . . . . . . . . . . . . ixAbout this publication . . . . . .Access to publications and terminologyAccessibility . . . . . . . . .Technical training. . . . . . . .Support information . . . . . . .Statement of Good Security Practices . ix. ix. x. x. x. x.Chapter 1. RSA Authentication ManagerAdapter Installation and ConfigurationGuide . . . . . . . . . . . . . . . . 1Overview of the adapter . .Features of the adapter . .Architecture of the adapterSupported configurations .1112Chapter 2. Adapter installation planning5Preinstallation roadmap . . . . . . . . .Installation roadmap. . . . . . . . . . .Prerequisites . . . . . . . . . . . . .Prerequisites for running the RsaAuthMgr connectorInstallation worksheet for the adapter . . . . .Software download for the RSA AuthenticationManager adapter . . . . . . . . . . . . 5. 5. 67. 8. 22.22232324Chapter 5. Troubleshooting the adaptererrors . . . . . . . . . . . . . . . 25Techniques for troubleshooting problemsError messages . . . . . . . . . 25. 27Chapter 6. Adapter upgrade. . . . . . 31Upgrading the connector .Profile upgrade . . . . 31. 32Chapter 7. Adapter uninstallation . . . 33Uninstalling the adapter from the Tivoli DirectoryIntegrator server. . . . . . . . . . . .Adapter profile removal from the IBM SecurityIdentity Manager server . . . . . . . . .Chapter 8. Adapter reinstallation. 33. 33. . . 35Appendix A. Adapter attributes . . . . 37Attribute descriptions . 37. 8Chapter 3. Adapter installation . . . . . 9Dispatcher installation verification . . . . . . . 9Installing the adapter . . . . . . . . . . . 9Copying JAR files from the Authentication Managerserver to the Tivoli Directory Integratorenvironment . . . . . . . . . . . . . . 10Adapter authority requirement for the license.beafile . . . . . . . . . . . . . . . . . 11Authentication Manager config.properties fileupdate . . . . . . . . . . . . . . . . 11Enabling secure communication between theadapter and the RSA Authentication Manager server 12Start, stop, and restart of the adapter service . . . 13Installation verification . . . . . . . . . . 14Importing the adapter profile into the IBM SecurityIdentity Manager server . . . . . . . . . . 15Adapter profile installation verification . . . . . 16Adapter user account creation . . . . . . . . 16Creating a service . . . . . . . . . . . . 16Chapter 4. First steps after installation21Adapter configuration . . . . . . . . . .Editing adapter profiles on the UNIX or Linuxoperating system . . . . . . . . . . 21 Copyright IBM Corp. 2012, 2013Maximum length modification of account formattributes . . . . . . . . . . . . .Creating a JAR file and importing the profile onthe IBM Security Identity Manager . . . .Password management for account restoration .Language pack installation . . . . . . . .Verifying that the adapter is working correctly .Appendix B. Adapter installation on az/OS operating system . . . . . . . . 47Appendix C. Conventions used in thispublication . . . . . . . . . . . . . 49Typeface conventions . . . . . . . . . .Operating system-dependent variables and paths .Definitions for ITDI HOME and ISIM HOMEdirectories . . . . . . . . . . . . . . 49. 49. 50Appendix D. Support information . . . 51Searching knowledge bases .Obtaining a product fix . .Contacting IBM Support . . 51. 52. 52Appendix E. Accessibility features forIBM Security Identity Manager . . . . 55Appendix F. Notices . . . . . . . . . 57Index . . . . . . . . . . . . . . . 61. 21iii
ivIBM Security Identity Manager: RSA Authentication Manager Adapter Installation and Configuration Guide
Figures1.The architecture of the RSA AuthenticationManager Adapter . . . . . . . . . . Copyright IBM Corp. 2012, 2013. 22.3.Example of a single server configuration .Example of multiple server configuration. 23v
viIBM Security Identity Manager: RSA Authentication Manager Adapter Installation and Configuration Guide
Tables1.2.3.4.5.6.7.8.9.10.Preinstallation roadmap . . . . . . . . . 5Installation roadmap . . . . . . . . . . 5Prerequisites to install the adapter . . . . . 6RsaAuthMgr connector prerequisites . . . . 7Required information to install the adapter8Required JAR files and their locations . . . . 10Adapter component . . . . . . . . . . 14Error messages . . . . . . . . . . . 27Attributes for the erRsaAmAccount object class 37Attributes for the erRsaAmRMIService objectclass . . . . . . . . . . . . . . . 42 Copyright IBM Corp. 2012, 201311.12.13.14.15.Attributes forAttributes forAttributes forobject class .Attributes forobject class .Attributes forclass . . .the erRsaAmGroups object classthe erRsaAmTokens object classthe erRsaAmSecurityDomains. . . . . . . . . . . .the erRsaAmIdentitySources. . . . . . . . . . . .the erRsaAmAdminRoles object. . . . . . . . . . . .4344444445vii
viiiIBM Security Identity Manager: RSA Authentication Manager Adapter Installation and Configuration Guide
PrefaceAbout this publicationThe RSA Authentication Manager Adapter Installation and Configuration Guide containsthe basic information that you can use to install and configure the IBM IBM Security Identity Manager RSA Authentication Manager Adapter. IBM SecurityIdentity Manager was previously known as Tivoli Identity Manager.The adapter enables connectivity between the IBM Security Identity Managerserver and the managed resource.Access to publications and terminologyThis section provides:v A list of publications in the “IBM Security Identity Manager library.”v Links to “Online publications.”v A link to the “IBM Terminology website.”IBM Security Identity Manager libraryFor a complete listing of the IBM Security Identity Manager and IBM SecurityIdentity Manager Adapter documentation, see the online ivihelp/v2r1/index.jsp?topic /com.ibm.isim.doc 6.0/ic-homepage.htm).Online publicationsIBM posts product publications when the product is released and when thepublications are updated at the following locations:IBM Security Identity Manager libraryThe product documentation site /v2r1/index.jsp?topic /com.ibm.isim.doc 6.0/ichomepage.htm) displays the welcome page and navigation for the library.IBM Security Systems Documentation CentralIBM Security Systems Documentation Central provides an alphabetical listof all IBM Security Systems product libraries and links to the onlinedocumentation for specific versions of each product.IBM Publications CenterThe IBM Publications Center site ( ons/servlet/pbi.wss) offers customized search functionsto help you find all the IBM publications you need.IBM Terminology websiteThe IBM Terminology website consolidates terminology for product libraries in onelocation. You can access the Terminology website at ogy. Copyright IBM Corp. 2012, 2013ix
AccessibilityAccessibility features help users with a physical disability, such as restrictedmobility or limited vision, to use software products successfully. With this product,you can use assistive technologies to hear and navigate the interface. You can alsouse the keyboard instead of the mouse to operate all features of the graphical userinterface.Technical trainingFor technical training information, see the following IBM Education website port informationIBM Support provides assistance with code-related problems and routine, shortduration installation or usage questions. You can directly access the IBM SoftwareSupport site at ppendix D, “Support information,” on page 51 provides details about:v What information to collect before contacting IBM Support.v The various methods for contacting IBM Support.v How to use IBM Support Assistant.v Instructions and problem-determination resources to isolate and fix the problemyourself.Note: The Community and Support tab on the product information center canprovide additional support resources.Statement of Good Security PracticesIT system security involves protecting systems and information throughprevention, detection and response to improper access from within and outsideyour enterprise. Improper access can result in information being altered, destroyed,misappropriated or misused or can result in damage to or misuse of your systems,including for use in attacks on others. No IT system or product should beconsidered completely secure and no single product, service or security measurecan be completely effective in preventing improper use or access. IBM systems,products and services are designed to be part of a comprehensive securityapproach, which will necessarily involve additional operational procedures, andmay require other systems, products or services to be most effective. IBM DOESNOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES AREIMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THEMALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.xIBM Security Identity Manager: RSA Authentication Manager Adapter Installation and Configuration Guide
Chapter 1. RSA Authentication Manager Adapter Installationand Configuration GuideThis installation guide provides the basic information for installing and configuringthe RSA Authentication Manager Adapter. The RSA Authentication ManagerAdapter enables connectivity between the IBM Security Identity Manager serverand a managed resource.Overview of the adapterAn adapter provides an interface between a managed resource and the IBMSecurity Identity Manager server.v Adapters might reside on the managed resource.v The IBM Security Identity Manager server manages access to the resource byusing your security system.v Adapters function as trusted virtual administrators on the target platform.v They perform tasks, such as creating, suspending, and restoring user accounts,and other administrative functions that are performed manually.v The adapter runs as a service, independently of whether you are logged on tothe IBM Security Identity Manager server.v The RSA Authentication Manager Adapter enables communication between theIBM Security Identity Manager server and the RSA Authentication Managerserver.Features of the adapterThe adapter automates user account management tasks.v Adding, modifying, suspending, restoring, or deleting user accounts in theidentity sources and the security domains of a specific realm.v Restoring locked user accounts.v Adding users to and removing them from groups.v Assigning or unassigning roles to users.v Enabling and disabling the tokens assigned to usersv Clearing pins for the tokens assigned to the users.v Reconciling user account information from the managed resource to IBMSecurity Identity Manager.v Reconciling support data for the realm, such as identity sources, securitydomains, groups, admin roles, and tokens of the specified realm.Architecture of the adapterThe adapter requires several components.v The RMI Dispatcherv The Tivoli Directory Integrator connectorv The IBM Security Identity Manager adapter profileYou always must install the Dispatcher and the adapter profile; however, the TivoliDirectory Integrator connector might already be installed with the base TivoliDirectory Integrator product. Copyright IBM Corp. 2012, 20131
Figure 1 describes the components that work together to complete the user accountmanagement tasks in a Tivoli Directory Integrator environment.IBM Security RMI callsIdentityManagerServerDispatcherService(an instanceof the IBMTivoliDirectoryIntegrator)AdapterresourceFigure 1. The architecture of the RSA Authentication Manager AdapterFor more information about Tivoli Directory Integrator, see the Quick Start Guide inthe IBM Security Identity Manager product documentation.Supported configurationsThere are fundamental components that are required in each environment.v The IBM Security Identity Manager serverv The Tivoli Directory Integrator serverv The managed resourcev The adapterThe adapter must reside directly on the server that runs the Tivoli DirectoryIntegrator server.Single server configurationInstall the IBM Security Identity Manager server, the Tivoli Directory Integratorserver, and the RSA Authentication Manager Adapter on one server.This configuration establishes communication with the RSA AuthenticationManager server. The RSA Authentication Manager server is installed on a differentserver as described in Figure 2.IBM SecurityIdentity Manager ServerTivoli DirectoryIntegrator ServerManagedresourceAdapterFigure 2. Example of a single server configurationMultiple server configurationInstall the IBM Security Identity Manager server, the Tivoli Directory Integratorserver, the RSA Authentication Manager Adapter, and the RSA AuthenticationManager on different servers.2IBM Security Identity Manager: RSA Authentication Manager Adapter Installation and Configuration Guide
Install the Tivoli Directory Integrator server and the RSA Authentication ManagerAdapter on the same server as described Figure 3.IBM SecurityIdentity ManagerserverTivoli DirectoryIntegrator serverManagedresourceAdapterFigure 3. Example of multiple server configurationChapter 1. RSA Authentication Manager Adapter Installation and Configuration Guide3
4IBM Security Identity Manager: RSA Authentication Manager Adapter Installation and Configuration Guide
Chapter 2. Adapter installation planningInstalling and configuring the adapter involves several steps that you mustcomplete in sequence. Review the roadmaps before you begin the installationprocess.Preinstallation roadmapBefore you install the adapter, you must prepare the environment.See Table 1.Table 1. Preinstallation roadmapTaskFor more informationObtain the installation software.Download the software from PassportAdvantage website. See “Softwaredownload for the RSA AuthenticationManager adapter” on page 8.Verify that your environment meets thesoftware and hardware requirements for theadapter.See “Prerequisites” on page 6 and“Prerequisites for running the RsaAuthMgrconnector” on page 7.Obtain the necessary information for theinstallation and configuration.See “Installation worksheet for the adapter”on page 8.Export and import the AuthenticationManager SSL certificate.See “Enabling secure communicationbetween the adapter and the RSAAuthentication Manager server” on page 12.Update the Authentication Managerconfig.properties file.See “Authentication Managerconfig.properties file update” on page 11.Copy Authentication Manager JAR files.See “Copying JAR files from theAuthentication Manager server to the TivoliDirectory Integrator environment” on page10.Installation roadmapTo install the adapter, you must complete a task sequence.Table 2. Installation roadmapTaskFor more informationVerify the Dispatcher installation.See “Dispatcher installation verification” onpage 9.Install the adapter.See “Installing the adapter” on page 9.Copy the RSA Authentication Manager JARfiles to the Tivoli Directory Integratorenvironment.See “Copying JAR files from theAuthentication Manager server to the TivoliDirectory Integrator environment” on page10Copy the license.bea file.See “Adapter authority requirement for thelicense.bea file” on page 11Update the RSA Authentication Managerconfig.properties file.See “Authentication Managerconfig.properties file update” on page 11. Copyright IBM Corp. 2012, 20135
Table 2. Installation roadmap (continued)TaskFor more informationEnable SSL communication between theadapter and the RSA AuthenticationManager server.See “Enabling secure communicationbetween the adapter and the RSAAuthentication Manager server” on page 12Verify the adapter installation.See “Installation verification” on page 14.Import the adapter profile.See “Importing the adapter profile into theIBM Security Identity Manager server” onpage 15.Verify the profile installation.See “Adapter profile installationverification” on page 16.Create an adapter user account.See “Adapter user account creation” on page16.Create a service.See “Creating a service” on page 16.Configure the adapter.See “Adapter configuration” on page 21.PrerequisitesVerify that your environment meets all the prerequisites before you install theadapter.Table 3 identifies the software and operating system prerequisites for the adapterinstallation.Ensure that you install the adapter on the same workstation as the IBM TivoliDirectory Integrator server.Table 3. Prerequisites to install the adapterPrerequisiteDescriptionIBM Tivoli Directory IntegratorVersion 7.1 fix pack 5 or laterVersion 7.1.1IBM IBM Security Identity Manager serverVersion 6.0RSA Authentication ManagerVersion 7.1System Administrator authorityTo complete the adapter installationprocedure, you must have systemadministrator authority.Tivoli Directory Integrator adapters solutiondirectoryA Tivoli Directory Integrator adapterssolution directory is a Tivoli DirectoryIntegrator work directory for IBM SecurityIdentity Manager adapters.For more information, see the DispatcherInstallation and Configuration Guide.For information about the prerequisites and supported operating systems for TivoliDirectory Integrator, see the IBM Tivoli Directory Integrator 7.1: Administrator Guide.6IBM Security Identity Manager: RSA Authentication Manager Adapter Installation and Configuration Guide
Prerequisites for running the RsaAuthMgr connectorYou can use the following lists of requirements to run the RsaAuthMgr connector.Table 4. RsaAuthMgr connector prerequisitesRequirementDescriptionTaskSSL CertificateExport the SSL certificate fromthe managed resource andimport it to the certificateauthority (CA) certificates ofthe Tivoli Directory IntegratorJava Virtual Machine (JVM).See “Enabling secure communication betweenthe adapter and the RSA AuthenticationManager server” on page 12.LicenseAn adapter can have theauthority to manage theresource only when it has thelicense.bea file of theWebLogic server on theresource.Place the license.bea file in the adaptersolution directory. See the Dispatcher Installationand Configuration Guide.config.propertiesThis file contains the key-value See “Authentication Managerpair information related to the config.properties file update” on page 11.managed resource.This file must be placed in theadapter solution directory andupdated appropriately.wlfullclient.jar on the RSAAuthentication Manager server.This JAR file containsinformation needed for theadapter to communicate withthe RSA AuthenticationManager server. It must begenerated on the server andcopied to theITDI HOME/jars/3rdparty/rsadirectory.Authentication Manager JAR files The RSA library JAR filesin Tivoli Directory Integratorprovide APIs to performoperations on the managedresource.Perform the following steps:1. From the command prompt on the RSAAuthentication Managerserver, change thedirectory to RSA AM HOME/appserver/weblogic/server/lib/.2. Type:java -jar ././modules/com.bea.core.jarbuilder1.0.0.0.jar -profilewlfullclientCopy the JAR files from the Required JAR filestable to the ITDI Home/jars/3rdparty/rsadirectory. See “Copying JAR files from theAuthentication Manager server to the TivoliDirectory Integrator environment” on page 10.Chapter 2. Adapter installation planning7
Installation worksheet for the adapterIdentify the required directories before you install the adapter.Table 5. Required information to install the adapterRequired information DescriptionValueTivoli DirectoryIntegrator HomeDirectoryIf Tivoli DirectoryIntegrator version 7.1 isautomatically installed, thedefault directory pathdepends on the operatingsystem.The ITDI HOME directory containsthe jars/connectors subdirectorythat contains adapter pters solutiondirectoryWhen you install the dispatcher, theinstaller prompts you to specify a filepath for the solution directory. Seethe Dispatcher Installation andConfiguration Guide./opt/IBM/TDI/V7.1The default solutiondirectory for version 7.1depends on the V7.1\timsolUNIX/opt/IBM/TDI/V7.1/timsolSoftware download for the RSA Authentication Manager adapterDownload the software from your account at the IBM Passport Advantage website.Go to IBM Passport Advantage.See the IBM Security Identity Manager Download Document for instructions.Note:You can also obtain additional adapter information from IBM Support. Go toAdapters for IBM Security Identity Manager v6.0.8IBM Security Identity Manager: RSA Authentication Manager Adapter Installation and Configuration Guide
Chapter 3. Adapter installationYou can install the adapter.All the adapters that are based on Tivoli Directory Integrator require theDispatcher. If the Dispatcher is installed from a previous installation, do notreinstall it unless there is an upgrade to the Dispatcher. See “Dispatcher installationverification.”After verifying the Dispatcher installation, you might need to install the TivoliDirectory Integrator connector. Depending on your adapter, the connector mightalready be installed as part of the Tivoli Directory Integrator product and nofurther action is required.Dispatcher installation verificationIf this installation is the first adapter installation that is based on Tivoli DirectoryIntegrator, you must install the Dispatcher before you install the adapter.Obtain the dispatcher installer from the IBM Passport Advantage website, IBMPassport Advantage. For information about Dispatcher installation, see theDispatcher Installation and Configuration Guide.Installing the adapterUse these steps to install the adapter.Before you beginDo the following:v Verify that your site meets all the prerequisite requirements. See “Prerequisites”on page 6.v Obtain a copy of the installation software. See “Software download for the RSAAuthentication Manager adapter” on page 8.v Obtain system administrator authority.About this taskThe adapter uses the RSA Authentication Manager RsaAuthMgr connector. Theconnector is not available with the base Tivoli Directory Integrator product. Theadapter installation involves the Tivoli Directory Integrator RSA AuthenticationManager connector installation. Before you install the adapter, make sure that theRMI Dispatcher is already installed. See “Dispatcher installation verification.”ProcedureTo install the adapter, perform the following steps:1. Create a temporary directory on the workstation where you want to extract theadapter.2. Extract the contents of the compressed file in the temporary directory. Copyright IBM Corp. 2012, 20139
3. Copy the RsaAuthMgrConnector.jar file to the ITDI HOME/jars/connectorsdirectory.4. Restart the IBM Security Identity Manager adapter (Dispatcher) service.What to do nextAfter you finish the adapter installation, copy the Jar files to the Tivoli DirectoryIntegrator environment. See “Copying JAR files from the Authentication Managerserver to the Tivoli Directory Integrator environment”Copying JAR files from the Authentication Manager server to the TivoliDirectory Integrator environmentYou must install certain JAR files in the Tivoli Directory Integrator environment torun the RSA Authentication Manager Adapter.Procedure1. On the RSA Authentication Manager server, change to the RSA AM HOME/appserver/weblogic/server/lib/ directory.2. Issue the following command on one line:java -jar ./././modules/com.bea.core.jarbuilder 1.0.0.0.jar-profile wlfullclientThe wlfullclient.jar file is created in the RSA AM HOME/appserver/weblogic/server/lib directory.3. Create the ITDI HOME/jars/3rdparty/rsa directory.4. Copy these JAR files to the ITDI HOME/jars/3rdparty/rsa directory.Table 6. Required JAR files and their locations. This table lists the RSA AuthenticationManager JAR files that are required by the adapter.Location in the RSA AuthenticationManager serverJAR fileRSA AM ver-o.jarsystemfields-o.jarucm-server-o.jar10IBM Security Identity Manager: RSA Authentication Manager Adapter Installation and Configuration Guide
Table 6. Required JAR files and their locations (continued). This table lists the RSAAuthentication Manager JAR files that are required by the adapter.Location in the RSA AuthenticationManager serverJAR fileRSA AM .process nl-2.6.7.jarspring-2.0.7.jarRSA AM ullclient.jarRSA AM HOME\server\servers\hostname server\tmp\ WL user\consoleims\.\war\WEB-INF\libims-client.jarRSA AM HOME\server\servers\hostname server\tmp\ WL pter authority requirement for the license.bea fileThe adapter needs the license.bea file of the RSA Authentication Manager forauthority to manage the resource.An adapter has the authority to manage an RSA Authentication Manager serverresource only when the license.bea file of the server is available.Copy the RSA AM HOME/appserver/license.bea file from the RSA AuthenticationManager server to the adapters solution directory. An example of the adapterssolution directory is ITDI HOME/timsol.Authentication Manager config.properties file updateThe config.properties file contains key-value pairs that are needed tocommunicate with a particular RSA Authentication Manager server.When you extracted the adapter files from the package, a resource directory wascreated. Copy the config.properties file from the resource directory to theChapter 3. Adapter installation11
adapters solution directory, for example ITDI HOME/timsol. The key-value pairs in thefile have empty values. You must change the values to those values specific for anRSA Authentication Manager instance.List the key-value pairs by running following command in the RSA AuthenticationManager server installation directory (RSA AM HOME).utils/rsautil manage-secrets --action listallThe rsautil command lists all the properties with key-value pairs. Theconfig.properties file requires only certain key pairs. The following sample fileshows the required keys using sample values for an example server,ps0092.persistent.co.in. Modify the sample to fit your environment by changingonly the values in italic. # JNDI factory class.java.naming.factory.initial weblogic.jndi.WLInitialContextFactory# Server URL(s). May be a comma separated list of URLs if running against a clusterjava.naming.provider.url t3s://ps0092.persistent.co.in:7002# Command API Client User ID.com.rsa.cmdclient.user CmdClient vl5t8ibg# Command API Client User Passwordcom.rsa.cmdclient.user.password HDnqnyX1bP# Identity Certificate Key Store Passwordcom.rsa.ssl.client.id.store.password HS8vyTCiGS# Identity Certificate Private Key Passwordcom.rsa.ssl.client.id.key.password Cb4PK5OLuT# Provider URL for Two-Way SSL client authenticationims.ssl.client.provider.url t3s://ps0092.persistent.co.in:7022# Identity keystore for Two-Way SSL client ename E:\Program Files\IBM\TDI\V7.1\timsol\rsaTruststore.jks# Identity keystore private key alias for Two-Way SSL client authenticationims.ssl.client.identity.key.alias client-identity# Identity keystore trusted root CA certificate aliasims.ssl.client.root.ca.alias E:\Program Files\IBM\TDI\V7.1\timsol\rsaTruststore.jks# SOAPCommandTargetBasicAuth provider URLims.soap.client.provider.url nabling secure communication between the adapter and the RSAAuthentication Manager serverYou must enable secure communication between the adapter and the server that itmanages.About this taskWhen you install RSA Authentication Manager, the system creates a self-signedserver (root) certificate and stores it in an RSA AM HOME/server/security/server name.jks file. Export this root certificate and store it in a trust store in yourTivoli Directory Integrator environment.12IBM Security Identity Manager: RSA Authentication Manager Adapter Installation and Configuration Guide
Procedure1. Export the root certificate.a. From a command prompt on the RSA Authentication Manager server,change to the RSA AM HOME/appserver directory.b. Issue the following command on one line:jdk/jre/bin/keytool –export–keystore RSA AM HOME/server/security/server name.jks-file am root.cer–alias rsa am cac. At the prompt for the keystore password, press Enter without typing apassword.Note: A warning screen is displayed, but the root certificate is exported.The certificate file is RSA AM HOME/appserver/am root.cert.2. Create a trust store for the root certificate.a. Transfer the exported root certificate file to Tivoli Directory Integrator.b. Change directory to the adapters solution directory. For example,ITDI HOME/timsolc. Issue the following command
server, and the RSA Authentication Manager Adapter on one server. This configuration establishes communication with the RSA Authentication Manager server. The RSA Authentication Manager server is installed on a different serve
