Table of Contents
Advertisement
– Updates "WP AuthencationService" to enable the JAAS login module Portal_Login.
As of the writing of this Redpaper, portal development is testing a new configuration task
for supporting TAI++, with which we no longer create callbackheaderslist.properties and
the requirement of the JAAS Login module Portal_Login. Check the portal support Web
site for the APAR.
action-esm-tam-update-vaultservice: WebSphere Portal comes with a default vault
adapter for storing the credential vaults used in portal applications. The vaults are stored
in the portal database. Alternatively, you can configure TAM's Global Sign On (GSO)
lockbox to store the credential vaults. That is when you need to configure TAM vault
adapter, which is done by running action-esm-tam-update-vaultservice. This task
basically takes the parameters and sets up the four custom properties in WP VaultService:
– vault.AccessManager.vaultadapter=com.ibm.wps.services.credentialvault.AccessManag
er41VaultAdapter
– vault.AccessManager.config=accessmanagervault.properties
– vault.AccessManager.manageresources=true
– vault.AccessManager.readonly=false
Customizations
The configuration tasks are limited to general configurations applicable to most customer
scenarios. If the steps documented in WebSphere Portal infoCenter are followed, you should
have a working system after running the tasks. If there are special customizations required on
the junctions created from the TAM side, or special requirements on the TAI from the
WebSphere side (for example, TAI++), manual steps are required.
If you are configuring an LTPA junction on WebSEAL, you should not configure TAI on
WebSphere Application Server. That means you should not run any of the configuration tasks
above. Instead, you should create the junction through the TAM PD admin interface to the
HTTP server. You should make sure the LTPA key is generated from the WebSphere
Application Server and shared among the SSO participating servers.
With the LTPA junction, when the requests are passed to WebSphere Application Server, the
LTPA is already associated with the requests, so WebSphere Application Server would treat
the requests as being authenticated. It would then retrieve the user info from the token and
build up the security context.
In order to configure TAI++ to take advantage of this new WebSphere feature, manual steps
are required as of the writing of this Redpaper. Refer to WebSphere Application Server
InfoCenter for details
4.3 Problem determination
In this section, we are not going to discuss the step-by-step process of debugging different
scenarios. There are millions of reasons something can go wrong. Here we only present
some general principles and guidelines to help users of WebSphere Portal to understand the
general procedures in troubleshooting their problems.
4.3.1 General problem determination recommendations
Here we discuss some general problem determination recommendations.
102
IBM WebSphere Portal V6 Self Help Guide
Advertisement
Table of Contents
Troubleshooting
