...

IBM® Security Access Manager for Enterprise Single Sign-On

by user

on
Category: Documents
100

views

Report

Comments

Transcript

IBM® Security Access Manager for Enterprise Single Sign-On
IBM® Security Access Manager for
Enterprise Single Sign-On
P<8gs 8.2
I}T,$I
SC88-5930-02
(Q865'SC23-9551-03)
IBM® Security Access Manager for
Enterprise Single Sign-On
P<8gs 8.2
I}T,$I
SC88-5930-02
(Q865'SC23-9551-03)
*j$
\q*hS\qGRp9k=Jr4HQKJk0K" 63 Z<8NXC-v`YK-\5lF$kpsr*I_/@5$#
m: \qO"IBM Security Access Manager for Enterprise Single Sign-On (=JVf 5724–V67) NP<8gs
8.2"*hS77$GG@-5lF$J$Bj"J_N9YFNjj<9*hSbG#U#1<7gsK,Q5l^
9#
*RMND-KhCFO"qAfN_-f,PC/9iC7eH=(5l?j"PC/9iC7e,_-fH=(5
l?j9klg,"j^9#
!
65' SC23-9951-03
IBM® Security Access Manager for Enterprise Single Sign-On
Version 8.2
Administrator Guide
/T' |\"$&S<&(`t0qR
4v' His9l<7gs&5<S9&;s?<
h1~ 2012.3
© Copyright IBM Corporation 2002, 2012.
\!
\qKD$F . . . . . . . . . . . . . v
\qNP]IT . . . . . . . . . . . . . v
\qNbF . . . . . . . . . . . . . . . v
qA . . . . . . . . . . . . . . . . . vi
IBM Security Access Manager for Enterprise Single
Sign-On i$Vij< . . . . . . . . . . vi
QlXN*si$s&"/;9 . . . . . . . ix
^Ke"kXN*si$s&"/;9 . . . . . ix
^Ke"kN4m8 . . . . . . . . . . . ix
"/;7SjF#< . . . . . . . . . . . . ix
Tivoli ;Q&$ . . . . . . . . . . . . . ix
Tivoli f<6<&0k<W . . . . . . . . . ix
5]<Hps . . . . . . . . . . . . . . x
\qN,' . . . . . . . . . . . . . . . x
qNN,' . . . . . . . . . . . . . . x
*Zl<F#s0&79F`KM89kQt*h
SQ9 . . . . . . . . . . . . . . . xi
h 1 O 5W . . . . . . . . . . . . . 1
I}?9/ . . . . . .
AccessAdmin XNm0*s
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 1
. 1
h 2 O f<6<*hSrdNI}. . . . 3
rdNdjvF . . . . . . . . . . . . .
XkW&G9/XNf<6<NdjvF . . . . .
f<6<NhjC7 . . . . . . . . . . . .
f<6<&WmU!$kN=( . . . . . . . .
XkW&G9/XNf<6<*hSFsWl<HNd
jvF . . . . . . . . . . . . . . . .
3
4
4
5
© Copyright IBM Corp. 2002, 2012
. 8
. 9
. 10
. 11
. 11
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 18
h 4 O 'ZWGNI}. . . . . . . . 19
Q9o<I&]j7<N_j . . . . . . .
'ZWG]j7<N_j . . . . . . . . .
Xf*hS RFID 'ZN>}XN]j7<N_j
f<6<NvD3<IN8. . . . . . . .
f<6<KD$FN ActiveCode NHQD== . .
f<6<N ActiveCode P~'Z5<S9NmC
/ . . . . . . . . . . . . . . .
f<6<N ActiveCode No| . . . . . .
'ZWGNhjC7 . . . . . . . . . .
Wallet ]j7<N_j. . . . . . . . . .
Wallet 'Z]j7<N_j . . . . . . .
Wallet NmC/ . . . . . . . . . . .
.
.
.
.
.
19
20
23
24
25
.
.
.
.
.
.
25
25
26
26
26
27
h 5 O m0N}8*hSF:l]<HN
8. . . . . . . . . . . . . . . . . 29
AccessAdmin GNF:m0N}8 . . . . . .
f<6<F:m0N=( . . . . . . . .
+9?`&$YsHNHiC-s0 . . . .
Tivoli Common Reporting D<k 1.2 GNl]<H
N8. . . . . . . . . . . . . . . .
Tivoli Common Reporting D<k 2.1 GNl]<H
N8. . . . . . . . . . . . . . . .
. 29
. 29
. 30
. 30
. 32
U? A. IMS =.f<F#jF#<XN
"/;9 . . . . . . . . . . . . . . 35
6
h 3 O ]j7<&FsWl<HNI} . . 7
]j7<&FsWl<HN;CH"CW . . . .
f<6<&]j7<&FsWl<HNn. . . .
f<6<&]j7<&FsWl<HN,Q . . .
7,f<6<XNf<6<&]j7<&FsWl<
HN+0djvF . . . . . . . . . . .
]j7<Q9N,Q . . . . . . . . . .
f<6<&]j7<&FsWl<H^?O^7s&
]j7<&FsWl<HNo| . . . . . . .
^7s&]j7<&FsWl<HNn. . . . .
^7s&]j7<&FsWl<HN,Q . . . .
^7sp`N_j . . . . . . . . . . .
^7s&?0Nn. . . . . . . . . . .
3sTe<?<N!w . . . . . . . . . .
0-Khk!w . . . . . . . . . . .
FsWl<HKhk!w . . . . . . . .
^7s&]j7<&FsWl<HNgxN=<H .
79F`&]j7<N_j . . . . . . . .
'Z5<S9&]j7<N_j . . . . . . .
"Wj1<7gs&]j7<N_j .
12
13
13
14
15
16
16
16
17
17
18
U? B. "CW0l<I5l? IMS
Server GN]j7<N97 . . . . . . 37
U? C. 8.1 +i 8.2 KJCFQ95l
?]j7< . . . . . . . . . . . . . 46
U? D. 8.0.1 +i 8.2 GQ95l?]
j7< . . . . . . . . . . . . . . . 54
U? E. F:m0&$YsH . . . . . . 55
U? F. F:l]<H . . . . . . . . . 61
C-v` . . . . . . . . . . . . . . 63
Ql8 . . . . . . . . . . . . . . . 67
wz . . . . . . . . . . . . . . . . 79
iii
iv
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
\qKD$F
IBM® Security Access Manager for Enterprise Single Sign-On GO"5$s*s/5$
s*UN+0="'ZI}"*hSf<6<&HiC-s0rs!9k3HKh
j"/OJG8?k ID XN7<`l9JQ9rs!7^9#VIBM Security
Access Manager for Enterprise Single Sign-On I}T,$IWGO"=J*hS=N
3s]<MsHN;CH"CW"I}*hSF9HNjgKD$Fb@7^9#\
qGO"bt$sWjasF<7gsN\Yr^`"=JN!=*hS;CH"C
W&*W7gsKD$Fhje2^9#
\qNP]IT
\qO"\RNCjNHQ}!Kgo;F"IBM Security Access Manager for
Enterprise Single Sign-On rH%*hS+9?^$:9k}!r}r7F$kF/K
+k&f<6<rP]H7F$^9#
\qO"J<NnHrBT9k,WN"kI}T*hS79F`&Wm0i^<r
P]H7^9#
v IMS Server N]i#
v f<6<*hSrdNI}#
v ]j7<*hS]j7<&FsWl<HNI}#
v 'ZWGNI}#
v F:m0*hSl]<HN8.#
ITOJ<NHTC/K,O7F$k,W,"j^9#
v 5<P<*hSG<?Y<9NI}#
v H%KC-Nps#
\qNbF
\qKO"J<N;/7gs,^^l^9#
v
1 Z<8NXh 1 O 5WY
IBM Security Access Manager for Enterprise Single Sign-On I}?9/N5WH
AccessAdmin Nb@,-\5lF$^9#
v
3 Z<8NXh 2 O f<6<*hSrdNI}Y
AccessAdmin rHQ7?"f<6<NI}*hSrdNdjvF}!KD$Fb
@7^9#
v
7 Z<8NXh 3 O ]j7<&FsWl<HNI}Y
]j7<&FsWl<HKX9kb@"*hSf<6<H3sTe<?<KP7
FFsWl<Hrn.*hSo|9k}!,-\5lF$^9#
v
19 Z<8NXh 4 O 'ZWGNI}Y
© Copyright IBM Corp. 2002, 2012
v
FoN'ZWGKD$Fhje2"'ZWGX"N]j7<NI}}!KD$F
b@7^9#
v
29 Z<8NXh 5 O m0N}8*hSF:l]<HN8.Y
F:l]<HN8.*hSF:m0N}8rT&}!KD$Fb@7^9#
v
35 Z<8NXU? A. IMS =.f<F#jF#<XN"/;9Y
IMS =.f<F#jF#<K"/;99k?aNjgKD$Fb@7^9#
v
37 Z<8NXU? B. "CW0l<I5l? IMS Server GN]j7<N97Y
IMS Server N"CW0l<I~K]j7<r979k?aNjgKD$Fb@7
^9#
v
39 Z<8NXU? C. 8.1 +i 8.2 KJCFQ95l?]j7<Y
8.1 +i 8.2 KJCFQ95l?9YFN]j7<Nj9H,-\5lF$^
9#
v
47 Z<8NXU? D. 8.0.1 +i 8.2 GQ95l?]j7<Y
8.0.1 +i 8.2 KJCFQ95l?9YFN]j7<Nj9H,-\5lF$^
9#
v
55 Z<8NXU? E. F:m0&$YsHY
f<6<&m0"I}Tm0"79F`&m0JI"5^6^J?$WNm0K
D$F\7/b@7^9#
qA
3N;/7gsKO"IBM Security Access Manager for Enterprise Single Sign-On
i$Vij<K"kqA,j9H5lF$^9#3N;/7gsGO"Tivoli® qA
XN*si$sGN"/;9}!d Tivoli qANm8}!KD$Fb@7^9#
IBM Security Access Manager for Enterprise Single Sign-On
i$Vij<
IBM Security Access Manager for Enterprise Single Sign-On i$Vij<GO"J
<NqAr~jG-^9#
v IBM Security Access Manager for Enterprise Single Sign-On Quick Start Guide"
CF38DML
IBM Security Access Manager for Enterprise Single Sign-On rGWm$7"HQ
9k?aNgJ$s9H<k&?9/*hS=.?9/KD$FN/$C/&9
?<H&,$IH7F"3NqAr*I_/@5$#
v IBM Security Access Manager for Enterprise Single Sign-On WhHGWm$asH
N,$I"SC88-5931-02
$s9H<k&?9/*hS=.?9/rBT9k0K"3N,$Ir*I_/
@5$#3N,$IO"GWm$asHNWhHD-N`wKr)A^9#3N
,$IO"=JNU#<Ac<d3s]<MsHN5W",WJ$s9H<kH
vi
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
=."5^6^JGWm$asH&7Jj*KD$Fb@7F$^9#^?"b
DQ-HR2|lrB=9k}!KD$Fb@7F$^9#
v IBM Security Access Manager for Enterprise Single Sign-On $s9H<k&,$
I"GI88-4225-01
IBM Security Access Manager for Enterprise Single Sign-On N$s9H<k""
CW0l<I"*hS"s$s9H<kN\YJjgKD$FO"3N,$Ir
*I_/@5$#
3N,$IO"Fo=J3s]<MsHH=l>lN,\_Ik&'"r$s9
H<k9kH-"5iKO=JNGWm$asHN?aK,WJi|=.rT&
H-Kbr)A^9#>["Wi$"s9"WebSphere® Application Server Base
(G#7gs"*hS Network Deployment rHQ9kjg,-\5lF$^
9#
v IBM Security Access Manager for Enterprise Single Sign-On =.,$I"
GC88-8274-01
IMS Server N_j"AccessAgent f<6<&$s?<U'<9"*hS=N0n
r=.9klgK"3N,$Ir*I_/@5$#
v IBM Security Access Manager for Enterprise Single Sign-On I}T,$I"
SC88-5930-02
3N,$IO"I}TrP]H7^9#5^6^JI}T?9/KD$Fb@7
F$^9#3N,$IO"]j7<&FsWl<HNn.HdjvF"]j7<
NMNT8"m0Hl]<HN8."*hS IMS Server H=NG<?Y<9N
PC/"CWN?aNjgr-\7F$^9#3N,$IO"VIBM Security
Access Manager for Enterprise Single Sign-On ]j7<jA,$IWH;;FHQ
7F/@5$#
v IBM Security Access Manager for Enterprise Single Sign-On XkW&G9/&,$
I"SC88-5932-02
3N,$IO"XkW&G9/4vTrP]H7^9#3N,$IO"LoO'
ZWGKX9kf<6<+iNHqdWarXkW&G9/4vT,I}9k]
Kr)A^9#3N,$IO"VIBM Security Access Manager for Enterprise
Single Sign-On ]j7<jA,$IWH;;FHQ7F/@5$#
v IBM Security Access Manager for Enterprise Single Sign-On ]j7<jA,$I"
SC88-8276-01
I}T, AccessAdmin G=.G-kFoNf<6<&]j7<"^7s&]j7
<"*hS79F`&]j7<N\YJb@KD$FO"3N,$Ir*I_/
@5$#3N,$IO"VIBM Security Access Manager for Enterprise Single
Sign-On I}T,$IWH;;FHQ7F/@5$#
v IBM Security Access Manager for Enterprise Single Sign-On HiVk7e<F#s
0H5]<H&,$I"GC88-8275-01
$s9H<k""CW0l<I"*hS=JNHQKX7Fdj,/87?lg
O"3N,$Ir*I_/@5$#3N,$IO"=JN{NNdjH)Bv`
KD$F-\7F$^9#djNIurN'7"srvr+D1P9NKr)A
^9#U#C/9"N1Y<9"5]<HKX9kpsbs!7^9#
\qKD$F
vii
v IBM Security Access Manager for Enterprise Single Sign-On AccessStudio ,$I"
SC88-5934-02
WmU!$krn.^?OT89klgO"3N,$Ir*I_/@5$#3N
,$IGO"5^6^J"Wj1<7gs&?$WQN8`N AccessProfile *h
SH% AccessProfile Nn.HT8Njgrb@7F$^9#^?"'Z5<S9
H"Wj1<7gs&*V8'/HNI}KX9kps"*hS AccessStudio N
=N>N!=dU#<Ac<KD$FNpsrs!7^9#
v IBM Security Access Manager for Enterprise Single Sign-On WmS8gKs0&$
sF0l<7gs&,$I"SC88-5935-02
WmS8gKs0N?aNFoN Java API *hS SOAP API NpsKD$F
O"3N,$Ir*I_/@5$#^?"3N,$IGO"WmS8gKs0&
(<8'sHN$s9H<kH=.Njgbb@7F$^9#
v IBM Security Access Manager for Enterprise Single Sign-On qJpsI}N?aN
Web API"SA88-4639-00
3N,$IO"qJpsNI}QN Web API r$s9H<k*hS=.9kl
gK*I_/@5$#
v IBM Security Access Manager for Enterprise Single Sign-On Lightweight
AccessAgent mode on Terminal Server SDK Guide"SC14-7657-00
AccessAgent r Terminal Services "Wj1<7gsH}g9k>[AcMk&3
M/?<rn.9k}!N\YKD$FO"3N,$Ir*I_/@5$#
v IBM Security Access Manager for Enterprise Single Sign-On Serial ID SPI Guide"
SC14-7626-00
IBM Security Access Manager for Enterprise Single Sign-On O"RFID JIN"7
j"kVfr^`GP$9KP9k5<S9&WmP$@<&$s?<U'<9
(SPI) rw(F$^9#7j"kVfr}D$UNGP$9r}g7"=NGP$
9r AccessAgent Gh 2 'ZWGH7FHQ9k}!rNj?$lgK"3N
,$Ir2H7F/@5$#
v IBM Security Access Manager for Enterprise Single Sign-On Context Management
Integration Guide"SC23-9954-03
3N,$IO"Context Management =je<7gsr$s9H<k*hS=.9
klgK*I_/@5$#
v IBM Security Access Manager for Enterprise Single Sign-On f<6<:&,$I"
SC88-5929-02
3N,$IO"(sI&f<6<rP]H7^9#3N,$IGO"AccessAgent
*hS Web Workplace rHQ9kjgrb@7F$^9#
v IBM Security Access Manager for Enterprise Single Sign-On (i<&aC;<8
jU!ls9&,$I"GA88-4640-00
3N,$IGO"IBM Security Access Manager for Enterprise Single Sign-On K
X"9k9YFNLNaC;<8"YpaC;<8"(i<&aC;<8KD$
Fb@7F$^9#
viii
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
QlXN*si$s&"/;9
IBM Terminology Web 5$HO"IBM =Ji$Vij<NQlr 1 UjK^Ha
?XxJ5$HG9#J<K(9 Web "Il9G Terminology Web 5$HK"/
;9G-^9#
http://www.ibm.com/software/globalization/terminology
^Ke"kXN*si$s&"/;9
J<OQlN_NP~HJj^9#IBM O"\=J*hS>N Tivoli =JNqA
,xQD=KJC?H-*hS975l?H-"Tivoli =UH&'"&$sU)a
<7gs&;s?<N Web 5$H (http://www.ibm.com/tivoli/documentation) KG(
7F$^9#
m: l?<5$:J0NQfK PDF 8qru~9klg"Adobe Reader ,l?<
5$:NZ<8r4HQNQfKu~G-kh&K"VU!$kW > Vu~W&#
sI&G*W7gsr_j7^9#
^Ke"kN4m8
|\ IBM /TN^Ke"kO$s?<MCHP3Gb4X~$?@1^9#\7
/O http://www.ibm.com/jp/manuals/ NV^Ke"k&PG*psWr4w/@5
$#(URL O"Q9KJklg,"j^9)
"/;7SjF#<
"/;7SjF#<!=O"?0c2^?OkPc2JIHNKc2r}Df<6
<,=UH&'"&Wm@/Hrw,KHQG-kh&K5]<H7^9#3N=
JGO"$s?<U'<9r;<PO7FJS2<H9kYg;QrxQG-^
9#^?"^&9GOJ/-<\<IrHQ7F"0iU#+k&f<6<&$s
?<U'<9N9YFN!=r`n9k3HbG-^9#
\7/O"VIBM Security Access Manager for Enterprise Single Sign-On WhHGW
m$asHN,$IWNX"/;7SjF#<!=Yr2H7F/@5$#
Tivoli ;Q&$
J<OQlN_NP~HJj^9#Tivoli ;Q&$NpsKD$FO"J<N IBM
Tivoli &$ Web 5$H (http://www.ibm.com/software/tivoli/education) r2H7F/
@5$#
Tivoli f<6<&0k<W
Tivoli f<6<&0k<WO"Tivoli f<6<K"Tivoli Software =je<7gs
NBu~Kr)Dpsrs!9k"H)7?"f<6<KhCFBT5lkasP
<7CWH%G9#3liN0k<Wrp7F"asP<Opsr&-7">N
Tivoli f<6<NN1*hSP3+iXV3H,G-^9#Tivoli f<6<&0k
<WKO"J<NasP<*hS0k<W,^^l^9#
v 23,000 r6(kasP<
v 144 r6(k0k<W
\qKD$F
ix
Tivoli Users Group KX7F\7/O"www.tivoli-ug.orgK"/;97F/@5$#
5]<Hps
IBM =UH&'"Gdj,/87?lg"W.Jrh,>^l^9#IBM GO"J
<N}!G,WJ5]<Hrs!7F$^9#
*si$s
IBM =UH&'"&5]<H&5$H (http://www.ibm.com/software/support/
probsub.html (QlN_NP~)) K"/;97"X(K>CF/@5$#
IBM Support Assistant
IBM Support Assistant O"5ANm<+k&=UH&'"]io</Ys
AG"j"IBM =UH&'"=JKX9kAdddjrrh9kNKr)
A^9#IBM Support Assistant rHQ9kH"5]<HKX"9kps*
hS]iFW-D<kKGa/"/;97F"djr=L9k3H,G-^
9# IBM Support Assistant =UH&'"r$s9H<k9kKO"
http://www.ibm.com/software/support/isa (QlN_NP~) K"/;97F/
@5$#
HiVk7e<F#s0&,$I
djNrhKD$F\7/O"XIBM Security Access Manager for
Enterprise Single Sign-On HiVk7e<F#s0H5]<H&,$IYr
2H7F/@5$#
\qN,'
\qGO"ClJQld"/7gs"*Zl<F#s0&79F`KM89k3^
sIdQ9"*hS^<8s&0iU#C/9KX7F$/D+N,'rHQ7F
$^9#
qNN,'
\qGO"J<NqNN,'rHQ7^9#
@z
v ~ONF-9HHNhL,q7$.8z3^sI*hSg/.8z.g3
^sI
v $s?<U'<9&3sHm<k (A'C/&\C/9"WC7e\?
s"i8*&\?s"9Ts&\?s"U#<kI"U)k@<""$3
s"j9H&\C/9"j9H&\C/9bN`\"#tsNj9H"3
sFJ<"aKe<*r"aKe<>"?V"WmQF#<&7<H) *
hSiYk (VRsH:W*hSV*Zl<F#s0&79F`NM8v
`:WJI)
v \8fN-<o<I*hSQia<?<
$?jC/
v zQ (c: qA"G#91CH"*hS CD N?$Hk)
v F-9HbGjA5lk1l (c: sr9s~O Point-to-Point s~ HF
Plk)
x
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
v 1ld8zN/4 (1lI*jN1lNc: V)Bar3/KO"1l
that rHQ7^9#W8zI*jN8zNc: VLUN "Il9Oh,K
8z L ,,WG9#W)
v \8fN7,NQl (jAj9HbNQlO|/): Se< HO"o</
9Z<9bNUl<`G"j"G<?,^^l^9#
v Xj9k,W,"kQt*hSM: ... 33G"myname O ... r=7^
9#
bN9Z<9
v c*hS5sWk&3<I
v U!$k>"Wm0i_s0&-<o<I"*hS~ONF-9HHNh
L,$qJ=N>NWG
v f<6<KP7F=(5lkaC;<8&F-9H*hSWmsWH
v f<6<,~O9k,W,"kF-9H
v zt^?O3^sI&*W7gsNM
*Zl<F#s0&79F`KM89kQt*hSQ9
3NqAGO"D-QtNXj"*hSG#l/Hj<=-K UNIX ,',HQ5
l^9#
Windows 3^sITrHQ9klg"D-QtN $variable r % variable% KV
-9("G#l/Hj<&Q9N9iC7e (/) r_-f (¥) KV-9(F/@5
$#D-QtN>0O"Windows H UNIX D-GoK18H$&o1GO"j^
;s#c(P"Windows D-GN %TEMP% O"UNIX D-GO $TMPDIR KJ
j^9#
m: Windows 79F`G bash 7'krHQ7F$klg"UNIX N,'rHQ9
k3H,G-^9#
\qKD$F
xi
xii
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
h 1 O 5W
3N;/7gsGO"I}TNFo?9/N5WKD$Fb@7^9#AccessAdmin
rHQ7F"f<6<"rd"]j7<"*hSl]<HrI}7^9#
\YKD$FO"!NHTC/r2H7F/@5$#
v XI}?9/Y
v XAccessAdmin XNm0*sY
I}?9/
I}TO"f<6<"]j7<&FsWl<H"'ZWG"l]<HNI}"*h
S IMS Server PC/"CWNh@rBTG-^9#
BTbF
psN~jh
f<6<NI}
3 Z<8NXh 2 O f<6<*hSrdN
I}Y
v rdNdjvF*hShjC7rT$^
9#
]j7<&FsWl<HNI}
7 Z<8NXh 3 O ]j7<&FsWl<
HNI}Y
v ^7s"f<6<"*hS79F`N]j
7<&FsWl<HrHQ7F"IBM
Security Access Manager for Enterprise
Single Sign-On 79F`4NN0nr)f
7^9#
'ZWGNI}
19 Z<8NXh 4 O 'ZWGNI}Y
v Q9o<I"RFID"9^<H&+<IJ
I"'ZWGKX"9k]j7<rQ97
^9#
l]<HN8.
v F:psrHQ7F IBM Security Access
Manager for Enterprise Single Sign-On I}
rH%7^9#
IMS Server NPC/"CW
29 Z<8NXh 5 O m0N}8*hSF
:l]<HN8.Y
\7/O"VIBM Security Access Manager
for Enterprise Single Sign-On =.,$IWr
2H7F/@5$#
AccessAdmin XNm0*s
AccessAdmin O"IMS Server N WebY<9I}$s?<U'<9G9#
AccessAdmin Km0*s7F"f<6<"]j7<"'ZWG"*hSl]<HN
I}rT$^9#
© Copyright IBM Corp. 2002, 2012
1
jg
1. AccessAdmin KJS2<H7^9#
v m<I&Pis5<rHQ9klg"J<K"/;97^9#
https:// <loadbalancer_hostname>:<ihs_ssl_port>/admin.
v m<I&Pis5<rHQ7J$lg"J<K"/;97^9#
https:// <ims_hostname>:<ihs_ssl_port>/admin.
2. AccessAgent K"]j7<r,Q9km1<7gsKgC?@lr*r7^9#
3. I}Tf<6<>HQ9o<Ir~O7^9#
4. Vm0*sWr/jC/7^9#
2
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
h 2 O f<6<*hSrdNI}
IBM Security Access Manager for Enterprise Single Sign-On KO"I}T"Xk
W&G9/"*hSf<6<N 3 DNrd,8_7^9#rdNdjvF"f<6
<NXkW&G9/rdXNdjvF"f<6<No|"*hSf<6<_jN=
(,G-^9#
\YKD$FO"!NHTC/r2H7F/@5$#
v XrdNdjvFY
v
4 Z<8NXXkW&G9/XNf<6<NdjvFY
v
4 Z<8NXf<6<NhjC7Y
v
5 Z<8NXf<6<&WmU!$kN=(Y
v
6 Z<8NXXkW&G9/XNf<6<*hSFsWl<HNdjvFY
rdNdjvF
AccessAdmin G"I}Trd"XkW&G9/rd"^?Of<6<rdrf<6
<KdjvFk3H,G-^9#
3N?9/KD$F
FrdKO"[JkU$OOHC","j^9#
I}T
v IMS Server N=.fKWmS8gs5l^9#
v AccessAdmin *hS AccessStudio "Wj1<7gsXN4"/;9"B
r}A^9#
v AccessAdmin G"$UNf<6<rI}Trd^?OXkW&G9/rd
K:J"*hS_J5;k3H,G-^9#I}TO+,N"+&sHr
_J5;k3HOG-^;s#
v IMS Server +i AccessProfile Nn.""CWm<I*hS@&sm<I
rT(^9#
XkW&G9/4vT
v f<6<'ZWG*hSf<6<&]j7<rI}G-^9#
v vD3<Ir/TG-^9#
f<6<
v Fo79F`*hS"Wj1<7gsKm0*sG-^9#
v f<6<,Q9o<Ir:l?lgd"+&sH,mC/"&H5l?l
gK"I}T*hSXkW&G9/4vTKYgraak3H,G-^
9#
© Copyright IBM Corp. 2002, 2012
3
jg
1. AccessAdmin Km0*s7^9#
2. f<6<r!w7^9#
3. Vf<6<&WmU!$kWZ<8G"VI}]j7<WQMk^G9/m<k
@&s7^9#
4. ImCW@&s&\C/9+irdr*r7^9#
5. V97Wr/jC/7^9#
XkW&G9/XNf<6<NdjvF
=JKX9kYg,,WKJkH"f<6<O+,KdjvFil?XkW&G9
/4vTKYgraa^9#=N?a":v9kXkW&G9/4vT,+,Kd
jvFil?9YFNf<6<r=(*hSI}G-kh&K"f<6<rXk
W&G9/rdKdjvFk,W,"j^9#
jg
1. AccessAdmin Km0*s7^9#
2. f<6<r!w7^9#
3. Vf<6<&WmU!$kWZ<8G"VI}]j7<W^G9/m<k@&s
7^9#
4. f<6<rdjvFkXkW&G9/4vTr*r7^9#
5. V97Wr/jC/7^9#
f<6<NhjC7
f<6<rhjC9+^?OWmS8gsr|G-^9#3N?9/O"Lof<
6<,H%r%lklgKBT5l^9#
3N?9/KD$F
f<6<rhjC9H"=Nf<6<&"+&sHO1W*KHQTDKJj"1
l>Nf<6<On.G-J/Jj^9#f<6<rhjC9]"9YFNf<6
<F:G<?OG<?Y<9bK]}5l^9#
WmS8gsr|5l?f<6<O"AccessAgent Km0*sG-^;s#WmS8
gsr|5l?f<6<, AccessAgent XNm0*srnT9kH"-cC7e5
l?f<6< Wallet ,o|5l^9#AccessAgent , IMS Server K\3G-J$
lgGb"f<6<OJ_N"/;9OG-^;s#
jg
1. AccessAdmin Km0*s7^9#
2. f<6<r!w7^9#
3. Vf<6<&WmU!$kWG"VI}]j7<WQMk^G9/m<k@&s
7^9#
4. Vf<6<NhjC7Wr/jC/7^9#
5. V97Wr/jC/7^9#
4
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
f<6<&WmU!$kN=(
AccessAdmin Gf<6<&WmU!$kr!w7F"'Z*hSI}N_jr=(
7^9#
jg
1. AccessAdmin Km0*s7^9#
2. Vf<6<N!wW > V!wWr*r7^9#
3. !wNP]rV!wP]WU#<kIK~O7^9#
RsH: t,*KlW9kkLr!w9kKO"8zNeK"9?j9/ (*) r
~O7F/@5$#c(P"8z i GO^kf<6<>Nf<6<r9YF!
w9kKO"i* H~O7^9#
4. !wrorV!wp`W+i*r7^9#
5. V!wWr/jC/7^9#
6. f<6<>r/jC/7^9# J<Njs/,=(5l^9#
*W7gs
b@
F:m0
3Njs/KO"f<6<&"/F#SF#
<KX9kqN*J\Y,^^lF$^9#
c(P"~o"IP "Il9"SOCI ID JI
G9#
'Z5<S9
3Njs/KO"f<6<KP7F-zKJ
CF$k5^6^J?$WN'Z5<S9,
^^l^9#
7. Z<8r9/m<k@&s7^9#J<N\Y,"Vf<6<&WmU!$kW
N<K=(5l^9#
v >0
v +
v E a<k&"Il9
v (s?<Wi$:&f<6<>
v f<6<&Wjs7Qk> (UPN)
v Mobile ActiveCode ECVf
v Mobile ActiveCode E a<k&"Il9
v Mobile ActiveCode _j
v XkW&G9/NvD
v 'ZWG
v OTP H</sdjvF
v -cC7eK~lil? Wallet
v Wallet N"/;9)f
v I}]j7<
v 'Z]j7<
v AccessAssistant *hS Web Workplace N]j7<
h 2 O f<6<*hSrdNI}
5
v Wallet ]j7<
v AccessAgent ]j7<
v 'Z5<S9&]j7<
XkW&G9/XNf<6<*hSFsWl<HNdjvF
f<6<O"+,KdjvFil?XkW&G9/4vTKP7F"=JNYgr
aa^9#=Nh&JlgKw(F":v9kXkW&G9/4vT,+,Kdj
vFil?9YFNf<6<r=(*hSI}G-kh&K"f<6<rXkW&
G9/KdjvFk,W,"j^9#
3N?9/KD$F
7,XkW&G9/&f<6<,"9YFN7,f<6<rI}D=+I&+r=
G7^9#D=G"klgO"7,XkW&G9/&f<6<K+0*K9YFN
]j7<&FsWl<H*hS7,f<6<rdjvFk3H,G-^9#
jg
1. IMS =.f<F#jF#<Km0*s7^9#
2. VH%_jW > VAccessAdminW > Vf<6<0-W > V9YFN]j7
<&FsWl<HHf<6<r7,XkW&G9/&f<6<K+0*Kdjv
FkWr*r7^9#
3. V97Wr/jC/7^9#
6
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
h 3 O ]j7<&FsWl<HNI}
]j7<&FsWl<HHO"v0jA5l?l"Nf<6<&]j7<^?O3
sTe<?<&]j7<G"j"f<6<^?O3sTe<?<K,Q9k3H,
G-^9#f<6<*hS3sTe<?<N]j7<&FsWl<HNn."dj
vF"*hS=.,G-^9#79F`&]j7<KOFsWl<HO"j^;
s#
J<N=K"I}T*hSXkW&G9/rdH=N]j7<C"N\Yr(7^
9#
rd
79F`&]j7<
3sTe<?<&]
j7<
f<6<&]j7<
I}T
=(*hSQ9,D
=
=(*hSQ9,D
=
=(*hSQ9,D
=
XkW&G9/
=(N_D=
=(N_D=
=(*hSQ9,D
= (I}]j7<r|
/)
J<rQ9D=:
v Wallet 'Z]j7
<
v AccessAgent ]j7
<
J<N=K"f<6<*hS^7sN]j7<&FsWl<H*hS79F`&]
j7<NI}KX89k?9/N\Yr(7^9#
BTbF
psN~jh
f<6<^?O^7sN]j7<&FsWl
<Hr+0*Kn.9k#(*W7gs)
8 Z<8NX]j7<&FsWl<HN;C
H"CWY
f<6<&]j7<&FsWl<Hrn.9
k#
9 Z<8NXf<6<&]j7<&FsWl
<HNn.Y
f<6<&]j7<&FsWl<Hr,Q9
k#
10 Z<8NXf<6<&]j7<&FsW
l<HN,QY
f<6<&]j7<&FsWl<Hr7,f
<6<K+0*KdjvFk#(*W7gs)
11 Z<8NX7,f<6<XNf<6<&
]j7<&FsWl<HN+0djvFY
f<6<&]j7<&FsWl<Hro|9
k#(*W7gs)
12 Z<8NXf<6<&]j7<&FsW
l<H^?O^7s&]j7<&FsWl<
HNo|Y
^7s&]j7<&FsWl<Hrn.9
k#
13 Z<8NX^7s&]j7<&FsWl
<HNn.Y
^7s&]j7<&FsWl<Hr,Q9
k#
13 Z<8NX^7s&]j7<&FsWl
<HN,QY
© Copyright IBM Corp. 2002, 2012
7
BTbF
psN~jh
^7s&]j7<&FsWl<Hr3sTe
<?<K+0*KdjvFk#(*W7gs)
14 Z<8NX^7sp`N_jY
^7s&]j7<&FsWl<Hro|9
k#(*W7gs)
12 Z<8NXf<6<&]j7<&FsW
l<H^?O^7s&]j7<&FsWl<
HNo|Y
79F`&]j7<r_j9k#
17 Z<8NX79F`&]j7<N_jY
'Z5<S9&]j7<r_j9k#
18 Z<8NX'Z5<S9&]j7<N_
jY
"Wj1<7gs&]j7<r_j9k#
18 Z<8NX"Wj1<7gs&]j7<
N_jY
]j7<&FsWl<HN;CH"CW
;CH"CW&"79?sHrHQ7F]j7<&FsWl<Hr;CH"CW7
^9#
3N?9/KD$F
3lO*W7gsN?9/G9#j0G^7s&]j7<&FsWl<Hrn.9
k3HbD=G9#
J<NjgGO"H%NJ<N_jrXjG-^9#
v +05$s"CW!=^?O;kU5<S9!=
v h 2 'ZWG^?O=NH_go;
v &-o</9F<7gs^?ODMQo</9F<7gs
v Citrix ^?O Terminal Server GN AccessAgent NHQD==
v RFID N_Nm0*s
v O$VjCI&9^<H&+<IN_Nm0*s
jg
1. AccessAdmin Km0*s7^9#
2. V;CH"CW&"79?sHWr/jC/7^9#
3. V+OWr/jC/7^9#
4. i|79F`_jr*r7^9#
v +05$s"CWrHQD=K9k
v ;kU5<S9!=rHQD=K9k
5. V!XWr/jC/7^9#
6. f<6<,'ZKHQG-kh 2 WGr*r7^9#
v RFID +<I
v "/F#VJ RFID PC8
v Xf
v RFID +<I^?OXf
v 9^<H&+<I
8
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
v O$VjCI&9^<H&+<I
7. V!XWr/jC/7^9#
8. f<6<,"DMQo</9F<7gs^?O&-o</9F<7gsNIA
irHQ7F$k+r*r7^9#
v &-o</9F<7gsN5]<H
v DMQo</9F<7gsN5]<H
9. V!XWr/jC/7^9#
10. f<6<N,ZJG9/HCW&?$Wr*r7^9#
v &-G9/HCWNHQ
v lQG9/HCWN5]<H
v m<_s0&G9/HCWN5]<H
11. V!XWr/jC/7^9#
12. Citrix ^?O Terminal Server G AccessAgent rHQD=K9k+I&+rX
j7^9#
13. V!XWr/jC/7^9#
14. ]j7<&FsWl<HN>0r~O7^9#
15. V!XWr/jC/7^9#
16. f<6<,"m0*sK'ZWGNH_go;rHQD=+I&+r*r7^
9#
17. V!XWr/jC/7^9#
18. RFID N_Nm0*sN_jrXj7^9#
19. V!XWr/jC/7^9#
20. 1lWGO$VjCI&9^<H&+<IN_jrXj7^9#
21. V!XWr/jC/7^9#
22. V!XWr/jC/7^9#
23. V0;Wr/jC/7^9#
f<6<&]j7<&FsWl<HNn.
]j7<rW.KBu9k?aK"]j7<&FsWl<HrHQ7Fl"N]j
7<rCjNf<6<N;CHKdjvF^9#
3N?9/KD$F
v f<6<&]j7<&FsWl<HO"P?~K+0*Kf<6<K,Q5l^
9#
v f<6<&]j7<&FsWl<HN]j7<rQ97?lgO"975l?F
sWl<Hrf<6<KFYdjvF"]j7<NQ9rBu7^9#\7/
O" 10 Z<8NXf<6<&]j7<&FsWl<HN,QY r2H7F/@
5$#
v f<6<N0-,Q95l?lg"^?Op`KlW9kf<6<&]j7<&
FsWl<H,Q95l?lg"f<6<N{8N]j7<b=N^^Dj^
9#
h 3 O ]j7<&FsWl<HNI}
9
jg
1. AccessAdmin Km0*s7^9#
2. Vf<6<&]j7<&FsWl<HW > V7,FsWl<HWr*r7^
9#
3. VFsWl<H>WK>0r~O7^9# >0KO$UNQtzNH_go;
rHQG-^9#>0Og/.8zNhL,"k?a"Example H example O 2
DN[JkFsWl<H>HJj^9#
4. VI}]j7<WQMkG"3N7,]j7<&FsWl<Hr,Q9kXk
W&G9/4vTr*r7^9#
5. QMkN+P7r/jC/7F]j7<r8+7^9#
6. $UN]j7<KP7FpsrXj7^9# c(P"V'Z]j7<WG
VWallet 'Z]j7<Wr*r7^9#
7. VICWr/jC/7F"7,N_jr]87^9# 7,FsWl<H,
AccessAdmin JS2<7gs&QMkK=(5l^9#
f<6<&]j7<&FsWl<HN,Q
f<6<&]j7<&FsWl<Hrn.7?i"]j7<,Bu5lkh&K"
FsWl<Hrf<6<K,Q9k,W,"j^9#
jg
1. AccessAdmin Km0*s7^9#
2. Vf<6<N!wW > V!wWr*r7^9#
3. !wNP]rV!wP]WU#<kIK~O7^9#
RsH:
t,*KlW9kkLr!w9kKO"8zNeK"9?j9/ (*) r~O7F
/@5$#c(P"8z i GO^kf<6<>Nf<6<r9YF!w9kK
O"i* H~O7^9#
a. !wrorV!wp`Wj9H+i*r7^9#
b. V!wWr/jC/7^9#
4. *W7gs: J<N0k<WN$:l+r*r7^9#
v f<6<
v 9YFNI}T
v 9YFNXkW&G9/&f<6<
v 9YFNhjC5l?f<6<
5. 1 Z<8K=(9kkLNtrXj7^9#
6. :v9kf<6<N#K"kA'C/&\C/9r*r7F"1 MJeNf<6
<r*r7^9#Z<8eN9YFNf<6<K]j7<rdjvFklgO"
V9YF*rWr/jC/7^9#
7. ,Q9kFsWl<Hr"Vf<6<&]j7<&FsWl<HN,QWG*r
7^9#
8. V*r7?kLK,QWr/jC/7^9# V9YFNkLK,QW\?sO
Z<8eK=(5l?f<6<KP7F,QD=G9#
10
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
7,f<6<XNf<6<&]j7<&FsWl<HN+0djvF
f<6<&]j7<&FsWl<Hr7,f<6<K+0*KdjvFk3HKh
j"7,f<6<,P?5lk?SKf<6<&]j7<&FsWl<Hrj0G
djvFk,W,J/Jj^9#
3N?9/KD$F
AccessAdmin *hS IMS =.f<F#jF#< rHQ7F"5$s"CWfK]
j7<&FsWl<Hr7,f<6<KdjvF^9#3NjgGO"department
,9FCW 1c *hS 3c G0-H7FHQ5lF$^9#
jg
1. C:¥Program Files¥IBM¥WebSphere¥AppServer¥profiles¥AppSrv01
¥config¥tamesso¥config¥EnterpriseDirectoryConfiguration.xml KJS2<H
7^9#
a. <isInitialized>false </isInitialized> NMr true KQ97^9#
b. attributesTOBESupported N<K <BasicAttribute> <name>department</
name></BasicAttribute> rIC7^9#
c. entityAttributesToFetch N<K <BasicAttribute><name>department</
name></BasicAttribute> rIC7^9#
2. IMS Server =.U!$kN encentuate.ims.ui.templateAsgAttribute `\r
Q97^9#
a. IMS =.f<F#jF#<Km0*s7^9#
b. VH%_jW > VAccessAdminW > Vf<6<&$s?<U'<9W >
V]j7<djvF0-WH*r7^9#
c. V]j7<djvF0-Wr department K_j7^9# 3NcGO"Xj
9k department O9FCW 1c NcHlS-N"kbNK7^9#V0MWO"Active Directory GHQD=J"Finance"Marketing JIN0-K_
jG-^9#
d. IMS Server rFO07^9#
3. AccessAdmin G"f<6<0-MH]j7<&FsWl<H>NVN^CTs0
r=.7^9#
a. AccessAdmin Km0*s7^9#
b. Vf<6<&]j7<&FsWl<HW > VFsWl<HdjvFWr*r
7^9#
c. V0-MW*hSV7,f<6<QNFsWl<HWrXj7^9#
d. VdjvFWr/jC/7^9#
]j7<Q9N,Q
CjNf<6<N_K,Q7?$]j7<,"klgO"J<N?9/rBT7
F"DjNf<6<,=N^^0KdjvFil?]j7<K>&h&K7^9#
h 3 O ]j7<&FsWl<HNI}
11
jg
1. AccessAdmin Km0*s7^9#
2. Vf<6<N!wW > V!wWr*r7^9#
3. !wNP]rV!wP]WU#<kIK~O7^9#
RsH: t,*KlW9kkLr!w9kKO"8zNeK"9?j9/ (*)
r~O7F/@5$#c(P"8z i GO^kf<6<>Nf<6<r9YF
!w9kKO"i* H~O7^9#
a. !wrorV!wp`Wj9H+i*r7^9#
b. V!wWr/jC/7^9#
4. *W7gs: J<N0k<WN$:l+r*r7^9#
v f<6<
v 9YFNI}T
v 9YFNXkW&G9/&f<6<
v 9YFNhjC5l?f<6<
5. 1 Z<8K=(9kkLNtrXj7^9#
6. :v9kf<6<N#K"kA'C/&\C/9r*r7F"1 MJeNf<
6<r*r7^9#
7. *W7gs: Z<8eN9YFNf<6<K]j7<rdjvFklgO"V9
YF*rWr/jC/7^9#
8. V]j7<N,QWN<G"Vf<6<&]j7<N=(Wr/jC/7F,
Q9k]j7<r=(7^9#
9. V*r7?kLK,QWr/jC/7^9#
10. *W7gs: Z<8eK=(5lF$k9YFNf<6<r*r9klgO"
V9YFNkLK,QWr/jC/7^9#
f<6<&]j7<&FsWl<H^?O^7s&]j7<&FsWl<H
No|
f<6<^?O3sTe<?<K,Q5lJ/JC?f<6<&]j7<&FsW
l<H^?O^7s&]j7<&FsWl<HOo|7^9#
jg
1. AccessAdmin Km0*s7^9#
2. JS2<7gs&QMk+i":v9kf<6<^?O3sTe<?<N]j7
<&FsWl<H&Z<8r*r7^9#
v f<6<&]j7<&FsWl<HNlg"Vf<6<&]j7<&FsWl
<HW > FsWl<H> H*r7^9#
v 3sTe<?<&]j7<&FsWl<HNlg"V^7s&]j7<&Fs
Wl<HW > VFsWl<HdjvFW > FsWl<H> H*r7^9#
3. Z<8N<t^G9/m<k7"Vo|Wr/jC/7^9#
12
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
^7s&]j7<&FsWl<HNn.
]j7<&FsWl<HrHQ7Fl"N]j7<rCjN3sTe<?<N;C
HKdjvFk3HKhj"W.K]j7<,BuG-^9#
3N?9/KD$F
GU)kHN^7s&]j7<&FsWl<HNC-OJ<NH*jG9#
v ^7sp`,8_7^;s#
v 3sTe<?<K,QD=JFsWl<H,[+K8_7J$lgO"+0*K
,Q5l^9#
v oKV%h]j7<&FsWl<HWNj9HNGeN`\G9#
V%h]j7<&FsWl<HWj9HNh,K"k^7s&]j7<&FsWl
<H,"3sTe<?<K,Q5lkGiNFsWl<HG9#
RsH:
p`KlW9k3sTe<?<K+0*K^7s&]j7<&FsWl<Hrdj
vFklgO" 14 Z<8NX^7sp`N_jYr2H7F/@5$#
jg
1. AccessAdmin Km0*s7^9#
2. V^7s&]j7<&FsWl<HW > V7,FsWl<HWr*r7^9#
3. 7,FsWl<HN>0r~O7^9# >0KO$UNQtzNH_go;r
HQG-^9#>0Og/.8zNhL,"k?a"Example H example O 2
DN[JkFsWl<H>HJj^9#
4. 7,^7s&]j7<&FsWl<H,"GU)kH&FsWl<HJN+"^
?OCjN3sTe<?<QNFsWl<HJN+rXj7^9#
\7/O" 14 Z<8NX^7sp`N_jYr2H7F/@5$#
5. QMkN+P7r/jC/7F]j7<r8+7^9#
6. $UN]j7<KP7FpsrXj7^9# c(P"V'Z]j7<WKh 2
'ZWGrIC7^9#
7. VICWr/jC/7F"7,N_jr]87^9#
^7s&]j7<&FsWl<HN,Q
^7s&]j7<&FsWl<Hrn.7?i"]j7<,Bu5lkh&K"F
sWl<HrCjN3sTe<?<K,Q9k,W,"j^9#^7s&]j7
<&FsWl<HO"CjNp`N3sTe<?<K,QD=J]j7<_jN2
HQKHQ5l^9#
3N?9/KD$F
^7s&]j7<&FsWl<H,3sTe<?<KdjvFilkNO"3sT
e<?<NP?~N_G9#3sTe<?<0-XNe3NQ9O"^7s&]j
7<&FsWl<HdjvFKFArZ\7^;s#
h 3 O ]j7<&FsWl<HNI}
13
jg
1. AccessAdmin Km0*s7^9#
2. V^7sW > V!wWH*r7^9#
3. 3sTe<?<>Njs/r/jC/7^9#
4. V^7s&]j7<&FsWl<HdjvFWN<G"j9H+iFsWl<H
r*r7^9#
5. VdjvFWr/jC/7^9#
^7sp`N_j
^7s&]j7<&FsWl<HNn.~K"Xj5l?p`K9YFlW9k
+"^?O$:l+Np`KlW9k3sTe<?<r*rG-^9#
jg
1. 3sTe<?<r"9YFNp`KlW9kh&KJj~`+"$:l+Np`
KlW9kh&KJj~`+rXj7^9#
v _j7?9YFN!w0-p`KlW9kh&K9kKO"VJ<Np`N9
YFKlWWr*r7^9#
v _j7?9YFNp`GOJ/"ltNp`KlW9kh&K9kKO"VJ
<Np`N$:l+KlWWr*r7^9#
2. p`NU#<kIrIC9klgO+"$3sr/jC/7"o|9klgO x
"$3sr/jC/7^9#
m: p`N=(gxOX8"j^;s#epu*hS<purHQ7F"p`N
gxr+3K_jG-^9#
3. j9H+i0-*W7gsr*r7^9#
14
*W7gs
b@
AccessAgent NP<8gs
3sTe<?<K$s9H<k5lF$k
AccessAgent NP<8gsrXj7^9#
[9H>
Ia$sNG-N>0^?O ID rXj7^
9#
IP "Il9
MCHo</bG3sTe<?<KdjvF
ilF$k IP "Il9^?OG-NtMr
Xj7^9#
m: IBM Security Access Manager for
Enterprise Single Sign-On 8.1 O"$s?<M
CH&WmH3k P<8gs 6 (IPv6) r5
]<H7^9#
Active Directory 0k<W
3sTe<?<N Active Directory ;-ej
F#<&0k<WrXj7^9# 1 fN3
sTe<?<,#tN0k<WK07F$F
b+^$^;s#3sTe<?<,/J/H
b 1 DN0k<WKlW7F$lP"3N
p`O~?5l^9#
^7s&?0
3sTe<?<r1L9k?aNl89Hj
<`\rXj7^9#
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
4. J<NfSi;RrHQ7^9#
v is (!G"k): 04KlW9k0-r!w9klg
v is not (!GOJ$): 3Np`KlW7J$9YFN0-r!w9klg
v is like (!r^`): `w7?0-r!w9klg
5. is like (!r^`) *W7gsrHQ9klgKO"J<K(9o$kI+<I
H8zNH_go;rp`U#<kIGHQ9k3HbG-^9#
v abc - !wP],o+CF$klgO"3NH_go;rHQ7^9#8z!
w9Hjs0rXj7^9#
v *abc - !w9Hjs0NGiN8zOT@G"k,"e3N8zOo+CF
$klgO3NH_go;rHQ7^9#
v abc* - !w9Hjs0Nh,+it8zOo+CF$k,"GeN8zOT
@NlgO3NH_go;rHQ7^9#
^7s&?0Nn.
^7s&FsWl<HNdjvF~K"^7s&?00-rHQG-^9#IMS
Server G Tivoli Directory Server Nh&J>N(s?<Wi$:&G#l/Hj<
rHQ9kGWm$asHNlgK"^7s0-,rK)A^9#
3N?9/KD$F
3N0-O"ltN Active Directory 7Jj*GbrK)A^9#c(P"3sT
e<?<, Active Directory KhjI}5lF$J$lgd"AccessAdmin GO~
?;J$#(J0k<W=Wo,"klgJIG9#^7s&?0O"3liN7
Jj*GG- ID HJj^9#
?0O"[Jk3sTe<?<N0k<WKdjvFk3H,G-^9#=Ne"
machinetag 0-rHQ7F"^7s&]j7<&FsWl<Hr[Jk3sTe<
?<N0k<WKdjvFk3H,G-^9#
jg
1. Windows G9/HCWG"V9?<HW > VU!$k>rXj7FBTWr/
jC/7^9#
2. V>0WU#<kIK regedit H~O7FVOKWr/jC/7^9#
3. HKEY_LOCAL_MACHINE¥SOFTWARE¥IBM¥ISAM ESSO¥DeploymentOptions KJS2<H
7^9#
4. &/jC/7FV7,W > V8zsMWH*r7^9#
5. MachineTag H~O7^9#
6. MachineTag r&/jC/7FV$5Wr*r7^9#
7. >0r~O7^9# c(P mycomputer G9#
8. VOKWr/jC/7^9#
h 3 O ]j7<&FsWl<HNI}
15
!N?9/
3lG"^7s&?00-rHQ7F^7s&]j7<&FsWl<HrdjvF
k3H,G-kh&KJj^7?#\7/O" 13 Z<8NX^7s&]j7<&F
sWl<HN,QYr2H7F/@5$#3sTe<?<N!w~KO"^7s&
?00-rHQ7F/@5$#
3sTe<?<N!w
^7s0-^?O^7s&]j7<&FsWl<HrHQ7F3sTe<?<r!
wG-^9#
0-Khk!w
0-Khk!wGO"3sTe<?<psKpE$F!wrBTG-^9#
jg
1. V^7sW > V!wWH*r7^9#
2. 9YFN3sTe<?<KP7F!wrT&lgO"V!wP]WU#<kIK
"9?j9/ (*) r~O7^9#
3. CjN0-rV!wp`WU#<kI+i*r7^9#
4. V!wWr/jC/7^9#
J<N!w0-rHQ7F$k3sTe<?<r!w9k3H,G-^9#
*W7gs
b@
[9H>
Ia$sNG-N>0^?O ID rXj7^
9#
IP "Il9
MCHo</bG3sTe<?<KdjvF
ilF$k IP "Il9^?OG-NtMr
Xj7^9#
AccessAgent NP<8gs
3sTe<?<K$s9H<k5lF$k
AccessAgent NP<8gsrXj7^9#
Active Directory 0k<W
3sTe<?<N Active Directory ;-ej
F#<&0k<WrXj7^9# 1 fN3
sTe<?<,#tN0k<WK07F$F
b+^$^;s#3sTe<?<,/J/H
b0k<WN 1 DKlW9klgO"3N
p`r~?7F$^9#
^7s&?0
3sTe<?<,0k<W=5lk3sTe
<?<&]j7<&FsWl<HrXj7^
9#
5. V!wWr/jC/7^9#
FsWl<HKhk!w
AccessAdmin rHQ7F"^7s&]j7<&FsWl<HG3sTe<?<r!
w7^9#
16
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
jg
1. V^7sW > V!wWH*r7^9#
2. V!wP]FsWl<HWj9H+iFsWl<Hr*r7^9#
3. V!wWr/jC/7^9#
^7s&]j7<&FsWl<HNgxN=<H
^7s&]j7<&FsWl<Hr=<H7F"%hgLKpE$F%hFsWl
<H,j9H5lkh&KG-^9#
jg
1. AccessAdmin Km0*s7^9#
2. V^7s&]j7<&FsWl<HW > VFsWl<HdjvFWH*r7^
9#
3. V^7s&]j7<&FsWl<HdjvFW > V%h]j7<&FsWl<
HWKJS2<H7^9#
4. FsWl<Hr*r7"epu^?O<pur/jC/7FFsWl<Hr\0
5;k3HKhj"]j7<&FsWl<HNgxr=<H7^9#
m: ^7s&]j7<&FsWl<HNjs/r/jC/7F"^7s&]j7
<&FsWl<HN\Yr=("o|"j;CH"^?OT89k3H,G-^
9#
5. V97Wr/jC/7F"%h]j7<&FsWl<HNgVNQ9r,Q9k
3H,G-^9#
6. VGU)kHWj9HG"GU)kHN^7s&]j7<&FsWl<HH7F
_j9kFsWl<Hr*r7^9#
3NFsWl<HO"=N>N^7s&]j7<&FsWl<H,Ilb3sT
e<?<K,QG-J$lgK"+0*K,Q5l^9#
7. V97Wr/jC/7F"%h]j7<&FsWl<HNQ9r,Q7^9#
79F`&]j7<N_j
79F`&]j7<O"9YFNf<6<*hS3sTe<?<K,QD=J]j
7<G9#AccessAdmin rHQ7F"79F`&]j7<K"/;97FQ9rB
\7^9#
jg
1. AccessAdmin Km0*s7^9#
2. V79F`W > V79F`&]j7<Wr*r7^9#
3. QMkN+P7r/jC/7F]j7<r8+7^9#
4. ]j7<r977^9#
5. V97Wr/jC/7^9#
h 3 O ]j7<&FsWl<HNI}
17
'Z5<S9&]j7<N_j
'Z5<S9rHQ7F"+&sHNEv-r!ZG-^9#'Z5<S9KQ9
o<I*hS'Z]j7<r_jG-^9#
jg
1. AccessAdmin Km0*s7^9#
2. V79F`W > V'Z5<S9&]j7<Wr*r7^9#
3. 'Z5<S9r/jC/7^9#
4. VQ9o<I&]j7<Wr/jC/7^9#
5. ]j7<r977^9#
6. V97Wr/jC/7^9#
7. V'Z]j7<Wr/jC/7^9#
8. ]j7<r977^9#
9. V97Wr/jC/7^9#
"Wj1<7gs&]j7<N_j
AccessAdmin G"CjN"Wj1<7gsNQ9o<I"F'Z"*hSm0*U
N]j7<r_jG-^9#
jg
1. AccessAdmin Km0*s7^9#
2. V79F`W > V"Wj1<7gs&]j7<Wr*r7^9#
3. "Wj1<7gsr/jC/7^9#
4. V"Wj1<7gs&]j7<Wr977^9#
5. V97Wr/jC/7^9#
18
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
h 4 O 'ZWGNI}
I}TOf<6<N'ZWGN_jrQ9G-^9#'ZX"N]j7<r"
AccessAdmin GQ9G-^9#
IBM Security Access Manager for Enterprise Single Sign-On O"J<N'ZWGr
5]<H7^9#
v Q9o<I
v RFID
v Q9o<IH RFID
v ARFID
v Xf
v 9^<H&+<I
v O$VjCI&9^<H&+<I
v Mobile ActiveCode
v os?$`&Q9o<I (OTP)
\YKD$FO"!NHTC/r2H7F/@5$#
v XQ9o<I&]j7<N_jY
v 20 Z<8NX'ZWG]j7<N_jY
v
18 Z<8NX'Z5<S9&]j7<N_jY
v
23 Z<8NXXf*hS RFID 'ZN>}XN]j7<N_jY
v 24 Z<8NXf<6<NvD3<IN8.Y
v 26 Z<8NX'ZWGNhjC7Y
Q9o<I&]j7<N_j
AccessAdmin GQ9o<I&]j7<r_j7F"f<6<,NBK/OJQ9o
<Irn.9kh&K7^9#
3N?9/KD$F
Active Directory GWm$asHNlg"IBM Security Access Manager for
Enterprise Single Sign-On O Active Directory NQ9o<I&]j7<KM87^
9#J<NjgO"Active Directory Q9o<IN1|,HQD=GJ$7Jj*K
,Q5l^9#
jg
1. AccessAdmin Km0*s7^9#
2. V79F`W > V79F`&]j7<W > VQ9o<I&]j7<WKJS2
<H7^9#
3. ]j7<rQ97^9#
4. V97Wr/jC/7F"Q9rN'7^9#
© Copyright IBM Corp. 2002, 2012
19
'ZWG]j7<N_j
*r7?h 2 'ZWGKP9k AccessAgent N0n^?O"/7gsr=.G-^
9#^?"'ZWGN~VX"N_jbQ9G-^9#
Oak0K
AccessAdmin Km0*s7^9#
jg
v 9^<H&+<I&]j7<
1. Vf<6<&]j7<&FsWl<HWGJ<rBT7^9#
– V7,FsWl<HW > VAccessAgent ]j7<W > V9^<H&+<
I&]j7<Wr*r7^9#
– *W7gs: FsWl<H> > VAccessAgent ]j7<W > V9^<H&
+<I&]j7<Wr*r7^9#
2. J<NU#<kIK~O7^9#
*W7gs
b@
9^<H&+<Ihj07"/7gs
9^<H&+<I,hj05l?H-K"
AccessAgent ,BT9k"/7gs#
1lWG9^<H&+<IN"smC/rH
QD=K7^9+?
1lWG9^<H&+<IN"smC/r5
]<H9k+I&+rXj7^9#
1lWG9^<H&+<IN"smC/N|
B (C)
1lWG9^<H&+<IN"smC/Nz|BrC1LGXj7^9#
1lWG9^<H&+<INm0*sN|B
(,)
1lWG9^<H&+<INm0*sN-z
|Br,1LGXj7^9#
f<6<,9^<H&+<IH PIN Gm0
*s7?lgK1lWG9^<H&+<IN
m0*sN|Brd97^9+
f<6<,9^<H&+<IH PIN rHQ
7Fm0*s7?lgK"1lWG9^<
H&+<INm0*sN-z|Brd99k
+I&+rXj7^9#
f<6<,1lWGGm0*s7?lgKG
9/HCWK189^<H&+<I,=(5
l?H-N"/7gs
f<6<,1lWGGm0*s7F$kHK"189^<H&+<I,s(5l?lg
K"AccessAgent ,BT9k"/7gs#
G9/HCWG189^<H&+<I,=( 189^<H&+<I,?CW5l?eG"
5l?H-NN'+&sH@&sN|V (C) XjN"/7gs,BT5lk^GN+&s
H@&s~VUl<`#
f<6<,1lWGGm0*s7?lgKG
9/HCWK[Jk9^<H&+<I,=(
5l?H-N"/7gs
f<6<,1lWGGm0$s7F$kHK"[Jk9^<H&+<I,s(5l?l
gK AccessAgent ,BT9k"/7gs#
G9/HCWG[Jk9^<H&+<I,=
(5l?H-NN'+&sH@&sN|V
(C)
[Jk9^<H&+<I,?CW5l?e
G"XjN"/7gs,BT5lk^GN+
&sH@&s~VUl<`#
3. V97Wr/jC/7^9#
v RFID ]j7<
1. Vf<6<&]j7<&FsWl<HWGJ<rBT7^9#
20
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
– V7,FsWl<HW > VAccessAgent ]j7<W > VRFID ]j7<W
r*r7^9#
– *W7gs: FsWl<H> > VAccessAgent ]j7<W > VRFID ]j
7<Wr*r7^9#
2. J<NU#<kIK~O7^9#
*W7gs
b@
G9/HCWG18 RFID ,?CW5l?
H-N"/7gs
m0*sfNf<6<, RFID +<Irj<
@<KFY?CW7?H-K AccessAgent ,
BT9k"/7gs#
G9/HCWG18 RFID ,?CW5l?
H-NN'+&sH@&sN|V (C)
j<@<K18 RFID +<Ir?CW7?e
K"XjN"/7gs,BT5lk^GN+
&sH@&s~VUl<`#+&sH@&
s&?$^<U-N@$"m0&\C/9,
=(5l^9#
f<6<O AccessAgent ,18 RFID N?
CWK?~9k+I&+rXj9k,W,"
j^9#
f<6<O"VO$Wr/jC/7F
AccessAgent r?~5;k+"^?OV$$
(Wr/jC/7FG9/HCWrFY"/
F#VK9k3H,G-^9#Xj5l?+
&sH@&s~VUl<`bKf<6<,$
:lN*W7gsb/jC/7J$lg"
AccessAgent O18 RFID N?CWK?~7
^9#
RFID N_N"smC/rHQD=K7^9
+?
RFID N_N"smC/,5]<H5lk+
I&+rXj7^9#
RFID N_N"smC/N|B (C)
RFID N_N"smC/N-z|BrC1L
GXj7^9#
RFID N_Nm0*sN|B (,)
RFID N_N"smC/N-z|Br,1L
GXj7^9#
G9/HCWG[Jk RFID ,?CW5l
?H-N"/7gs
{Km0*s7F$kf<6<,$klgG
b"LNf<6<, RFID +<Irj<@<
K?CW7? (+67?) H-K
AccessAgent ,BT9k"/7gs#
h 4 O 'ZWGNI}
21
*W7gs
b@
G9/HCWG[Jk RFID ,?CW5l
?H-NN'+&sH@&sN|V (C)
j<@<G[Jk RFID +<Ir?CW7?
eK"XjN"/7gs,BT5lk^GN
+&sH@&s~VUl<`#+&sH@&
s&?$^<U-N@$"m0&\C/9,
=(5l^9#
f<6<O AccessAgent ,[Jk RFID N
?CWK?~9k+I&+rXj9k,W,
"j^9#
f<6<O"VO$Wr/jC/7F
AccessAgent K?~5;k+"V$$(Wr
/jC/7FG9/HCWrFY"/F#V
K9k3H,G-^9#Xj5l?+&sH
@&s~VUl<`bKf<6<,$:lN
*W7gsb/jC/7J$lg"
AccessAgent O[Jk RFID N?CWK?~
7^9#
3. V97Wr/jC/7^9#
v Xf]j7<
1. Vf<6<&]j7<&FsWl<HWGJ<rBT7^9#
– V7,FsWl<HW > VAccessAgent ]j7<W > VXf]j7<W
r*r7^9#
– *W7gs: FsWl<H> > VAccessAgent ]j7<W > VXf]j7
<Wr*r7^9#
2. J<NU#<kIK~O7^9#
22
*W7gs
b@
G9/HCWG18Xf,?CW5l?HN"/7gs
m0*sfNf<6<,Xfj<@<eKX
rV$?eK"AccessAgent ,BT9k"/
7gs#
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
*W7gs
b@
G9/HCWG18X,?CW5l?H-N
N'+&sH@&sN|V (C)
m0*sfNf<6<,Xfj<@<eKX
rV$?eK"XjN"/7gs,BT5l
k^GN+&sH@&s~VUl<`#+&
sH@&s&?$^<U-N@$"m0&\
C/9,=(5l^9#
f<6<O AccessAgent ,X,V+l?3H
K?~9k+I&+rXj9k,W,"j^
9#
f<6<O"VO$Wr/jC/7F
AccessAgent K?~5;k+"V$$(Wr
/jC/7FG9/HCWrFY"/F#V
K9k3H,G-^9#Xj5l?+&sH
@&s~VUl<`bKf<6<,$:lN
*W7gsb/jC/7J$lg"
AccessAgent OX,V+l?3HK?~7^
9#
G9/HCWG[JkX,?CW5l?HN"/7gs
1 MNf<6<,{Km0*s7F$klg
Gb"LNf<6<,j<@<KXrV$?
H-K AccessAgent ,BT9k"/7gs#
G9/HCWG[JkX,?CW5l?HNN'+&sH@&sN|V (C)
[JkXrXfj<@<KV$?eK"Xj
N"/7gs,BT5lk^GN+&sH@
&s~VUl<`#+&sH@&s&?$^
<U-N@$"m0&\C/9,=(5l^
9#
f<6<O AccessAgent ,[JkX,V+l
?3HK?~9k+I&+rXj9k,W,
"j^9#
f<6<O"VO$Wr/jC/7F
AccessAgent K?~5;k+"V$$(Wr
/jC/7FG9/HCWrFY"/F#V
K9k3H,G-^9#Xj5l?+&sH
@&s~VUl<`bKf<6<,$:lN
*W7gsb/jC/7J$lg"
AccessAgent O[JkX,V+l?3HK?
~7^9#
3. V97Wr/jC/7^9#
Xf*hS RFID 'ZN>}XN]j7<N_j
H%G'ZKXfH RFID N>}rHQ7F$klg"GiK,ZJ]j7<r_
j7^9#
jg
1. AccessAdmin Km0*s7^9#
2. V^7s&]j7<&FsWl<HWGJ<rBT7^9#
h 4 O 'ZWGNI}
23
v V7,FsWl<HW > V'Z]j7<Wr*r7^9#
v (*W7gs) Vname of templateW > V'Z]j7<Wr*r7^9#
3. 5$s"CWfK AccessAgent ,XfraaF-?lgO"V5]<H5lkh
2 'ZWGWU#<kIKVXfW*hSVRFIDW r (3NgVG) _j7"
VICWr/jC/7^9# 5$s"CWfK AccessAgent , RFID +<Ir
aaF-?lgO"V5]<H5lkh 2 'ZWGWrVRFIDW*hSVX
fWK (3NgVG) _j7^9#
4. V79F`WN<G"V79F`&]j7<W > V=.D=F-9H&]j7
<W > VEnGINA F-9H&]j7<Wr*r7^9#
5. VXf^?O RFID m0*sNX( (Gg 2 T)Wr_j7^9#
6. V79F`WN<G"V79F`&]j7<W > V=.D=F-9H&]j7
<W > V"smC/&F-9H&]j7<Wr*r7^9#
7. XfH RFID N1~5]<HKD$FJ<N=.D=F-9H&]j7<r_j
7^9#
v "smC/&]j7<,V18f<6<N_,"smC/G-kWG"klg
NXf^?O RFID Khk"smC/KX9kX( (Gg 2 T)
v "smC/&]j7<,VWallet K=TG9/HCW&"+&sHr]-9
kf<6<b]-7J$f<6<b"smC/G-kWG"klgNXf^?
O RFID Khk"smC/KX9kX( (Gg 2 T)
v "smC/&]j7<,V18f<6<N_,"smC/G-k,"[Jkf
<6<Gb Windows KFYm0*sG-kWG"klgNXf^?O RFID
Khk"smC/KX9kX( (Gg 2 T)
8. V97Wr/jC/7^9#
f<6<NvD3<IN8.
f<6<,h 2 'ZWGr6:7?lgd"Q9o<Ir:l?lgK"f<6<
KvD3<Ir/TG-^9#
jg
1. AccessAdmin Km0*s7^9#
2. f<6<r!w7^9#
3. Vf<6<&WmU!$kW > VXkW&G9/NvDWK\07^9#
4. Wa3<I,hLK=(5lF$k+I&+rf<6<KN'7^9#
v Wa3<I,"klgO"VWallet XNl~*J*Ui$s&"/;9Wr
/jC/7F"Wa3<Ir~O7^9#
RsH: IMS Server XN\3,HQD=GJ$lgb"kNG"f<6<O
Wa3<Ir}CF$^9#
;-ejF#<NjJH7F"f<6<OWa3<Ir~O7F"I}T+i
l~*Ui$s&"/;9QNvD3<IN/Tru1k,W,"j^9#
m: I}TOf<6<K"l~*Ui$s&"/;9Nlg"7,Q9o<I
O=N3sTe<?<KN_-zG"k3HrLN9k,W,"j^9#
24
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
v Wa3<I,J$lgO"VQ9o<INj;CH"l~*si$s&"/;
9"^?Oh 2 WGNP?Wr/jC/7^9#
5. VvDWa3<IWr~O7^9#
3N3<IKOg/.8zNhLO"j^;s#
6. j9HbN*W7gs+i"-z|Vr*r7^9#
7. VvD3<IN/TWr/jC/7^9#
f<6<KD$FN ActiveCode NHQD==
ActiveCode O"h 2 'ZWGH7F!=9k;|*J'Z3<IG9#'Z5<S
9, ActiveCode P~G"klg"f<6<O'Z5<S9rHQ9k?SK
ActiveCode ,,WKJj^9#
jg
1. AccessAdmin Km0*s7^9#
2. f<6<r!w7^9#
3. f<6<_jG"V'Z5<S9Wr/jC/7^9#
4. VActiveCode P~'Z5<S9WG"7,f<6<N ActiveCode P~'Z5<
S9r*r7^9#
5. ActiveCode P~'Z5<S9QNf<6<>r~O7^9#
6. V"+&sHNICWr/jC/7^9#
f<6<N ActiveCode P~'Z5<S9NmC/
f<6<,l~*K ActiveCode P~'Z5<S9rHQG-J$h&K9k?a
K"3N5<S9rmC/G-^9#VcC? ActiveCodes r#ts~O7?eK
+0*Kf<6<rmC/9kh&"5<S9r_j9k3HbG-^9#
jg
1. AccessAdmin Km0*s7^9#
2. f<6<r!w7^9#
3. f<6<_jG"V'Z5<S9Wr/jC/7^9#
4. VActiveCode P~'Z5<S9WG"f<6<>H"5zK9k ActiveCode P
~'Z5<S9r*r7^9#
5. Vu7Wj9H+iVmC/Q_Wr*r7^9#
6. Vu7N97Wr/jC/7FQ9rN'7^9#
f<6<N ActiveCode No|
f<6<, ActiveCode P~'Z5<S9rHQ7J/JC?lgK"=Nf<6<
N ActiveCode P~'Z5<S9XN"/;9"Bro|9k3H,G-^9#
jg
1. AccessAdmin Km0*s7^9#
2. f<6<r!w7^9#
3. f<6<_jG"V'Z5<S9Wr/jC/7^9#
h 4 O 'ZWGNI}
25
4. VActiveCode P~'Z5<S9WG"ActiveCode P~'Z5<S9&"+&s
Hro|9kf<6<>r*r7^9#
5. V"+&sHNo|Wr/jC/7^9#
6. VOKWr/jC/7^9#
'ZWGNhjC7
f<6<,H%r%lklgd"h 2 'ZWGN6:^?Opq,sp5l?lg
O"h 2 'ZWG^?O Wallet rhjC7^9#
jg
1. AccessAdmin Km0*s7^9#
2. f<6<r!w7^9#
3. f<6<_jG"V'ZWGWQMk^G9/m<k@&s7^9# 9YFN
'ZWG,=(5l^9#
4. hjC9 Wallet ^?O'ZWGNA'C/&\C/9r*r7^9#
5. V:zWr/jC/7^9#
Wallet ]j7<N_j
AccessAdmin G"IMS Server HN1|VV"Wallet -cC7s0&*W7gs"(
/9]<H"Q9o<IN=(JIN Wallet ]j7<r_jG-^9#
jg
1. AccessAdmin Km0*s7^9#
2. f<6<N-zOON Wallet ]j7<Nlg"Vf<6<&]j7<&FsW
l<HW > V7,FsWl<HW > V7,]j7<&FsWl<HNn.W >
VWallet ]j7<WKJS2<H7^9#
3. *W7gs: Vf<6<&]j7<&FsWl<HW > FsWl<H> > V7
,]j7<&FsWl<HNn.W > VWallet ]j7<WKJS2<H7^
9#
4. 79F`N-zOON Wallet ]j7<Nlg"V79F`W > V79F`&]
j7<W > VWallet ]j7<WQMkKJS2<H7^9#
5. ]j7<rQ97^9#
6. V97Wr/jC/7^9#
Wallet 'Z]j7<N_j
Wallet KO"f<6<Nf<6<>*hSQ9o<I,J<5lF$^9#'ZW
GNHQr/)9k3HKhj"Wallet XN"/;9r]n7^9#
3N?9/KD$F
Wallet 'Z]j7<N_jKOJ<,"j^9#
26
*r`\
J<N'Z,,W
9^<H&+<I
9^<H&+<I PIN
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
*r`\
J<N'Z,,W
Xf
Xf'Z
Q9o<I
Q9o<I + RFID ,HQD=
jg
1. AccessAdmin Km0*s7^9#
2. Vf<6<&]j7<&FsWl<HW > V7,FsWl<HWKJS2<H
7^9#
3. *W7gs: Vf<6<&]j7<&FsWl<HW > FsWl<H> KJS
2<H7^9#
4. V'Z]j7<WQMkG"%h Wallet 'Z]j7<KP~9kA'C/&\
C/9r*r7^9#
5. VICWr/jC/7^9#
Wallet NmC/
Wallet rmC/7F"f<6<, Wallet K"/;9G-J$h&K9k3H,G
-^9#
3N?9/KD$F
f<6<N Wallet rmC/7FJ<,T(^9#
v f<6< Wallet XN"/;9rl~*KX_9k#c(P"f<6<,9|YK
rh@9klgd"}BYKrh@9klgG9#
v f<6<, IMS Server +ihjC5lk^G"/;9rI0#c(P"f<6
<,H%r%lklgG9#
jg
1. AccessAdmin Km0*s7^9#
2. f<6<r!w7^9#
3. Vf<6<&WmU!$kW > VWallet N"/;9)fWK\07^9#
4. VmC/Wr/jC/7^9#
h 4 O 'ZWGNI}
27
28
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
h 5 O m0N}8*hSF:l]<HN8.
AccessAdmin rHQ7F"F:m0r}87^9#Tivoli Common Reporting (TCR)
D<krHQ7F"F:l]<Hr8.7^9#
\YKD$FO"!NHTC/r2H7F/@5$#
v XAccessAdmin GNF:m0N}8Y
v
30 Z<8NXTivoli Common Reporting D<k 1.2 GNl]<HN8.Y
v
32 Z<8NXTivoli Common Reporting D<k 2.1 GNl]<HN8.Y
AccessAdmin GNF:m0N}8
F:m0KOF"/F#SF#<N\Y,=(5l^9#c(P"f<6<>"|
U""/F#SF#<NkLJIG9#$YsH*hS|Vr*r7F"HqN,
QOOr)B7^9#
jg
1. AccessAdmin Km0*s7^9#
2. V79F`W > VF:m0Wr*r7^9#
3. V!wp`N*rWU#<kI+i$YsHr*r7^9#
#tN$YsHr*r9kKO"-<\<IeN Ctrl -<r!7J,i"$Y
sHr/jC/7^9#
4. V!wOO (+O)Wr*r7F""/F#SF#<N|UOOrXj7^9#
V!wOO (+O)W*hSV!wOO (*;)WN|UrXj7^9#
v |Ur~O9k+"|UTC+<r/jC/7F"|"n"^?O/r*r9
k3H,G-^9#
v ~Vr~O9k+"epu*hS<pur/jC/7F~VrQ99k3H,
G-^9#
v =_N|UNt|0+i!wrT&KO"V>0N|tKhk!wWr*r7
F"U#<kIKtzr~O7^9#
5. -hN!wQK!wror]89kKO"VHqrL>]8Wr*r7F"U!
$k>r~O7^9#
6. V!wWr/jC/7^9# F:m0,=(5l^9#
m: \7/O" 55 Z<8NXU? E. F:m0&$YsHYr2H7F/@5
$#
f<6<F:m0N=(
f<6<F:m0KO"9YFNf<6<&"/7gsN\YJj9H,^^lF
$^9#f<6<r!w7F"P~9kf<6<&m0r=(7^9#
© Copyright IBM Corp. 2002, 2012
29
jg
1. AccessAdmin Km0*s7^9#
2. f<6<r!w7^9#
3. f<6<_jG"VF:m0Wr/jC/7^9# f<6<Nm0`\,=(
5l^9#
+9?`&$YsHNHiC-s0
+9?`&$YsHKdjvFil?$YsH&3<IrHQ7F"+9?`&$
YsHrHiC-s0G-^9#
3N?9/KD$F
+9?`&$YsHrn.7F"J<Nh&J"Wj1<7gsG-N$YsHr
HiC-s0G-^9#
v !)G<?XN"/;9
v f<6<KHQ9k"BNJ$"Wj1<7gs!=XN"/;9NnT
v P3~V0GN"Wj1<7gsXN"/;9
jg
1. AccessAdmin Km0*s7^9#
2. V79F`&]j7<W > VAccessAudit ]j7<Wr*r7^9#
3. $YsH&3<IH=(F-9HNFZ"r"V+9?`F:$YsH&3<I
*hSP~9k=(>Nj9HWKIC7^9#
F$YsHO"<$YsH&3<I>,<=(F-9H>Nh&K~O5l^9#33
G"$YsH&3<IO 0x43015000 +i 0x43015FFF ^GNOON 16 J3<
IG9# c(P"0x43015001,Access to confidential data HJj^9#
4. V97Wr/jC/7^9#
5. AccessStudio rHQ7F"$YsHrHiC-s07"=N$YsH&3<IG
F:m0r5V_CH9k AccessProfile rn.7^9#
AccessProfile Nn.KD$F\7/O"VIBM Security Access Manager for
Enterprise Single Sign-On AccessStudio ,$IWr2H7F/@5$#
Tivoli Common Reporting D<k 1.2 GNl]<HN8.
Tivoli Common Reporting D<k 1.2 rHQ7F""Wj1<7gsHQ"Xk
W&G9/&"/F#SF#<"H</sps"*hSf<6<psNl]<Hr
8.G-^9#
Oak0K
l]<Hn.D<k,$s9H<k5lF$k3HrN'7^9#$s9H<k5
lF$J$lgO"J<Nh&K3^sITf<F#jF#<rHQ7F IBM
Security Access Manager for Enterprise Single Sign-On 8.2 l]<Hn.D<krB
T7^9#
30
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
install <TCR Absolute Path> <TCR Server Name> <TCR username>
<TCR password> --user <Database username> --pwd <Database
password> --vendor <Database vendor (either db2, sqlserver
or oracle)> --dbname <database or schema name in database
server> --ip <IP address for database server> --port
<Port number of database server> --verbose
33G"
<TCR Absolute Path><TCR Server Name> O"Tivoli Integrated Portal *hS
Common Reporting D<k,$s9H<k5lF$k5<P<XN04$~Q9>G
9#Lo3lO"C:¥IBM¥tivoli¥tip server1 G9#
<TCR username> O"l]<HBTN"Br}D Tivoli Integrated Portal f<6<
Nf<6<>G9#
<TCR password> O"<TCR username> KX"U1il?Q9o<IG9#
--user <Database username> O"f<6<&G<?Y<9I}TN>0G9#
--pwd <Database password> O"<Database username> KX"U1il?Q9o<I
G9#
--vendor <Database vendor> OG<?Y<9kHN>0G9#
--dbname <database or schema name in database server> O"G<?Y<9&5<
P<NG<?Y<9^?O9-<^N>0G9#
--ip <IP address for database server> O"G<?Y<9&5<P<N IP "Il9
G9#
--port <Port number of database server> O"G<?Y<9&5<P<N]<HVf
G9#
--verbose O"3N3^sINBTkLr=(9k3Hr(7^9#
c:
C:¥......>install C:¥IBM¥tivoli¥tip server1
tipAdmin p@ssw0rd --user dbUser --pwd p@ssw0rd --vendor db2
--dbname MSTSCRP --ip 127.0.0.1 --port 50000 --verbose
m: Install.bat U!$kbN Tivoli Common Reporting Java Database
Connectivity (JDBC) Ii$P<NdPQ9,J<NcH[JklgO"Q97F/
@5$#
set driverPath=¥products¥tcr¥lib¥birt-runtime-2_2_2
¥ReportEngine¥plugins¥org.eclipse.birt.report.data.oda.
jdbc_2.2.2.r22x_v20071206¥drivers
GU)kH&Q9OQ97J$G/@5$#
Tivoli Common Reporting *hS=N$s9H<kjgKD$F\7/O"
http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/topic/ com.ibm.tivoli.tcr.doc/
tcr_welcome.htm r2H7F/@5$#
h 5 O m0N}8*hSF:l]<HN8.
31
3N?9/KD$F
Tivoli Common Reporting D<kO"
v HTML"PDF"Microsoft Excel"^?O Adobe PostScript U)<^CHGl]<H
r8.7^9#
v "iS"l*hSXVi$lO5]<H7^;s#
jg
1. Windows G9/HCWeG"V9?<HW > V9YFNWm0i`W >
VTivoli Common ReportingW > VTivoli Common Reporting 5<P<N+
OWr*r7^9#
2. VTivoli Integrated PortalW > Vl]<Hn. (Reporting)W > V&Ll]<H
(Common Reporting)WKf<6<>HQ9o<Ir~O7^9#
3. JS2<7gs&Z$sG"Vl]<H&;CHW > VIBM ;-ejF#<=
JW > VIBM Security Access Manager for Enterprise Single Sign OnWr*
r7^9#
4. J<l]<HNf+i"8.9k$UNl]<Hr&/jC/7^9#
v "Wj1<7gsHQl]<H
v XkW&G9/&"/F#SF#<&l]<H
v H</spsl]<H
v f<6<psl]<H
\7/O" 61 Z<8NXU? F. F:l]<HYr2H7F/@5$#
5. V=(A0W]CW"CW&aKe<+iPOA0r*r7^9#
6. VBTWr/jC/7^9#
Tivoli Common Reporting D<k 2.1 GNl]<HN8.
Tivoli Common Reporting D<k rHQ7F""Wj1<7gsHQ"XkW&G
9/&"/F#SF#<"H</sps"*hSf<6<psNl]<Hr8.G
-^9#
Oak0K
l]<Hn.D<k,$s9H<k5lF$k3HrN'7^9#$s9H<k5
lF$J$lgO"J<Nh&K3^sITf<F#jF#<rHQ7F IBM
Security Access Manager for Enterprise Single Sign-On 8.2 l]<Hn.D<krB
T7^9#
install <TCR Absolute Path> <TCR Server Name> <TCR username>
<TCR password> --user <Database username> --pwd <Database
password> --vendor <Database vendor (either db2, sqlserver
or oracle)> --dbname <database or schema name in database
server> --ip <IP address for database server> --port
<Port number of database server> --verbose
33G"
32
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
<TCR Absolute Path><TCR Server Name> O"Tivoli Integrated Portal *hS
Common Reporting D<k,$s9H<k5lF$k5<P<XN04$~Q9>G
9#Lo3lO"C:¥IBM¥tivoli¥tip server1 G9#
<TCR username> O"l]<HBTN"Br}D Tivoli Integrated Portal f<6<
Nf<6<>G9#
<TCR password> O"<TCR username> KX"U1il?Q9o<IG9#
--user <Database username> O"f<6<&G<?Y<9I}TN>0G9#
--pwd <Database password> O"<Database username> KX"U1il?Q9o<I
G9#
--vendor <Database vendor> OG<?Y<9kHN>0G9#
--dbname <database or schema name in database server> O"G<?Y<9&5<
P<NG<?Y<9^?O9-<^N>0G9#
--ip <IP address for database server> O"G<?Y<9&5<P<N IP "Il9
G9#
--port <Port number of database server> O"G<?Y<9&5<P<N]<HVf
G9#
--verbose O"3N3^sINBTkLr=(9k3Hr(7^9#
c:
C:¥......>install C:¥IBM¥tivoli¥tip server1
tipAdmin p@ssw0rd --user dbUser --pwd p@ssw0rd --vendor db2
--dbname MSTSCRP --ip 127.0.0.1 --port 50000 --verbose
m: Install.bat U!$kbN Tivoli Common Reporting Java Database
Connectivity (JDBC) Ii$P<NdPQ9,J<NcH[JklgO"Q97F/
@5$#
set driverPath=¥products¥tcr¥lib¥birt-runtime-2_2_2
¥ReportEngine¥plugins¥org.eclipse.birt.report.data.oda.
jdbc_2.2.2.r22x_v20071206¥drivers
GU)kH&Q9OQ97J$G/@5$#
jg
1. https://localhost:16311/ibm/console/ KJS2<H7^9# G,JkLr@
kKO"Internet Explorer rHQ7F/@5$#
2. f<6< ID *hSQ9o<IrHQ7Fm0*s7^9#
3. Vl]<Hn.W > VCommon ReportingW > VIBM ;-ejF#<=JW
> VSAM Enterprise Single Sign On v8.2Wr*r7^9#
4. J<Nf+i"8.9k$UNl]<Hr/jC/7^9#
v "Wj1<7gsHQl]<H
v XkW&G9/&"/F#SF#<&l]<H
v H</spsl]<H
h 5 O m0N}8*hSF:l]<HN8.
33
v f<6<psl]<H
5. Vl]<HNh}WZ<8Kpsr~O7^9#
6. V*;Wr/jC/7^9# l]<HrLNU)<^CHG=(9kKO"Z
<8&eyN <format> U)<^CHG=("$3sr/jC/7^9#
34
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
U? A. IMS =.f<F#jF#<XN"/;9
IMS Server r$s9H<k9kH"IMS =.f<F#jF#<,^^lk"Wj1
<7gs,GWm$5l^9# IMS =.f<F#jF#<O"5^6^J IMS
Server _jr=.9k?aN Web Y<9&$s?<U'<9G9#
jg
1. Vi&6<KJ<N"Il9r~O7^9#"Il9O"GWm$asHN?$
WKhCF[Jj^9#
v WebSphere Application Server Base rHQ9klgO https://
<was_hostname>:<admin_ssl_port>/ webconf G9#
v WebSphere Application Server Network Deployment rHQ9klgO
https://<dmgr_hostname>:<admin_ssl_port>/ webconf G9#
v c(P"https://localhost:9043/webconf G9#
2. %h@lrV@lWj9H+i*r7^9#
3. WebSphere m0*sqJpsr~O7^9#
4. Vm0*sWr/jC/7^9#
© Copyright IBM Corp. 2002, 2012
35
36
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
U? B. "CW0l<I5l? IMS Server GN]j7<N97
IMS Server P<8gs 8.2 K"CW0l<I9klg"AccessAdmin K975l?
]j7<,=(5lk3HrN'7^9#]j7<KX7F\7/O"VIBM
Security Access Manager for Enterprise Single Sign-On ]j7<jA,$IWr2H
7F/@5$#
jg
1.
39 Z<8NXU? C. 8.1 +i 8.2 KJCFQ95l?]j7<Y^?O 47
Z<8NXU? D. 8.0.1 +i 8.2 GQ95l?]j7<Y r2H7F975l
k]j7<r1L7^9#
2. <IMS_INSTALL_8.2 FOLDER>/com.ibm.tamesso.imsdelhi.build.boot¥src¥config¥data¥config KJS2<H7^9#
3. policy_sync_data.xml r+-^9#
4. 979k]j7<jAr3T<7^9#
5. 7,U!$kK=jU1F]87^9#
6. ]j7<&U!$kr"CWm<I7^9#
a. IMS =.f<F#jF#<Km0*s7^9#
b. Vf<F#jF#<W > V79F`&G<?N"CWm<IWKJS2<H
7^9#
c. VG<?&U!$kWr*r7^9#
d. 7,]j7<&U!$kr+D1^9#
e. V"CWm<IWr/jC/7^9#
7. IMS Server rFO07^9#
c
1. ]j7< pid_enc_hot_key_policy_priority N77$=(>*hSb@r
AccessAdmin K=(9kH7^9#
2. ]j7< pid_enc_hot_key_policy_priority N]j7<jA?0NF-9H4
Nr3T<7^9#
<policy_definition>
....
<id>pid_enc_hot_key_policy_priority</id>
....
<display_name>Policy priority for ISAM ESSO Hot Key</display_name>
<descrption>Whether the system or machine policy should be
enforced for TAM E-SSO Hot Key.</descrption>
....
.....
</policy_definition>
3. F-9Hr7,U!$kK=jU1F"U!$kr]87^9#
© Copyright IBM Corp. 2002, 2012
37
4. U!$kr IMS =.f<F#jF#< bK"CWm<I7^9#
5. IMS Server rFO07^9#
38
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
U? C. 8.1 +i 8.2 KJCFQ95l?]j7<
3N;/7gsGO"AccessAdmin 8.1 *hS AccessAdmin 8.2 K=(5lk]j
7<NQ9Nj9Hr-\7^9#
J<N]j7<,975l^7?#=(>*hSb@rfS7F/@5$#
pid_unlock_user_name_prefill_option
8.1
8.2
b@ TAM E-SSO "smC/&WmsWH b@ ISAM ESSO "smC/&WmsWHK
Kf<6<>rv0~O9k?aN*W7 f<6<>rv0~O9k?aN*W7gs
gs
pid_wallet_inject_pwd_entry_option_default
8.1
8.2
=(> GU)kHN+05$s*s&Q9 =(> +05$s*s&b<INQ9o<I
o<I~O*W7gs
~O*W7gsrHQ7?GU)kHN7s
0k&5$s*s
b@ +05$s*s&b<INQ9o<I
~O*W7gsrHQ7?GU)kHN7 b@ +05$s*s&b<INQ9o<I~
s0k&5$s*s
O*W7gsrHQ7?GU)kHN7s0
k&5$s*s
pid_auth_inject_pwd_entry_option_default
8.1
8.2
=(> 'Z5<S9NGU)kHN+05 =(> +05$s*s&b<INQ9o<I
$s*s&Q9o<I~O*W7gs
~O*W7gsr'Z5<S9KHQ7?G
U)kHN7s0k&5$s*s
b@ 'Z5<S9NGU)kHN+05$
s*s&Q9o<I~O*W7gs# 3N b@ +05$s*s&b<INQ9o<I~
]j7<O"79F`4NNGU)kHN O*W7gsr'Z5<S9KHQ7?GU
+05$s*s&Q9o<I~O*W7g )kHN7s0k&5$s*s#3N]j7
shjb%h7^9#
<O"+05$s*s&b<INQ9o<I
~O*W7gsrHQ7?79F`4NNG
U)kHN7s0k&5$s*shjb%h
7^9#
pid_app_inject_pwd_entry_option_default
8.1
© Copyright IBM Corp. 2002, 2012
8.2
39
pid_app_inject_pwd_entry_option_default
=(> "Wj1<7gsNGU)kHN+ =(> +05$s*s&b<INQ9o<I
05$s*s&Q9o<I~O*W7gs ~O*W7gsr"Wj1<7gsKHQ7
?GU)kHN7s0k&5$s*s
b@ "Wj1<7gsNGU)kHN+0
5$s*s&Q9o<I~O*W7gs# b@ +05$s*s&b<INQ9o<I~
3N]j7<O"79F`4NN'Z5< O*W7gsr"Wj1<7gsKHQ7?
S9NGU)kH+05$s*s&Q9o GU)kHN7s0k&5$s*s#3N]
<I~O*W7gshjb%h7^9#
j7<O"+05$s*s&b<INQ9o
<I~O*W7gsrHQ7?79F`4N
H'Z5<S9NGU)kHN7s0k&5
$s*shjb%h7^9#
pid_auth_reauth_with_enc_pwd_enabled
8.1
8.2
=(> +05$s*srBT9k0KF' =(> +05$s*s&b<IrHQ7?7
Zr,WK7^9+?
s0k&5$s*srBT9k0KF'Zr
Wa7^9+?
b@ 'Z5<S9G+05$s*srBT
9k0K"Q9o<INF'Zr,WK9 b@ +05$s*s&b<Ir'Z5<S9
k+I&+
KHQ7?7s0k&5$s*srBT9k
0KQ9o<INF'Z,Wa5lk+I&
+#
pid_auth_sso_enabled
8.1
8.2
=(> +05$s*srHQD=K7^9 =(> +05$s*s&b<IrHQ7?7
+?
s0k&5$s*srHQD=K7^9+?
b@ 'Z5<S9N+05$s*srHQ b@ +05$s*s&b<Ir'Z5<S9
D=K9k+I&+#
KHQ7?7s0k&5$s*srHQD=
K9k+I&+#
pid_wallet_personal_app_sso_enabled
8.1
8.2
=(> \M'Z5<S9N+05$s*s =(> +05$s*s&b<IrDM'Z5
rHQD=K7^9+?
<S9KHQ7?7s0k&5$s*srH
QD=K7^9+?
b@ \M'Z5<S9N+05$s*sr
HQD=K9k+I&+#
b@ "Wj1<7gsXN+05$s*s&
b<IrHQ7?7s0k&5$s*sN*
<Hi<Ks0rHQD=K9k+I&+#
pid_engina_welcome_text
8.1
8.2
=(> EnGINA &'k+`&aC;<8N =(> ESSO GINA &'k+`&aC;<8
=.D=F-9H#
N=.D=F-9H#
40
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
pid_enc_hot_key_policy_priority
8.1
8.2
=(> TAM E-SSO [CH&-<GN]j =(> ISAM ESSO [CH&-<GN]j7
7<%hgL
<%hgL
b@ TAM E-SSO [CH&-<G79F` b@ ISAM ESSO [CH&-<G79F`H
H^7sNIAiN]j7<r/)9k
^7sNIAiN]j7<r/)9k+#
+#
pid_enc_hot_key_enabled
8.1
8.2
=(> TAM E-SSO [CH&-<rHQD =(> ISAM ESSO [CH&-<rHQD=
=K7^9+?
K7^9+?
b@ TAM E-SSO [CH&-<rHQD= b@ ISAM ESSO [CH&-<rHQD=K
K9k+I&+
9k+I&+#
pid_enc_hot_key_action
8.1
8.2
=(> AccessAgent Km0*sfKG9/ =(> AccessAgent Km0*sfKG9/H
HCWG TAM E-SSO [CH&-<,!5 CWG ISAM ESSO [CH&-<,!5l?
l?H-N"/7gs
H-N"/7gs
b@ AccessAgent Km0*sfKG9/H b@ AccessAgent Km0*sfKG9/HC
CWG TAM E-SSO [CH&-<,!5l WG ISAM ESSO [CH&-<,!5l?H
?H-K AccessAgent ,BT9k"/7g -K AccessAgent ,BT9k"/7gs#
s#
pid_enc_hot_key_action_countdown_secs
8.1
8.2
=(> TAM E-SSO [CH&-<,!5l =(> ISAM ESSO [CH&-<,!5l?
?H-NN'+&sH@&sN|V (C)
H-NN'+&sH@&sN|V (C)
b@ TAM E-SSO [CH&-<,!5l?
H-NN'+&sH@&sN|V (C)# N
'+&sH@&srHQTDK9kKO 0
rXj7^9#
b@ ISAM ESSO [CH&-<,!5l?H
-NN'+&sH@&sN|V (C)# N'+
&sH@&srHQTDK9kKO 0 rXj
7^9#
pid_engina_policy_priority
8.1
8.2
=(> EnGINA GN]j7<%hgL
=(> ESSO GINA GN]j7<%hgL
b@ EnGINA G79F`H^7sNIAi b@ ESSO GINA G79F`H^7sNIA
N]j7<r/)9k+#
iN]j7<r/)9k+#
pid_engina_logon_prompt_timeout_secs
8.1
8.2
U? C. 8.1 +i 8.2 KJCFQ95l?]j7<
41
pid_engina_logon_prompt_timeout_secs
b@ EnGINA m0*s"G9/HCW&m
0*s"*hS"smC/&3sTe<?
<GNm0*s&WmsWH&?$`"&
H (C)# ?$`"&HKJC?e"&'k
+`&F-9H^?OmC/5l?3sT
e<?<NF-9H,=(5l^9#
b@ ESSO GINA m0*s"G9/HCW&
m0*s"*hS"smC/&3sTe<?
<GNm0*s&WmsWH&?$`"&H
(C)# ?$`"&HKJC?e"&'k+
`&F-9H^?OmC/5l?3sTe<
?<NF-9H,=(5l^9#
pid_app_reauth_with_enc_pwd_enabled
8.1
8.2
=(> +05$s*srBT9k0KF' =(> +05$s*s&b<IrHQ7?7
Zr,WK7^9+?
s0k&5$s*srBT9k0KF'Zr
Wa7^9+?
b@ "Wj1<7gsG+05$s*sr
BT9k0K"Q9o<INF'Zr,W b@ +05$s*s&b<Ir"Wj1<7
K9k+I&+#
gsKHQ7?7s0k&5$s*srBT
9k0KQ9o<INF'Z,Wa5lk+
I&+#
pid_wallet_inject_pwd_entry_option_list
8.1
8.2
b@ +05$s*sGHQD=JQ9o< b@ +05$s*s&b<IrHQ7?7s
I~O*W7gsNj9H
0k&5$s*sGHQD=JQ9o<I~
O*W7gsNj9H
pid_accessanywhere_app_sso_enabled
8.1
8.2
=(> AccessAssistant GN"Wj1<7g =(> AccessAssistant G"Wj1<7gsK
sXN+05$s*srHQD=K7^9 P7F+05$s*s&b<IrHQ7?7
+?
s0k&5$s*srHQD=K7^9+?
b@ f<6<, AccessAssistant rHQ7
F"Wj1<7gsK+05$s*srB
TG-k+I&+#
b@ f<6<, AccessAssistant Khj"W
j1<7gsKP7F+05$s*s&b<
IrHQ7F7s0k&5$s*srBTG
-k+I&+#
pid_engina_bypass_hot_key_policy_priority
8.1
8.2
=(> EnGINA P$Q9&[CH&-<G =(> ESSO GINA P$Q9&[CH&-<
N]j7<%hgL
GN]j7<%hgL
b@ EnGINA P$Q9&[CH&-<G7 b@ ESSO GINA P$Q9&[CH&-<G
9F`H^7sNIAiN]j7<r/) 79F`H^7sNIAiN]j7<r/)
9k+#
9k+#
pid_engina_bypass_hot_key_enabled
8.1
42
8.2
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
pid_engina_bypass_hot_key_enabled
=(> EnGINA P$Q9&[CH&-<r =(> ESSO GINA P$Q9&[CH&-<
HQD=K7^9+?
rHQD=K7^9+?
b@ EnGINA P$Q9&[CH&-<rH b@ ESSO GINA P$Q9&[CH&-<r
QD=K9k+I&+#
HQD=K9k+I&+#
pid_engina_bypass_hot_key_sequence
8.1
8.2
=(> EnGINA P$Q9&[CH&-<N =(> ESSO GINA P$Q9&[CH&-<
7<1s9
N7<1s9
b@ EnGINA P$Q9&[CH&-<N7
<1s9# !N;CH+iGg 3 -<:
{Ctrl, Shift, Alt, Ins, Del, Home, End, PgUp,
PgDn, Break, E}#
b@ ESSO GINA P$Q9&[CH&-<N
7<1s9# !N;CH+iGg 3 -<:
{Ctrl, Shift, Alt, Ins, Del, Home, End, PgUp,
PgDn, Break, E}#
pid_engina_bypass_automatic_text
8.1
8.2
=(> +0 EnGINA P$Q9NaC;<
8
=(> +0 ESSO GINA P$Q9NaC;<
8
b@ +0 EnGINA P$Q9N=.D=F
-9H&aC;<8#
b@ +0 ESSO GINA P$Q9N=.D=F
-9H&aC;<8#
pid_enc_hot_key_not_logged_on_action
8.1
8.2
=(> AccessAgent Km0*s7F$J$
H-KG9/HCWG TAM E-SSO [C
H&-<,!5l?H-N"/7gs
=(> AccessAgent Km0*s7F$J$H
-KG9/HCWG ISAM ESSO [CH&<,!5l?H-N"/7gs
b@ AccessAgent Km0*s7F$J$H
-KG9/HCWG TAM E-SSO [CH&
-<,!5l?H-K AccessAgent ,BT
9k"/7gs#
b@ AccessAgent Km0*s7F$J$HKG9/HCWG ISAM ESSO [CH&-<
,!5l?H-K AccessAgent ,BT9k"
/7gs#
pid_sso_policy_priority
8.1
8.2
=(> +05$s*s~N]j7<%hg =(> +05$s*s&b<IrHQ7?7
L
s0k&5$s*sN]j7<%hgL
b@ +05$s*s~Kf<6<H^7s b@ +05$s*s&b<IrHQ7?7s
NIAiN]j7<r/)9k+#
0k&5$s*s~Kf<6<H^7sNI
AiN]j7<r/)9k+#
pid_sso_user_control_enabled
8.1
8.2
U? C. 8.1 +i 8.2 KJCFQ95l?]j7<
43
pid_sso_user_control_enabled
=(> f<6<K+05$s*sNHQD =(> +05$s*s&b<IrHQ7?7
=/HQTDN_jrvD7^9+?
s0k&5$s*sNHQD=/HQTDrf
<6<KvD7^9+?
b@ +05$s*srHQD=/HQTDN
IAiK9k+#
b@ +05$s*s&b<IrHQ7?7s
0k&5$s*srHQD=/HQTDNIA
iK9k+#
pid_lusm_sessions_max
8.1
8.2
=(> o</9F<7gsK*1k1~f =(> o</9F<7gsK*1k1~f<
<6<&;C7gsNGgt
6<&;C7gsNGgt (Windows XP Nl
gN_)
pid_lusm_session_replacement_option
8.1
8.2
=(> ;C7gsV9*W7gs
=(> ;C7gsV9*W7gs (Windows
XP NlgN_)
pid_lusm_sia_list
8.1
8.2
=(> 1l$s9?s9&"Wj1<7g =(> 1l$s9?s9&"Wj1<7g
s&j9H
s&j9H (Windows XP NlgN_)
pid_lusm_sia_launch_option
8.1
8.2
=(> 1l$s9?s9&"Wj1<7g =(> 1l$s9?s9&"Wj1<7gs
sN 2 V\N$s9?s9,/05l?H N 2 V\N$s9?s9,/05l?H-N
-N"/7gs
"/7gs (Windows XP NlgN_)
pid_lusm_generic_accounts_enabled
8.1
8.2
=(> FQ"+&sHrHQ7?f<6
<&G9/HCWNn.rHQD=K7^
9+?
=(> FQ"+&sHrHQ7?f<6<&
G9/HCWNn.rHQD=K7^9+?
(Windows XP NlgN_)
pid_engina_winlogon_option_enabled
8.1
8.2
=(> EnGINA +iWindows m0*sK
>\\09k*W7gsrHQD=K9k
+I&+#
=(> ESSO GINA +i Windows m0*s
K>\\09k*W7gsrHQD=K9k
+I&+#
pid_engina_app_launch_enabled
8.1
44
8.2
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
pid_engina_app_launch_enabled
=(> EnGINA +iN"Wj1<7gs/ =(> ESSO GINA +iN"Wj1<7gs
0rHQD=K7^9+?
/0rHQD=K7^9+?
b@ EnGINA Nh&3=hL^?OmC/ b@ ESSO GINA Nh&3=hL^?OmC
5l?hL+iN"Wj1<7gsN/0 /5l?hL+iN"Wj1<7gsN/0
rHQD=K9k+I&+#
rHQD=K9k+I&+#
pid_engina_app_launch_label
8.1
8.2
b@ EnGINA h&3=hL^?OmC/5 b@ ESSO GINA h&3=hL^?OmC/
l?hLN""Wj1<7gsr/09k 5l?hLN""Wj1<7gsr/09k
?aNjs/N=(iYk#
?aNjs/N=(iYk#
pid_engina_app_launch_cmd
8.1
8.2
b@ EnGINA h&3=hL^?OmC/5 b@ ESSO GINA h&3=hL^?OmC/
l?hL+i"Wj1<7gsr/09k 5l?hL+i"Wj1<7gsr/09k
?aN3^sIT#
?aN3^sIT#
pid_engina_bypass_automatic_enabled
8.1
8.2
=(> +0 EnGINA P$Q9rHQD=
K7^9+?
=(> +0 ESSO GINA P$Q9rHQD=
K7^9+?
b@ +0 EnGINA P$Q9rHQD=K
9k+I&+#
b@ +0 ESSO GINA P$Q9rHQD=K
9k+I&+#
pid_lock_transparent_text
8.1
8.2
=(> )a*hLmC/&aC;<8
=(> )a*hLmC/&aC;<8
(Windows XP N_)
pid_lock_transparent_hot_key_enabled
8.1
8.2
=(> )a*hLmC/N[CH&-<r =(> )a*hLmC/N[CH&-<rH
HQD=K7^9+?
QD=K7^9+? (Windows XP NlgN_)
pid_ts_engina_logon_no_local_session_enabled
8.1
8.2
U? C. 8.1 +i 8.2 KJCFQ95l?]j7<
45
pid_ts_engina_logon_no_local_session_enabled
=(> m<+k AccessAgent ;C7gs, =(> m<+k AccessAgent ;C7gs,8
8_7J$lgK EnGINA m0*srHQ _7J$lgK ESSO GINA rHQ7^9+?
7^9+?
b@ m<+k AccessAgent ;C7gs,8_
b@ m<+k AccessAgent ;C7gs,8 7J$lgK"<v5<P<&;C7gsG
_7J$lgK"<v5<P<&;C7g ESSO GINA m0*s^?O Microsoft GINA
m0*srHQ9k+I&+#
sG EnGINA m0*s^?O Microsoft
GINA m0*srHQ9k+I&+#
pid_engina_ui_enabled
46
8.1
8.2
=(> Windows Nm0*U~^?O
Windows ,mC/5l?H-K TAM
E-SSO UI r-zK7^9+?
=(> Windows Nm0*U~^?O
Windows ,mC/5l?H-K ISAM ESSO
UI r-zK7^9+
b@ Windows Nm0*U~"^?O
Windows ,mC/5l?H-K Windows
UI NeojK TAM E-SSO UI r=(9k
+I&+rXj7^9#
b@ Windows Nm0*U~"^?O
Windows ,mC/5l?H-K Windows UI
NeojK ISAM ESSO UI r=(9k+I
&+rXj7^9#
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
U? D. 8.0.1 +i 8.2 GQ95l?]j7<
3N;/7gsGO"AccessAdmin 8.0.1 *hS AccessAdmin 8.2 K=(5lk]
j7<NQ9Nj9Hr-\7^9#
J<N]j7<,975l^7?#=(>*hSb@rfS7F/@5$#
pid_wallet_inject_pwd_entry_option_default
8.1
8.2
=(> GU)kHN+05$s*s&Q9 =(> +05$s*s&b<INQ9o<I
o<I~O*W7gs
~O*W7gsrHQ7?GU)kHN7s
0k&5$s*s
b@ +05$s*s&b<INQ9o<I
~O*W7gsrHQ7?GU)kHN7 b@ +05$s*s&b<INQ9o<I~
s0k&5$s*s
O*W7gsrHQ7?GU)kHN7s0
k&5$s*s
pid_auth_inject_pwd_entry_option_default
8.1
8.2
=(> 'Z5<S9NGU)kHN+05 =(> +05$s*s&b<INQ9o<I
$s*s&Q9o<I~O*W7gs
~O*W7gsr'Z5<S9KHQ7?G
U)kHN7s0k&5$s*s
b@ 'Z5<S9NGU)kHN+05$
s*s&Q9o<I~O*W7gs# 3N b@ +05$s*s&b<INQ9o<I~
]j7<O"79F`4NNGU)kHN O*W7gsr'Z5<S9KHQ7?GU
+05$s*s&Q9o<I~O*W7g )kHN7s0k&5$s*s#3N]j7
shjb%h7^9#
<O"+05$s*s&b<INQ9o<I
~O*W7gsrHQ7?79F`4NNG
U)kHN7s0k&5$s*shjb%h
7^9#
pid_app_inject_pwd_entry_option_default
8.1
8.2
=(> "Wj1<7gsNGU)kHN+ =(> +05$s*s&b<INQ9o<I
05$s*s&Q9o<I~O*W7gs ~O*W7gsr"Wj1<7gsKHQ7
?GU)kHN7s0k&5$s*s
b@ "Wj1<7gsNGU)kHN+0
5$s*s&Q9o<I~O*W7gs# b@ +05$s*s&b<INQ9o<I~
3N]j7<O"79F`4NN'Z5< O*W7gsr"Wj1<7gsKHQ7?
S9NGU)kH+05$s*s&Q9o GU)kHN7s0k&5$s*s#3N]
<I~O*W7gshjb%h7^9#
j7<O"+05$s*s&b<INQ9o
<I~O*W7gsrHQ7?79F`4N
H'Z5<S9NGU)kHN7s0k&5
$s*shjb%h7^9#
pid_auth_reauth_with_enc_pwd_enabled
8.1
© Copyright IBM Corp. 2002, 2012
8.2
47
pid_auth_reauth_with_enc_pwd_enabled
=(> +05$s*srBT9k0KF' =(> +05$s*s&b<IrHQ7?7
Zr,WK7^9+?
s0k&5$s*srBT9k0KF'Zr
Wa7^9+?
b@ 'Z5<S9G+05$s*srBT
9k0K"Q9o<INF'Zr,WK9 b@ +05$s*s&b<Ir'Z5<S9
k+I&+
KHQ7?7s0k&5$s*srBT9k
0KQ9o<INF'Z,Wa5lk+I&
+#
pid_usb_key_removal_policy_priority +i pid_desktop_inactivity_policy_priority
8.1
8.2
=(> USB -<|n~N]j7<%hg
L
=(> G9/HCW,"/F#VGJ$HN]j7<%hgL
b@ USB -<|n~Kf<6<H^7s
NIAiN]j7<r/)9k+#
b@ G9/HCW,"/F#VGJ$H-K
79F`H^7sNIAiN]j7<r/)
9k+#
pid_usb_key_removal_action +i pid_desktop_inactivity_action
8.1
8.2
=(> USB -<|n"/7gs
=(> G9/HCW,"/F#VGJ$HN"/7gs
b@ USB -<N|n~KBT9k"/7
gs#
b@ G9/HCW,"/F#VGJ$|V,
Pa7?eK AccessAgent ,BT9k"/7
gs#
pid_wallet_personal_app_sso_enabled
8.1
8.2
=(> \M'Z5<S9N+05$s*s =(> +05$s*s&b<IrDM'Z5
rHQD=K7^9+?
<S9KHQ7?7s0k&5$s*srH
QD=K7^9+?
b@ \M'Z5<S9N+05$s*sr
HQD=K9k+I&+#
b@ "Wj1<7gsXN+05$s*s&
b<IrHQ7?7s0k&5$s*sN*
<Hi<Ks0rHQD=K9k+I&+#
pid_sso_auto_learn_enabled
8.1
8.2
=(> *<Hi<Ks0rHQD=K7^ =(> *<Hi<Ks0rHQD=K7^9
9+?
+?
b@ "Wj1<7gsXN+05$s*s b@ "Wj1<7gsXN+05$s*s&
G*<Hi<Ks0rHQD=K9k+I b<IrHQ7?7s0k&5$s*sN*
&+#
<Hi<Ks0rHQD=K9k+I&+#
48
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
pid_engina_welcome_text
8.1
8.2
=(> EnGINA &'k+`&aC;<8N =(> ESSO GINA &'k+`&aC;<8
=.D=F-9H#
N=.D=F-9H#
pid_enc_hot_key_policy_priority
8.1
8.2
=(> TAM E-SSO [CH&-<GN]j =(> ISAM ESSO [CH&-<GN]j7
7<%hgL
<%hgL
b@ TAM E-SSO [CH&-<G79F` b@ ISAM ESSO [CH&-<G79F`H
H^7sNIAiN]j7<r/)9k
^7sNIAiN]j7<r/)9k+#
+#
pid_enc_hot_key_enabled
8.1
8.2
=(> TAM E-SSO [CH&-<rHQD =(> ISAM ESSO [CH&-<rHQD=
=K7^9+?
K7^9+?
b@ TAM E-SSO [CH&-<rHQD= b@ ISAM ESSO [CH&-<rHQD=K
K9k+I&+
9k+I&+#
pid_enc_hot_key_sequence
8.1
8.2
=(> TAM E-SSO [CH&-<N7<1 =(> ISAM ESSO [CH&-<N7<1s
s9
9
b@ TAM E-SSO [CH&-<N7<1s
9# !N;CH+iGg 3 -<: {Ctrl,
Shift, Alt, Ins, Del, Home, End, PgUp,
PgDn, Break, E}#
b@ ISAM ESSO [CH&-<N7<1s
9# !N;CH+iGg 3 -<: {Ctrl, Shift,
Alt, Ins, Del, Home, End, PgUp, PgDn, Break,
E}#
pid_enc_hot_key_action
8.1
8.2
=(> AccessAgent Km0*sfKG9/ =(> AccessAgent Km0*sfKG9/H
HCWG TAM E-SSO [CH&-<,!5 CWG ISAM ESSO [CH&-<,!5l?
l?H-N"/7gs
H-N"/7gs
b@ AccessAgent Km0*sfKG9/H b@ AccessAgent Km0*sfKG9/HC
CWG TAM E-SSO [CH&-<,!5l WG ISAM ESSO [CH&-<,!5l?H
?H-K AccessAgent ,BT9k"/7g -K AccessAgent ,BT9k"/7gs#
s#
pid_enc_hot_key_action_countdown_secs
8.1
8.2
U? D. 8.0.1 +i 8.2 GQ95l?]j7<
49
pid_enc_hot_key_action_countdown_secs
=(> TAM E-SSO [CH&-<,!5l =(> ISAM ESSO [CH&-<,!5l?
?H-NN'+&sH@&sN|V (C)
H-NN'+&sH@&sN|V (C)
b@ TAM E-SSO [CH&-<,!5l?
H-NN'+&sH@&sN|V (C)# N
'+&sH@&srHQTDK9kKO 0
rXj7^9#
b@ ISAM ESSO [CH&-<,!5l?H
-NN'+&sH@&sN|V (C)# N'+
&sH@&srHQTDK9kKO 0 rXj
7^9#
pid_engina_policy_priority
8.1
8.2
=(> EnGINA GN]j7<%hgL
=(> ESSO GINA GN]j7<%hgL
b@ EnGINA G79F`H^7sNIAi b@ ESSO GINA G79F`H^7sNIA
N]j7<r/)9k+#
iN]j7<r/)9k+#
pid_engina_logon_prompt_timeout_secs
8.1
8.2
b@ EnGINA m0*s"G9/HCW&m
0*s"*hS"smC/&3sTe<?
<GNm0*s&WmsWH&?$`"&
H (C)# ?$`"&HKJC?e"&'k
+`&F-9H^?OmC/5l?3sT
e<?<NF-9H,=(5l^9#
b@ ESSO GINA m0*s"G9/HCW&
m0*s"*hS"smC/&3sTe<?
<GNm0*s&WmsWH&?$`"&H
(C)# ?$`"&HKJC?e"&'k+
`&F-9H^?OmC/5l?3sTe<
?<NF-9H,=(5l^9#
pid_app_reauth_with_enc_pwd_enabled
8.1
8.2
=(> +05$s*srBT9k0KF' =(> +05$s*s&b<IrHQ7?7
Zr,WK7^9+?
s0k&5$s*srBT9k0KF'Zr
Wa7^9+?
b@ "Wj1<7gsG+05$s*sr
BT9k0K"Q9o<INF'Zr,W b@ +05$s*s&b<Ir"Wj1<7
K9k+I&+#
gsKHQ7?7s0k&5$s*srBT
9k0KQ9o<INF'Z,Wa5lk+
I&+#
pid_accessanywhere_app_sso_enabled
8.1
8.2
=(> AccessAssistant GN"Wj1<7g =(> AccessAssistant G"Wj1<7gsK
sXN+05$s*srHQD=K7^9 P7F+05$s*s&b<IrHQ7?7
+?
s0k&5$s*srHQD=K7^9+?
b@ f<6<, AccessAssistant rHQ7
F"Wj1<7gsK+05$s*srB
TG-k+I&+#
50
b@ f<6<, AccessAssistant Khj"W
j1<7gsKP7F+05$s*s&b<
IrHQ7F7s0k&5$s*srBTG
-k+I&+#
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
pid_engina_bypass_hot_key_policy_priority
8.1
8.2
=(> EnGINA P$Q9&[CH&-<G =(> ESSO GINA P$Q9&[CH&-<
N]j7<%hgL
GN]j7<%hgL
b@ EnGINA P$Q9&[CH&-<G7 b@ ESSO GINA P$Q9&[CH&-<G
9F`H^7sNIAiN]j7<r/) 79F`H^7sNIAiN]j7<r/)
9k+#
9k+#
pid_engina_bypass_hot_key_enabled
8.1
8.2
=(> EnGINA P$Q9&[CH&-<r =(> ESSO GINA P$Q9&[CH&-<
HQD=K7^9+?
rHQD=K7^9+?
b@ EnGINA P$Q9&[CH&-<rH b@ ESSO GINA P$Q9&[CH&-<r
QD=K9k+I&+#
HQD=K9k+I&+#
pid_engina_bypass_hot_key_sequence
8.1
8.2
=(> EnGINA P$Q9&[CH&-<N =(> ESSO GINA P$Q9&[CH&-<
7<1s9
N7<1s9
b@ EnGINA P$Q9&[CH&-<N7
<1s9# !N;CH+iGg 3 -<:
{Ctrl, Shift, Alt, Ins, Del, Home, End, PgUp,
PgDn, Break, E}#
b@ ESSO GINA P$Q9&[CH&-<N
7<1s9# !N;CH+iGg 3 -<:
{Ctrl, Shift, Alt, Ins, Del, Home, End, PgUp,
PgDn, Break, E}#
pid_engina_bypass_automatic_text
8.1
8.2
=(> +0 EnGINA P$Q9NaC;<
8
=(> +0 ESSO GINA P$Q9NaC;<
8
b@ +0 EnGINA P$Q9N=.D=F
-9H&aC;<8#
b@ +0 ESSO GINA P$Q9N=.D=F
-9H&aC;<8#
pid_enc_hot_key_not_logged_on_action
8.1
8.2
=(> AccessAgent Km0*s7F$J$
H-KG9/HCWG TAM E-SSO [C
H&-<,!5l?H-N"/7gs
=(> AccessAgent Km0*s7F$J$H
-KG9/HCWG ISAM ESSO [CH&<,!5l?H-N"/7gs
b@ AccessAgent Km0*s7F$J$H
-KG9/HCWG TAM E-SSO [CH&
-<,!5l?H-K AccessAgent ,BT
9k"/7gs#
b@ AccessAgent Km0*s7F$J$HKG9/HCWG ISAM ESSO [CH&-<
,!5l?H-K AccessAgent ,BT9k"
/7gs#
pid_sso_policy_priority
8.1
8.2
U? D. 8.0.1 +i 8.2 GQ95l?]j7<
51
pid_sso_policy_priority
=(> +05$s*s~N]j7<%hg =(> +05$s*s&b<IrHQ7?7
L
s0k&5$s*sN]j7<%hgL
b@ +05$s*s~Kf<6<H^7s b@ +05$s*s&b<IrHQ7?7s
NIAiN]j7<r/)9k+#
0k&5$s*s~Kf<6<H^7sNI
AiN]j7<r/)9k+#
pid_sso_user_control_enabled
8.1
8.2
=(> f<6<K+05$s*sNHQD =(> +05$s*s&b<IrHQ7?7
=/HQTDN_jrvD7^9+?
s0k&5$s*sNHQD=/HQTDrf
<6<KvD7^9+?
b@ +05$s*srHQD=/HQTDN
IAiK9k+#
b@ +05$s*s&b<IrHQ7?7s
0k&5$s*srHQD=/HQTDNIA
iK9k+#
pid_lusm_sessions_max
8.1
8.2
=(> o</9F<7gsK*1k1~f =(> o</9F<7gsK*1k1~f<
<6<&;C7gsNGgt
6<&;C7gsNGgt (Windows XP Nl
gN_)
pid_lusm_session_replacement_option
8.1
8.2
=(> ;C7gsV9*W7gs
=(> ;C7gsV9*W7gs (Windows
XP NlgN_)
pid_lusm_sia_list
8.1
8.2
=(> 1l$s9?s9&"Wj1<7g =(> 1l$s9?s9&"Wj1<7g
s&j9H
s&j9H (Windows XP NlgN_)
pid_lusm_sia_launch_option
8.1
8.2
=(> 1l$s9?s9&"Wj1<7g =(> 1l$s9?s9&"Wj1<7gs
sN 2 V\N$s9?s9,/05l?H N 2 V\N$s9?s9,/05l?H-N
-N"/7gs
"/7gs (Windows XP NlgN_)
pid_lusm_generic_accounts_enabled
52
8.1
8.2
=(> FQ"+&sHrHQ7?f<6
<&G9/HCWNn.rHQD=K7^
9+?
=(> FQ"+&sHrHQ7?f<6<&
G9/HCWNn.rHQD=K7^9+?
(Windows XP NlgN_)
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
pid_engina_winlogon_option_enabled
8.1
8.2
=(> EnGINA +iWindows m0*sK
>\\09k*W7gsrHQD=K9k
+I&+#
=(> ESSO GINA +i Windows m0*s
K>\\09k*W7gsrHQD=K9k
+I&+#
pid_engina_app_launch_enabled
8.1
8.2
=(> EnGINA +iN"Wj1<7gs/ =(> ESSO GINA +iN"Wj1<7gs
0rHQD=K7^9+?
/0rHQD=K7^9+?
b@ EnGINA Nh&3=hL^?OmC/ b@ ESSO GINA Nh&3=hL^?OmC
5l?hL+iN"Wj1<7gsN/0 /5l?hL+iN"Wj1<7gsN/0
rHQD=K9k+I&+#
rHQD=K9k+I&+#
pid_engina_app_launch_label
8.1
8.2
b@ EnGINA h&3=hL^?OmC/5 b@ ESSO GINA h&3=hL^?OmC/
l?hLN""Wj1<7gsr/09k 5l?hLN""Wj1<7gsr/09k
?aNjs/N=(iYk#
?aNjs/N=(iYk#
pid_engina_app_launch_cmd
8.1
8.2
b@ EnGINA h&3=hL^?OmC/5 b@ ESSO GINA h&3=hL^?OmC/
l?hL+i"Wj1<7gsr/09k 5l?hL+i"Wj1<7gsr/09k
?aN3^sIT#
?aN3^sIT#
pid_engina_bypass_automatic_enabled
8.1
8.2
=(> +0 EnGINA P$Q9rHQD=
K7^9+?
=(> +0 ESSO GINA P$Q9rHQD=
K7^9+?
b@ +0 EnGINA P$Q9rHQD=K
9k+I&+#
b@ +0 ESSO GINA P$Q9rHQD=K
9k+I&+#
pid_lock_transparent_text
8.1
8.2
=(> )a*hLmC/&aC;<8
=(> )a*hLmC/&aC;<8
(Windows XP N_)
pid_lock_transparent_hot_key_enabled
8.1
8.2
=(> )a*hLmC/N[CH&-<r =(> )a*hLmC/N[CH&-<rH
HQD=K7^9+?
QD=K7^9+? (Windows XP NlgN_)
U? D. 8.0.1 +i 8.2 GQ95l?]j7<
53
pid_ts_engina_logon_no_local_session_enabled
8.1
8.2
=(> m<+k AccessAgent ;C7gs, =(> m<+k AccessAgent ;C7gs,8
8_7J$lgK EnGINA m0*srHQ _7J$lgK ESSO GINA rHQ7^9+?
7^9+?
b@ m<+k AccessAgent ;C7gs,8_
b@ m<+k AccessAgent ;C7gs,8 7J$lgK"<v5<P<&;C7gsG
_7J$lgK"<v5<P<&;C7g ESSO GINA m0*s^?O Microsoft GINA
m0*srHQ9k+I&+#
sG EnGINA m0*s^?O Microsoft
GINA m0*srHQ9k+I&+#
54
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
U? E. F:m0&$YsH
IBM Security Access Manager for Enterprise Single Sign-On O"9YFN(sI]
$sHG$YsH&m0r8.7^9#
I}T*hSXkW&G9/4vTO"D9Nf<6<NF:m0K"/;9G^9#I}TN_,"F:m0KP9k04HqNBT"XkW&G9/&m0N
"/;9"*hSXkW&G9/Hf<6<N"/F#SF#<Nl]<H8.r
BTG-^9#f<6<KO"3liNm0KP9kI_hj/q-~_"BO"j
^;s#
m0N?$W
m0KOJ<N 3 ?$W,"j^9#
1. f<6<&m0 - f<6<N"/F#SF#<Nm0#
2. I}Tm0 - I}T*hSXkW&G9/N"/F#SF#<Nm0#
3. 79F`&m0 - 79F`&m0O"IMS Server +NNaC;<8*hS(i
<Nm0G9#79F`&m0O"gK5<P<NdjNHiVk7e<F#s
0H79F`&Xk9NbK?<KHQ5l^9#
IBM Security Access Manager for Enterprise Single Sign-On GO"J<Nps,H
iC-s05l^9#
v f<6<,"/;99k"Wj1<7gsO?+
v =liN"Wj1<7gsK"/;97?NO/+
v HQ5l?"+&sHN\Y
v f<6<,"Wj1<7gsK"/;97?NO?~G"I3+i"/;95l
?+
Web Workplace GO""Wj1<7gs&m0*snT4HK+0~O $YsHN
F:m0b8.5l^9#?@7"Web Workplace GO"m0*s,.y7?+I
&+r(9F:m0O8.G-^;s#
9Hl<8*hS1|
AccessAgent , IMS Server K\35lF$klg"AccessAgent F:m0O"(B
K IMS Server XHw.5l^9# IMS Server O"F:m0rjl<7gJk&G
<?Y<9KJ<7^9#IMS Server XNMCHo</\3,8_7J$lgO"
AccessAgent Ol~*Km<+k&3sTe<?<eK$YsH&m0r-cC7e
7^9#IMS Server XNMCHo</\3,|55lkH"IMS Server Xm0,w
.5l^9#
© Copyright IBM Corp. 2002, 2012
55
f<6<&$YsH
m0K-?5lkf<6<X"$YsHOJ<NH*jG9#
56
F:m0&$YsH
b@
Wallet XN"+&sHqJpsNIC
f<6<,"+&sHqJpsr Wallet K
j0GIC7"AccessAgent Khjhj~^
lJ+C?H-K-?5lk#
'Z5<S9&Q9o<IN+0h@
AccessAgent ,"f<6<N"+&sHqJ
psrhj~_"Wallet K]I7?H-K?5lk#
'Z5<S9&Q9o<IN+0~O
AccessAgent ,"Wallet +i"+&sHqJ
psrI_hCF"f<6<N?aK"Wj
1<7gs&m0*shLK"+&sHqJ
psrm~ (+0~O) 7?H-K-?5l
k#3N$YsHO"(s?<Wi$:'Z
5<S9KP7FN_-?5l^9#m0*
s,.y7?+I&+K++oi:"
AccessAgent O3N$YsHrm0K-?7
^9#
'Z5<S9&Q9o<IN/=
AccessAgent Khj"Q9o<INQ9hL
Gis@`&Q9o<I,8.5l"7,Q
9o<I&U#<kIKQ9o<I,+0~
O5lFBT,/jC/5l?H-K-?5
lk#
'Z5<S9Nm0*s
f<6<,'Z5<S9Km0*s7?HK-?5lk#3N$YsHO"AccessAgent
Khj+08.O5l^;s#DLN
AccessProfile G@(*KbGk=5lk,W
,"j^9#3N$YsHO"+0~OHO
[Jj^9#3lO"!ZQ_m0*sN$
YsHG"j"f<6<,5oK"Wj1<
7gsKm0*s7?lgKN_-?5l^
9#
'Z5<S9Nm0*U
f<6<,'Z5<S9+im0*U7?H
-K-?5lk#3N$YsHO"
AccessAgent Khj+08.O5l^;s#
DLN AccessProfile G@(*KbGk=5
lk,W,"j^9#
AccessAgent XNm0*s
f<6<, AccessAgent Km0*s7?HK-?5lk#
f<6<N5$s"CW
f<6<, IMS Server K5$s"CW7?
H-K-?5lk#
'ZWGNP?
f<6<,"RFID PC8"XfJIN'Z
WGrP?7?H-K-?5lk#
-cC7e5l? Wallet rO<I&G#9
/^?O ISAM ESSO USB -<K]I
f<6< Wallet ,-cC7e5l?H-K
-?5lk#
3sTe<?<N"smC/
3sTe<?<,"smC/5l?H-K?5lk#
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
F:m0&$YsH
b@
*Ui$sGN ISAM ESSO Q9o<IN
j;CH
PC/"CW&=UH&'"&-< (BSK)
a+K:`rHQ7F"*Ui$sG ISAM
ESSO Q9o<I,j;CH5l?H-K?5lk#
*si$sGN ISAM ESSO Q9o<IN
j;CH
XkW&G9/Khj8.5l?vD3<I
^?O;kU5<S9Ng@UrHQ7F"
*si$sG ISAM ESSO Q9o<I,j
;CH5l?H-K-?5lk#
;kU&5<S9KhkvD3<IN/T
f<6<,"Q9o<INj;CH^?Oh
2 WGNP?N?aNvD3<Ir"E a<
k^?O SMS AcMkGWa7?H-K?5lk#
ISAM ESSO Q9o<IKhk Mobile
ActiveCode Wa
ISAM ESSO Q9o<IrHQ9k"Wj1
<7gsN'ZWm;9NGiN9FCWN
BTN?aK"f<6<, Mobile
ActiveCode rWa7?H-K-?5lk#
"Wj1<7gs&Q9o<IKhk Mobile H+NQ9o<Ir}D"Wj1<7gsN
ActiveCode Wa
'ZWm;9NGiN9FCWH7F"f<
6<, Mobile ActiveCode rWa7?H-K
-?5lk#
ActiveCode N!Z
f<6<,!ZN?aK Mobile ActiveCode
rw.7?H-K-?5lk#3N$YsH
O"ActiveCode P~"Wj1<7gsr^`
2 J,'ZWm;9NG*9FCWH_J9
3H,G-^9#
RADIUS 'Z
RADIUS /i$"sH (VPN 5<P<) ,"
IMS Server KP7F RADIUS 'ZWar+
O7?H-K-?5lk#3N$YsHOL
o"f<6<,"Wj1<7gs&Q9o<
Ir~O7F"VPN 5<P<,3N'Zr
IMS Server RADIUS 3s]<MsHKQ$
9kH-K/87^9#3N$YsHO"
Mobile ActiveCode r^` 2 J,N'ZWm
;9NGiN9FCWG9#
RADIUS Acls8/~z
RADIUS /i$"sH (VPN 5<P<) ,"
IMS Server KP7F RADIUS Acls8/~
zr+O7?H-K-?5lk#3N$Ys
HOLo"f<6<, SMS ^?O E a<
k&AcMkrL8F[[5l? Mobile
ActiveCode r~O7?H-K/87^9#
VPN 5<P<O"3N'Zr IMS Server
RADIUS 3s]<MsHKQ$7^9#3N
$YsHO"Mobile ActiveCode r^` 2 J
,N'ZWm;9N 2 V\N9FCWG
9#
U? E. F:m0&$YsH
57
I}T*hSXkW&G9/N$YsH
m0K-?5lkI}T$YsH*hSXkW&G9/&$YsHOJ<NH*j
G9#
F:m0&$YsH
b@
*si$s!ZN?aNvD3<IN/T
f<6<, IMS K\37F$kH-K"X
kW&G9/^?OI}T,f<6<KP7
FvD3<Ir8.7?H-K-?5lk#
*Ui$s!ZN?aNvD3<IN/T
f<6<, IMS Server K\37F$J$H
-K"f<6<,Q9o<Irj;CH9k
?aNvD3<Ir"XkW&G9/^?O
I}T,8.7?H-K-?5lk# (PC
/"CW&=UH&'"&-< BSK o</
Um<)
ISAM ESSO f<6<&"+&sHNWmS
8gs
I}T, ISAM ESSO f<6<&"+&s
HrWmS8gs7?H-K-?5lk#
79F`&]j7<N97
I}T,79F`&]j7<r977?HK-?5lk#
f<6<&]j7<N97
I}T^?OXkW&G9/,f<6<&]
j7<r977?H-K-?5lk#
'ZWGNhjC7
I}T^?OXkW&G9/Khj"f<6
<'ZWG,hjC5l?H-K-?5l
k#
f<6<NhjC7
I}T^?OXkW&G9/Khj"f<6
<,hjC5l?H-K-?5lk#
Mobile ActiveCode Khkf<6<N5$s
"CW
Mobile ActiveCode f<6<, AccessAdmin
rHQ7F5$s"CW5l?H-K-?5
lk#
ActiveCode P~'Z5<S9&"+&sHN Mobile ActiveCode "+&sH,"
"/F#Y<7gs
AccessAdmin NVf<6<'Z5<S9WZ
<8GI}T^?OXkW&G9/Khj"
/F#V=5l?H-K-?5lk#
ActiveCode P~'Z5<S9&"+&sHN Mobile ActiveCode "+&sH,"CLT ^?
IC
O AccessAdmin NVf<6<'Z5<S
9WZ<8rHQ7F"I}T^?OXk
W&G9/Khjf<6<KIC5l?HK-?5lk#
ActiveCode P~'Z5<S9&"+&sHr Mobile ActiveCode "+&sH,"
mC/
AccessAdmin NVf<6<'Z5<S9WZ
<8rHQ7F"I}T^?OXkW&G9
/KhjmC/5l?H-K-?5lk#
ActiveCode P~'Z5<S9&"+&sHN Mobile ActiveCode "+&sH,"
|n
AccessAdmin NVf<6<'Z5<S9WZ
<8rHQ7F"I}T^?OXkW&G9
/Khjo|5l?H-K-?5lk#
OTP ActiveCode Ni|=
58
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
AccessAgent KhjGiK OTP ActiveCode
,i|=5l?H-K-?5lk#
F:m0&$YsH
b@
OTP H</srj;CH
OTP H</s,j;CH5l?H-K-?5
lk#
79F`&m0
J<O"IBM Security Access Manager for Enterprise Single Sign-On N$s9H<
k*hS=.NdjNHiVk7e<F#s0Kr)Dm0&U!$kG9#
v C:¥Program Files¥IBM¥SAM E-SSO¥IMS
Server¥ISAM_ESSO_IMS_Server_InstallLog.log
v C:¥Program Files¥IBM¥WebSphere¥AppServer¥profiles¥<AppSrv01>¥logs
v C:¥Program Files¥IBM¥HTTPServer¥logs
v C:¥Program Files¥IBM¥ISAM ESSO¥Logs
m: IMS Server F:m0KO"(sI&f<6<N^7sN IP "Il9Neoj
K"Wm-7< IP "Il9,-?5l^9#
IMS Server NdjNHiVk7e<F#s0rT&]"IMS Server r+O9k0
K"79F`&m0N3T<rn.7F/@5$# IMS Server r+O9kH"7
9F`&m0O/j"5l^9#
F:m0Hq
AccessAdmin rHQ7F"5^6^JF:m0&$YsHr!w*hS=(7^
9#!wkLKOJ<,^^l^9#
v /87?|~
v (sHj<N6xHJC?$YsH
v 'Z5<S9Nf<6<>
v 'Z5<S9N>0
v XkW&G9/Nf<6<>
v SOCI ID
v IP "Il9
v $YsHkL
$YsH&m0
AccessAdmin K=(5lkF$YsHO" IMS Server =.U!$kKXj5lF
*j" IMS =.f<F#jF#<rHQ7FQ9G-^9#
3<IQ9f<F#jF#<rHQ7F"$YsH&3<I*hSkL3<IrQ
9G-^9#IBM Security Access Manager for Enterprise Single Sign-On =.,$I
r2H7F/@5$#
U? E. F:m0&$YsH
59
60
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
U? F. F:l]<H
Tivoli Common Reporting rHQ7F"F:l]<Hrn."+9?^$:*hSI
}7^9#
IMS Server l]<HO BIRT l]<HH7FQC1<85l"$UN Tivoli
Common Reporting 5<P<K$s]<HG-^9#Tivoli Common Reporting O>
\G<?Y<9K\37^9#=N?a"IMS Server ,BTfGJ$lgGb"
Tivoli Common Reporting rHQ7FF:$YsHNl]<Hrn.9k3H,G^9#
IBM Security Access Manager for Enterprise Single Sign-On KO"4 DNl]<H
,PsIk5lF$^9#
m: Tivoli Common Reporting P<8gs 2.1 GOJ<KmU7F/@5$#
v TCR-BIRT f<6<&$s?<U'<9OP}~@lr5]<H7^9,"8.
5lkl]<HOP}~@lr5]<H7^;s#
v TCR-Cognos bP}~@lr5]<H7^;s#
l]<H&?$W
b@
bF
"Wj1<7gsHQ
"Wj1<7gsHQl]<
HKO"1 MJeNf<6<
N'Z5<S9&"/F#S
F#<,^^l"$YsH"
*hS~oKhCF=<H5
lF$^9#
v 7<1s9Vf
3Nl]<HKO"Ff<6
<N^7s IP "Il9*h
Sa>b=(5l^9#
v f<6<>
v 'Z5<S9
v "Wj1<7gsNf<6
<>
v $YsH
v +O|
v *;|
v kL
v "/F#SF#<N~o
v f<6<&^7sN IP "
Il9
© Copyright IBM Corp. 2002, 2012
61
l]<H&?$W
b@
bF
XkW&G9/&"/F#S
F#<
XkW&G9/&"/F#S
F#<&l]<HKO"1 M
JeNXkW&G9/&f<
6<N"/F#SF#<,^
^l"$YsHH~oKhC
F=<H5lF$^9#
v 7<1s9Vf
3Nl]<HKO"FXk
W&G9/&f<6<N^7
s IP "Il9"H</s&
?$W"H</s ID"*h
Sa>b=(5l^9#
H</s&?$W*hSH<
/s ID O"=liNps,
HQD=JlgKN_=(5
l^9#
H</sps
H</spsl]<HKO"
1 MJeNf<6<N"/F
#SF#<,^^l"H</
s&?$W"$YsH"*h
S~oKhCF=<H5lF
$^9#
3Nl]<HKO"f<6
<&^7sN IP "Il9*
hSa>b=(5l^9#
v XkW&G9/Nf<6<
>
v f<6<>
v $YsH
v +O|
v *;|
v kL
v "/F#SF#<N~o
v f<6<&^7sN IP "
Il9
v 7<1s9Vf
v f<6<>
v $YsH
v H</s&?$W
v +O|
v *;|
v kL
v "/F#SF#<N~o
v f<6<&^7sN IP "
Il9
f<6<ps
f<6<psl]<HKO"
1 MJeNf<6<N"/F
#SF#<,^^l"$Ys
H"kL"*hS~oKhC
F=<H5lF$^9#
3Nl]<HKO"f<6
<&^7sN IP "Il9H
f<6<Na>b=(5l^
9#
v 7<1s9Vf
v f<6<>
v $YsH
v +O|
v *;|
v kL
v "/F#SF#<N~o
v f<6<&^7sN IP "
Il9
Tivoli Common Reporting GO"HTML"PDF"Microsoft Excel"^?O Adobe
PostScript U)<^CHGl]<H,8.5l^9#
Tivoli Common Reporting D<kGO""iS"l*hSXVi$lO5]<H5l
^;s#
Tivoli Common Reporting KD$F\7/O"$s9H<kjgb^a"
http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/topic/com.ibm.tivoli.tcr.doc/
tcr_welcome.htm r2H7F/@5$#
62
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
C-v`
\qOFq IBM ,s!9k=J*hS5<S9KD$Fn.7?bNG"j"\
qK-\N=J"5<S9"^?O!=,|\K*$FOs!5lF$J$lg,
"j^9#|\GxQD=J=J"5<S9"*hS!=KD$FO"|\ IBM
NDH4vwK*RM/@5$#\qG IBM =J"Wm0i`"^?O5<S9
K@Z7F$Fb"=N IBM =J"Wm0i`"^?O5<S9N_,HQD=
G"k3HrU#9kbNGO"j^;s#3liKe(F"IBM NN*j-"r
/29k3HNJ$"!=*K1yN=J"Wm0i`"^?O5<S9rHQ9
k3H,G-^9#?@7"IBM J0N=JHWm0i`N`n^?O5<S9N
>A*hS!ZO"*RMNU$GTCF$?@-^9#
IBM O"\qK-\5lF$kbFKX7FCv" (CvPjfNbNr^`) r
]-7F$klg,"j^9#\qNs!O"*RMK3liNCv"KD$FB
\"rvz9k3HrU#9kbNGO"j^;s#B\"KD$FN*d$go
;O"qLKF<-8hK*wj/@5$#
)103-8510
l~Tf{h|\6"j.19V21f
|\"$&S<&(`t0qR
!3&N*b:
N*b:"i$;s9D0
J<N]ZO"q^?OOhN!'KhoJ$lgO",Q5l^;s#
IBM *hS=N>\^?OV\NRqRO"\qrCj*H7F=89k^^Nu
VGs!7"&J-N]Z"Cj\*,g-N]Z*hS!'eNlS4]U$r
^`9YFN@(b7/O[(N]ZU$rioJ$bNH7^9#
q^?OOhKhCFO"!'N/T,jKhj"]ZU$N)B,X8ilkl
g"/T,jN)Bru1kbNH7^9#
3NpsKO";Q*KT,ZJ-Rdm"r^`lg,"j^9#\qOj|*
K+>5l",WJQ9O\qN!GKH_~^l^9# IBM O=pJ7K"o
~"3N8qK-\5lF$k=J^?OWm0i`KP7F"~I^?OQ9r
T&3H,"j^9#
\qK*$F IBM J0N Web 5$HK@Z7F$klg,"j^9,"X9N?
a-\7?@1G"j"h7F=liN Web 5$Hrd)9kbNGO"j^;
s#=liN Web 5$HK"kqAO"3N IBM =JNqANltGO"j^;
s#=liN Web 5$HO"*RMNU$G4HQ/@5$#
IBM O"*RM,s!9k$+Jkpsb"*RMKP7FJsiA3bi&3H
NJ$"+i,ZH.:k}!G"HQb7/O[[9k3H,G-kbNH7^
9#
© Copyright IBM Corp. 2002, 2012
63
\Wm0i`Ni$;s9]}TG"(i) H+Kn.7?Wm0i`H=N>NWm
0i` (\Wm0i`r^`) HNVGNpsr9"*hS (ii) r95l?psN
j_xQrD=K9k3Hr\*H7F"\Wm0i`KX9kpsr,WH9k
}O"<-K"m7F/@5$#
IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX 78758 U.S.A.
\Wm0i`KX9ke-NpsO",ZJHQroN<GHQ9k3H,G-^
9,"-~Nlgb"j^9#
\qGb@5lF$ki$;s9&Wm0i`^?O=N>Ni$;s9qAO"
IBM jjNWm0i`@sN@sr`"IBM Wm0i`N4HQro"^?O=l
H1yNr`KpE$F"IBM hjs!5l^9#
3N8qK^^lk$+JkQU)<^s9&G<?b"I}D-<Ghj5l?
bNG9#=N?a">N`nD-G@il?kLO"[JkD=-,"j^9#
ltN,j,"+/lYkN79F`GTol?D=-,"j^9,"=N,jM
,"lLKxQD=J79F`NbNH18G"k]ZO"j^;s#5iK"l
tN,jM,"djMG"kD=-,"j^9#B]NkLO"[JkD=-,"
j^9#*RMO"*RMNCjND-K,7?G<?rN+ak,W,"j^
9#
IBM J0N=JKX9kpsO"=N=JN!kT"PG*"b7/O=N>Nx
KxQD=J=<9+i~j7?bNG9#IBM O"=liN=JNF9HOTC
F*j^;s#7?,CF">R=JKX9kBT-"_9-"^?O=N>NW
aKD$FONZG-^;s#IBM J0N=JN-=KX9kAdO"=liN=
JN!kTK*j$7^9#
IBM N-hN}~^?OU~KX9k-RKD$FO"=pJ7KQ9^?O1s
5lklg,"j"1K\8r(7F$kbNG9#
=(5lF$k IBM NAJO IBM ,.djAJH7Fs(7F$kbNG"=T
AJG"j"LNJ7KQ95lkbNG9#7AJO"[Jklg,"j^9#
\qOWisKs0\*H7FN_-R5lF$^9#-RbFO=J,HQD=
KJk0KQ9KJklg,"j^9#
\qKO"|oNH3h}GQ$ilkG<?dspqNc,^^lF$^9#h
jqN-r?(k?aK"=liNcKO"DM"kH"VisI""k$O=J
JIN>0,^^lF$klg,"j^9#3liN>NO9YFMuNbNG"
j">Nd;j,`w9kkH,B_7F$kH7Fb"=lOv3K9.^;
s#
xn"HQvz:
\qKO"M9J*Zl<F#s0&WiCHU)<`GNWm0i_s0j!r
c(9k5sWk&"Wj1<7gs&Wm0i`,=<9@lGG\5lF$^
9#*RMO"5sWk&Wm0i`,q+lF$k*Zl<F#s0&WiCH
64
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
U)<`N"Wj1<7gs&Wm0i_s0&$s?<U'<9K`r7?"W
j1<7gs&Wm0i`N+/"HQ"Nd"[[r\*H7F"$+JkA0
K*$Fb"IBM KPArY'&3HJ/3lr#=7"~Q7"[[9k3H,
G-^9#3N5sWk&Wm0i`O""ifkro<K*1k04JF9Hr
PF$^;s#>CF IBM O"3liN5sWk&Wm0i`KD$F.j-"
xX-b7/O!=-,"k3Hr[Na+7?j"]Z9k3HOG-^;s#
*RMO"IBM N"Wj1<7gs&Wm0i_s0&$s?<U'<9K`r7
?"Wj1<7gs&Wm0i`N+/"HQ"Nd"[[r\*H7F"$+J
kA0K*$Fb" IBM KPArY'&3HJ/3lr#=7"~Q7"[[9
k3H,G-^9#
3Npsr=UH3T<G4wKJCF$klgO"L?d+i<N^=O=(5
lJ$lg,"j^9#
&8
IBM"IBM m4"*hS ibm.com® O"$&N?/NqGP?5l? International
Business Machines Corporation N&8G9#>N=J>*hS5<S9>yO"=l
>l IBM ^?OFRN&8G"klg,"j^9#=~@GN IBM N&8j9H
KD$FO"http://www.ibm.com/legal/copytrade.shtml r4w/@5$#
Adobe"PostScript O"Adobe Systems Incorporated NFq*hS=N>NqK*1
kP?&8^?O&8G9#
IT Infrastructure Library OQq Office of Government Commerce NltG"k the
Central Computer and Telecommunications Agency NP?&8G9#
$sFk"Intel"Intel m4"Intel Inside"Intel Inside m4"Intel Centrino"Intel
Centrino m4"Celeron"Intel Xeon"Intel SpeedStep"Itanium"Pentium O"Intel
Corporation ^?ORqRNFq*hS=N>NqK*1k&8^?OP?&8G
9#
Linux O"Linus Torvalds NFq*hS=N>NqK*1k&8G9#
Microsoft"Windows"Windows NT *hS Windows m4O"Microsoft Corporation
NFq*hS=N>NqK*1k&8G9#
ITIL OQq Office of Government Commerce NP?&8*hS&1NP?&8G"
CF"FqCv&8#KFP?5lF$^9#
UNIX O The Open Group NFq*hS=N>NqK*1kP?&8G9#
Java *hS9YFN Java X"N&8*hSm4O Oracle d=NX"qR
NFq*hS=N>NqK*1k&8^?OP?&8G9#
Cell Broadband Engine, Cell/B.E O"Fq*hS=N>NqK*1k Sony Computer
Entertainment, Inc. N&8G"j"1RNvzru1FHQ7F$^9#
C-v`
65
Linear Tape-Open"LTO"LTO m4"Ultrium"*hS Ultrium m4O"HP"IBM
Corp. *hS Quantum NFq*hS=N>NqK*1k&8G9#
66
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
Ql8
g@U (secret).
f<6<7+NiJ$ps#
"+&sH&G<? (account data). 'Z5<S9r!
Z9k?aK,WJm0*sps#f<6<>"Q9o
<I"*hSm0*sps,J<5lF$k'Z5<S
9,:v9k#
"+&sH&G<?&FsWl<H (account data
template). CjN AccessProfile rHQ7F}85lk
qJpsQK"]I5lk"+&sH&G<?NU)<
^CHrjA9k#
"+&sH&G<?&PC0 (account data bag). "W
j1<7gsG7s0k&5$s*s,BT5lF$k
V"f<6<qJpsrabj<K]}9kG<?=$
N#
"+&sH&G<?`\ (account data item).
sK,WJf<6<qJps#
m0*
"+&sH&G<?`\FsWl<H (account data
item template). "+&sH&G<?`\NWmQF#
<rjA9k#
"/7gs (action). WmU!$kK*$F""/7g
sHO"Hj,<XN~zH7FBTG-k`nN3H
G"k#c(P"5$s*s&&#sI&,=(5lk
H90K"f<6<>HQ9o<IN\Yr+0~O9
kJI#
"/F#V RFID (ARFID) (Active RFID (ARFID)).
ARFID O"h 2 WGHWl<s9!P!=N>}G"
k#3lOf<6<NWl<s9r!PG-"CjN"
/7gsrBT9kh&K AccessAgent r=.9k3H
,G-k#
"/F#VJa\PC8 (Active Proximity Badge).
ARFID +<IHbFPlk#RFID +<IHwF$k
,"hjs}Na\j<@<G!P5lk#
"Wj1<7gs (application). AccessStudio GO"'
ZqJpsrI_hC?j~O7?j9k?aNf<6
<&$s?<U'<9rs!9k79F`rX9#
"Wj1<7gs&Wm0i_s0&$s?<U'<9
(API) (Application Programming Interface (API)). b
e`@lGq+l?"Wj1<7gs&Wm0i`,"
*Zl<F#s0&79F`^?O>NWm0i`NC
jG<?^?O!=rHQG-kh&K9k?aN$s
?<U'<9#
© Copyright IBM Corp. 2002, 2012
"Wj1<7gs&]j7< (application policies). "
Wj1<7gsKdjvFil?]j7<#c(P"Q
9o<I&]j7<"F'Z]j7<"m0*U&]j
7<JI,"k#
Ef="Wj1<7gs&Wm0i_s0&$s?<U
'<9 (CAPI) (Cryptographic Application
Programming Interface (CAPI)). Windows *Zl<F
#s0&79F`N"Wj1<7gs&Wm0i_s
0&$s?<U'<9NlD#Ef=rHQ7F
Windows Y<9N"Wj1<7gsr]n9k?aND
<kr+/TKs!9k#
Ef=5<S9&WmP$@< (CSP) (Cryptographic
Service Provider (CSP)). 3Nb8e<kO"Ef=!
=H9^<H&+<IKP9k CAPI $s?<U'<9
rs!9k#
EZVf (PIN) (Personal Identification Number
(PIN)). 9^<H&+<IXN"/;9r]n9kQ9
o<Ir=9# PIN O"9^<H&+<IGHQ5l
k#
$YsH&3<I (event code). IW5lF ESSO F
:m0&F<VkK-?5lkCjN ESSO $YsH
r=9#
(s?<Wi$:&G#l/Hj< (enterprise
directory). IBM Security Access Manager for Enterprise
Single Sign-On f<6<rjA9kf<6<&"+&s
HNG#l/Hj<#3lO"Q9o<I,(s?<W
i$:&G#l/Hj<&Q9o<IH1|7F$kl
g"f<6<NqJpsr5$s"CW*hSm0*s
NH-K!Z9k#(s?<Wi$:&G#l/Hj<
NcH7FO"Active Directory ,"k#
(s?<Wi$:&f<6<> (enterprise user
name). (s?<Wi$:&G#l/Hj<bNf<6
<&"+&sHNf<6<>#
+<I&7j"kVf (CSN) (Card Serial Number
(CSN)). O$VjCI&9^<H&+<Ir1L9kG
-NG<?#9^<H&+<IK$s9H<k5lF$
kZ@qHO5X8G"k#
09H" (keystore). ;-ejF#<K*$F"ID *
hSk)0,]I5lkU!$k^?OO<I&'"E
f+<IG"'Z*hSEf=KHQ9k#ltN09
H"O"Hi9FCI0D^jx+0b^`#
67
>["Wi$"s9 (virtual appliance). CjQS~1
N>[^7s&$a<8G"j">[=WiCHU)<
`KGWm$5lk#
>[AcMk&3M/?< (virtual channel
connector). >[AcMk&3M/?<O"<v5<S
9D-GHQ5lk#>[AcMk&3M/?<O"/
i$"sH AccessAgent 3s]<MsHH5<P<
AccessAgent 3s]<MsHVNjb<H&;C7gs
rI}9k?aN>[L.AcMkrN)9k#
>[Wi$Y<H&MCHo</ (VPN) (Virtual
Private Network (VPN)). x0^?Od_MCHo</
N{8NUl<`o</eKH%7?kH$sHiMC
H#VPN O"\3N 2 DN*@VGw.5l?G<?
rNBK;-e"K]D#
>[asP<&^M<8c< (VMM) (Virtual Member
Manager (VMM)). p\*JH%(sF#F#<&G<
? (DM"m0*s&"+&sH";-ejF#<rd
JI) KB4K"/;99k!=r"Wj1<7gsK
s!9k WebSphere Application Server 3s]<Ms
H#
F: (audit). f<6<"I}T"*hSXkW&G9
/N"/F#SF#<rm0K-?9kWm;9#
V\'Zps (indirect auth-info). WmU!$kK*$
F"V\'ZpsHO"{8N'Z5<S9KP9kV
\*J2HG"k#
04$~Ia$s> (FQDN) (fully qualified domain
name (FQDN)). Ia$s&M<`N9YFN5VM<
`r^`[9H&79F`N>0#c:
ims.example.com#
I}T (Administrator). 3Nrdrj-9kH"Ff
<6<"rd"]j7<"*hSl]<HrI}G-k
h&KJk#I}TO"IMS Server +i AccessProfile
Nn.""CWm<I*hS@&sm<IrT(k#
I}P]N<I (managed node). Websphere
Application Server GO"GWm$asH&^M<8c<
K}g5lF*j"N<I&(<8'sH,H_~^l
F$kN<IrX9#3NN<IKO"I}P]5<P
<r^ak3H,G-k#
p\1L> (base distinguished name).
<&5<P<bN!w+O@r(9#
G#l/Hj
&-G9/HCW (shared desktop). #tNf<6<,
FQN Windows G9/HCWr&-9kG9/HC
W&9-<`#
&-o</9F<7gs (shared workstation). #tN
f<6<VG&-5lko</9F<7gs#
/OJG8?k ID (strong digital identity). 6>rH
Q9kN,$qJ"*si$seNM*#9^<H&+
<INk)0G]n5lF$klg,"k#
/OJ'Z (strong authentication). kHN-&Nbt
*hS0tN>}G"?WG'ZGP$9rHQ7F!
)NkHpsH IT MCHo</XN5vD"/;9r
I_9k=je<7gs#
vD3<I (authorization code). IBM XkW&G9
/&f<6<,8.9kQtz3<I#
AccessAgent"AccessAssistant"*hS Web Workplace
GQ9o<I&j;CH^?O 2 WG'ZP$Q9r
0;9k?aKf<6<Ks!5lk#
/i$"sH AccessAgent (Client AccessAgent). /i
$"sH&^7sK$s9H<k5l"T/7F$k
AccessAgent#
/i$"sH&o</9F<7gs"/i$"sH&^
7s"/i$"sH&3sTe<?< (client
workstation, client machine, client computers).
AccessAgent ,$s9H<k5lF$k3sTe<?
<#
/i9?< (clusters). WebSphere Application Server K
*$F"/i9?<HOo</m<I&Pis7s0H
U'$k*<P<N?aK3i\l<7gs9k"Wj
1<7gs&5<P<N0k<WG"k#
/i9?<= (clustering). WebSphere Application
Server GO"/i9?<=HO"Wj1<7gs&5<
P<r0k<W=9k!=G"k#
0iU#+k1L*hS'Z (GINA) (Graphical
Identification and Authentication (GINA)). 'ZWGK
/GK}g5l?f<6<&$s?<U'<9"*hS
Q9o<INj;CH&*W7gsHh 2 WGNP$
Q9&*W7gsrs!9k Windows N@$J_C
/&js/&i$Vij<#
0k<W&]j7<&*V8'/H (GPO) (Group
Policy Object (GPO)). Active Directory bN0k<
W&]j7<_jN3l/7gs#0k<W&]j7
<&*V8'/HO"0k<W&]j7<&9JCW$
sKhCFn.5lk8qG"k#0k<W&]j7
<&*V8'/HOIa$s&lYkG]I5l"5$
H"Ia$s"*hSH%1LK^^lF$kf<6<
H3sTe<?<KFArZ\9#
ZLb<I (lightweight mode). 5<P< AccessAgent
Nb<I#ZLb<IGBT9kH"Citrix/Terminal
68
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
Server eN AccessAgent Nabj<&UCHWjsH
,o:5l"7s0k&5$s*sN/0NjW~V,
;L5lk#
x+Q_"Wj1<7gs (published application).
Citrix XenApp 5<P<K$s9H<k5lF*j"
Citrix ICA /i$"sH+i"/;9D=J"Wj1<
7gs#
x+G9/HCW (published desktop). f<6<,$
DGb"I3Gb"INGP$9+iGb"Windows G
9/HCW4NKP7Fjb<H&"/;9G-k
Citrix XenApp N!=#
bDQ- (HA) (high availability (HA)). v0jA5l
?5<S9&lYkK7?,CF9YFNd_KQ("
h}!=rs!731k"IT 5<S9N=O#P]H
Jkd_KO"]idPC/"CWJINWh5l?$
YsHH"=UH&'"c2"O<I&'"c2"E;
c2"*hSR2JINWh0N$YsHN>},^^
lk#
DMQ"Wj1<7gs (personal applications).
AccessAgent ,qJpsr]I*hS~OG-k
Windows *hS Web Y<9N"Wj1<7gs#
DMQ"Wj1<7gsNcH7FO"Web Y<9N
a<k&5$H (kHNa<kJI)"$s?<MCH&
Ps-s0&5$H"*si$s&7gCTs0&5$
H"AcCH"$s9?sH&aC;<8s0&Wm0
i`JI,"k#
DMQG9/HCW (personal desktop). 3NG9/H
CWO">NINf<6<Hb&-5lJ$#
3^sITD<k (CLT) (Command Line tool
(CLT)). CjN?9/rBT9k3^sIr~O9k3
HKhj"3sTe<?<N*Zl<F#s0&79F
`^?O=UH&'"HPC9ka+K:`#
5<P< AccessAgent (Server AccessAgent). Microsoft
Windows Terminal Server ^?O Citrix 5<P<KGW
m$5l? AccessAgent#
5<P<&m1<?< (server locator). 18'Z5<
S9GN'Z,,WJ"X"9kl"N Web "Wj1
<7gsr0k<W=9k#AccessStudio GO"5<P
<&m1<?<O""Wj1<7gshL,X"U1i
lF$k'Z5<S9r1L9k#
5<S9&WmP$@<&$s?<U'<9 (SPI)
(Service Provider Interface (SPI)). 3N$s?<U'
<9Khj"Ys@<O"7j"kVfrw(?$UN
GP$9r IBM Security Access Manager for Enterprise
Single Sign-On K}g7"=NGP$9r AccessAgent
Nh 2 WGH7FHQG-k#
R2|l (disaster recovery). 5<S9HG<?r|5
7F"R2+i|l9kWm;9#
R2|l5$H (disaster recovery site).
/D-Nlj#
2 !*JBT
5$lsH&b<I (silent mode). f<6<,Wm0
i`HPC7J$$s9H<k&b<I#=UH&'"
O"9/jWHrL8F$s9H<k5lk#
5$s"CW (sign-up). IMS Server rHQ7?"+&
sHNWa#Wm;9NlDH7F"f<6<K Wallet
,/T5lk#=Nef<6<O"1 DJeNh 2 W
Gr IMS Server KP?G-k#
5$s*sps (sign-on information). ;-e"&"W
j1<7gsXN"/;9"rf<6<KU?9k?a
K,WJps#3NpsKO"f<6<>"Q9o<
I"Ia$sps"*hSZ@q,^^lk#
5$s*sN+0= (sign-on automation). "Wj1<
7gs&f<6<&$s?<U'<9H"07Ff<6
<N5$s*s&Wm;9r+0=9kF/Nm8<#
2Hf<6< (lookup user). (s?<Wi$:&G#
l/Hj<G+,+Hr'Z7F">Nf<6<r!w
9kf<6<#IBM Security Access Manager for
Enterprise Single Sign-On O"2Hf<6<rHQ7
F"Active Directory ^?O LDAP (s?<Wi$:&
j]8Hj<+if<6<0-rh@9k#
qJps (credentials). f<6<>"Q9o<I"Z@
q"*hS'ZK,WJ=N>Nps#'ZWGO"q
JpsH7FNrdrL?9#IBM Security Access
Manager for Enterprise Single Sign-On GO"qJpsO
Wallet G]I*hS]n5lk#
1L> (distinguished name). G#l/Hj<bN`\
rlU*K1L9k>0#1L>O"0-HMNZ"r
3s^GhZC?bN+i=.5lk#c(P"CN O
DM>G"j"C Oq^?OOhG"k#
70KAc< (signature). WmU!$kK*$F"7
0KAc<HO"$UN"Wj1<7gs"&#sI
&"^?OU#<kING-1LpsG"k#
79F`&b<@k&aC;<8 (system modal
message). Lo"EWJaC;<8r=(9k?aKH
Q5lk79F`&@$"m0&\C/9#79F`&
b<@k&aC;<8,=(5l?H-O"=NaC;
<8rD8k^G"hLeG>K?b*rG-J$#
Ql8
69
AdHg@U (secret question and answer). f<6<
7+z(rNiJ$Ad#IBM Security Access Manager
for Enterprise Single Sign-On NN1Y<9'ZNlDH
7F"f<6<O"$/D+Ng@UKD$FAd5l
k#
+05$s*s (automatic sign-on). f<6<,5$s
*s+0=79F`Km0*s9kH"79F`,=N
f<6<r>N9YFN"Wj1<7gsKm0*s5
;k!=#
+0h@ (auto-capture). 79F`,"Fo"Wj1<
7gsNf<6<qJpsr-19k3HrD=K9k
!=#3liNqJpsO"GiKHQ5lkH-Kh
j~^l"#eNHQN?aK Wallet G]I*hS]
n5lk#
+0m~ (auto-inject). 79F`,"m0*s+0=K
hj"Fo"Wj1<7gsNf<6<qJpsr+0
*K~O9k3HrD=K9k!=#
>hN7s0k&5$s*s (conventional single
sign-on). Web Y<9N7s0k&5$s*s&79F
`#LoO"8f?"<-F/Ac<Khk5<P<&
5$IN}g,,WG"k#
7j"k ID 5<S9&WmP$@<&$s?<U'<
9 (SPI) (Serial ID Service Provider Interface (SPI)).
2 WG'ZKHQ5lk5<I&Q<F#<=N7j"
k ID GP$9K AccessAgent r}g9k?aNWm0
i^AC/&$s?<U'<9#
7j"kVf (serial number). IBM Security Access
Manager for Enterprise Single Sign-On -<Kda~^l
kG-NVf#-<4HKG-G"j"Q9G-J$#
7s&/i$"sH (thin client). =UH&'",[H
sI"^?O4/$s9H<k5lF$J$/i$"s
H&^7s#\3hNMCHo</&5<P<eGT/
7F$k"Wj1<7gsHG9/HCW&;C7gs
K"/;9G-k#7s&/i$"sH&^7sO"o
</9F<7gsNh&J04J!=r}D/i$"s
HNeXG"k#
7s0k&5$s*s (single sign-on). f<6< ID
HQ9o<Ir 1 sXj9k@1G"#tN"Wj1
<7gsK"/;9G-k!=#
9?sI"ms&5<P< (stand-alone server). >N
9YFN5<P<+iH)7FI}5lk"04Kn0
D=J5<P<#H+NI}3s=<krHQ9k#
70
9?sI"ms&GWm$asH (stand-alone
deployment). H)7? WebSphere Application Server
WmU!$keK IMS Server rGWm$9kGWm$
asH&?$W#
9^<H&+<I (smart card). 9^<H&+<I
O"b"s)NMCHo</rHQ7FG<?h}rT
&h&n.5l?"]1CH&5$:N+<I#9^<
H&+<IO""Wj1<7gs+i~Oru.9k3
H,G-"psrw.9k3HbG-k#
9^<H&+<I&_Ik&'" (smart card
middleware). 9^<H&+<I&"Wj1<7gsH
9^<H&+<I&O<I&'"VN$s?<U'<9
H7F!=9k=UH&'"#Lo"3N=UH&'"
O"PKCS#11 rBu7?i$Vij<H"9^<H&
+<IXN CAPI $s?<U'<9+i=.5lk#
)f (control). hLeN$UNU#<kI#c(P"
Web Z<8eNf<6<>NF-9H&\C/9^?
OVOKW\?s#
;-e"&jb<H&"/;9 (Secure Remote
Access). U!$"&)<kN0t+i"9YFN"W
j1<7gsXN Web Vi&6<&Y<9N7s0
k&5$s*srs!9k=je<7gs#
;-ejF#< trust 5<S9&A'<sJsecurity
trust service chain). trust 5<S9&A'<sO"lo
KHQ9kh&K=.5l?b8e<k&$s9?s9
N0k<WG"k#A'<sbNFb8e<k&$s9
?s9O"g!FSP5l"WaKP9k4NNh}N
ltH7FCjN!=rBT9k#
;-ejF#<&H</s&5<S9 (STS) (Security
Token Service (STS)). ;-ejF#<&H</sN/
T*hSr9KHQ5lk Web 5<S9#
;-ejF#<4vT (security officer). ID Wallet ;
-ejF#<&]j7<*hS=N>N"Wj1<7g
s&]j7<rjA9k4vT#
;C7gsI} (session management). lQG9/H
CW*hS&-G9/HCWeGNf<6<&;C7g
sNI}#
;k (cell). WebSphere Application Server K*$F"
;kHOGWm$asH&^M<8c<H 1 DJeN
N<I+i=.5lk>[*J1LG"k#
;kU5<S9!= (self-service features). f<6<,
XkW&G9/dI}T+iNYgrG-k@1u1:
K"p\*J?9/ (Q9o<Idg@UNj;CHJ
I) rT(kh&K9k IBM Security Access Manager
for Enterprise Single Sign-On N!=#
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
P}~@l5]<H (bidirectional language support).
F-9H,&+i8XH=(5lkXVi$lH"iS
"lKP9k5]<H#
G9/HCW&^M<8c< (Desktop Manager). 1 D
No</9F<7gseN1~f<6<&G9/HCW
rI}9k#
@$J_C/&js/&i$Vij< (DLL) (dynamic
link library (DLL)). js/fGOJ/"m<I~^?
OBT~KWm0i`KP$sI5lkBTD=3<I
*hSG<?r^`U!$k#DLL bN3<I*hS
G<?O"#tN"Wj1<7gsG1~K&-Gk#3NU!$kO"Windows WiCHU)<`KN_
,Q5lk#
GWm$asH&^M<8c< (deployment manager).
>N5<P<N@}0k<W"9JoA;kN`nrI
}*hS=.9k5<P<#
PC00iU#C/&b<I (interactive graphical
mode). l"NQMk,g!=(5l"X(K>CFp
sr~O7F$/H$s9H<k,0;9k#
>\'Zps (direct auth-info). WmU!$kK*$
F">\'ZpsHO{8N'Z5<S9KP9k>\
*J2HG"k#
GWm$asH&^M<8c<&WmU!$k
(deployment manager profiles). >N5<P<N@}*
J0k<W^?O;kN?QrI}9k WebSphere
Application Server is?$`D-#
)a*hLmC/ (transparent screen lock). IBM
Security Access Manager for Enterprise Single Sign-On
N!=#-zK9kH"f<6<OG9/HCWhLr
mC/G-k,"G9/HCWNbFOz-3-2HG
-k#
G<?&=<9 (data source). "Wj1<7gs,G
<?Y<9+iG<?K"/;99k}!#
P? (register). IBM Security Access Manager for
Enterprise Single Sign-On "+&sHK5$s"CW7
F"IMS Server Kh 2 WGrP?9k3H#
G<?Y<9 (DB) 5<P< (Database (DB) server).
G<?Y<9&^M<8c<rHQ7F=UH&'"&
Wm0i`^?O3sTe<?<KG<?Y<9&5<
S9rs!9k=UH&'"&Wm0i`#
Ia$s&M<`&5<P< (DNS) (domain name
server (DNS)). Ia$s&M<`r IP "Il9K^C
W9k3HKhj">0H"Il9VNQ9rs!9k
5<P<&Wm0i`#
G<?Y<9&lWj1<7gs (database
replication). 18G<?Y<9N3T<r#tn.7F
]}9k3H#
Hi9H9H" (truststore). ;-ejF#<K*1k
-1*V8'/H (U!$k^?OO<I&'"Ef+
<I)#3N*V8'/HKO"Web His6/7gs
N'ZKHQ9k?aK".jG-kZ@qNA0Gx
+0,]I5lk#"Wj1<7gsKhCFO"3l
iN.jG-kZ@q,"Wj1<7gs09H"K\
05l"k)0HloK]I5lk#
G#l/Hj< (directory). H%bNDMHj=<9
KX9kpsN=$=j]8Hj<#3lKhj"I}
HL.,FWKJk#
G#l/Hj<&5<P< (directory server).
/Hj<&5<S9r[9H9k5<P<#
G#l
G#l/Hj<&5<S9 (directory service). MCH
o</eN9YFNf<6<*hSj=<9N>0"W
mU!$kps"^7s&"Il9NG#l/Hj<#
f<6<&"+&sH*hSMCHo</&"/;9"
rI}9k#f<6<>rw.9kH"=Nf<6<N
0-,V5lk#3lKO"ECVf*hS E a<
k&"Il9,^^lklg,"k#G#l/Hj<&
5<S9GO"LoO,X=5l?_WGGa$!wr
D=K9k"bYK,=7?G<?Y<9rHQ9k#
G9/HCW&"Wj1<7gs (desktop
application). G9/HCWGBT5lk"Wj1<7
gs#
Hj,< (trigger). WmU!$kK*$F"Hj,<
HO"uV(s8sbGuVN+\rz-/39$Ys
HG"k (Web Z<8Nm<Id"G9/HCWeN&
#sI&N=(JI)#
hjC7 (revoke). IBM Security Access Manager for
Enterprise Single Sign-On K*$F"hjC7HO"f
<6<N'ZWGrhjC93H"^?Of<6<+N
rhjC93HrX9#
'ZI (CA) (Certificate authority (CA)). G8?kZ
@qr/T9k.jG-kH%^?OkH#'ZIO"
Lo"G-NZ@qrU?5l?DMNH5rZ@9
k#
'Z5<S9 (authentication service). IBM Security
Access Manager for Enterprise Single Sign-On K*$
F""+&sHNEv-rv:"+&sHNf<6<&
9H"^?OkHNG#l/Hj<HHg7F!Z9k
Ql8
71
5<S9#hLKX"U1il?'Z5<S9r1L9
k#CjN'Z5<S9G]85l?"+&sH&G<
?,"jAfNm0*shLKh@5l"+0~O5l
k#jA5l?m0*shL+i}85l?"+&s
H&G<?O"3N'Z5<S9G]85lk#
'ZWG (authentication factor). G8?k ID N!Z
N?aKqJpsH7F,WJ"FoGP$9"P$*
aHj/9"^?Og@U#'ZWGNcH7FO"Q
9o<I"9^<H&+<I"RFID"P$*aHj/
9"*hSos?$`&Q9o<I&H</s,"k#
MCHo</&GWm$asH (network deployment).
/i9?<&GWm$asHHbFPlk#WebSphere
Application Server /i9?<K IMS Server rGWm$
9kGWm$asH&?$W#
N<I (nodes). Websphere Application Server K*$
F"N<I&(<8'sHH 1 DJeN5<P<&$
s9?s9+i=.5lk>[*J1LrX9#
N<I&(<8'sH (node agent). Websphere
Application Server K*$F"N<I&(<8'sHO"
5<P<&Wm;9rn.*hS*;9kWm;9G"
k#N<I&(<8'sHO"GWm$asH&^M<
8c<HN<IVG=.N1|bT&#
P$*aHj/9 (biometrics). f<6<NHN*C(Xf"zL"i"<"^?O.WJI) KpE$?f<
6<N1L#
O$VjCI&9^<H&+<I (hybrid smart card).
x+0EfACWH RFID ACWrk\7?"ISO-7816
`rN9^<H&+<I#EfACWO"\($s?<
U'<9rL8F"/;9G-k#RFID ACWO"s
\( (RF) $s?<U'<9rL8F"/;9G-k#
P$sI1L> (bind distinguished name). "Wj1
<7gs&5<P<,G#l/Hj<&5<S9K\3
9k?aKHQ9kqJpsrXj9k#G#l/Hj
<bN`\rlU*K1L9k1L>#V1L>
(distinguished name)Wb2H#
Q9o<I&(<8s0 (password aging). f<6<,
+,NQ9o<IrQ9G-kQYr(9#
Q9o<I~O*W7gs (password entry option).
AccessAgent NQ9o<I~O}!KX9k*W7g
s#V+0m0*sW"Vo~W"VRMkW"V?b
7J$)Wr*rG-k#
Q9o<IN#(5 (password complexity). Q9o<
ING.9HGg9"QtzNG.t"*hSg/.8z
N._ND]r(9#
72
k)0 (private key). j-TKhCFk)N^^K5
lk"Ef=^?OEf=r|N0#x+0Ef}0G
Ef=*hSEf=r|KHQ5lk 2 DN0NZ"
N&AN 1 DG"k#
U#C/9QC/ (fix pack). 918e<k5l?jU
lC7e&QC/"^KeU!/Acjs0&jUlC
7e"^?Ojj<9NVGHQD=KJC?U#C/
9N_QN8g#3lO"*RM,CjN]ilYkK
\TG-k3Hr\*H7F$k#
U'$k*<P< (failover). =UH&'""O<I&
'""^?OMCHo</NfG,/87?lgKi9
79F`^?O9?sP$&79F`K79F`rZj
X(k+0`n#
Wi$Y<H&G9/HCW (private desktop). 3NG
9/HCW&9-<`GO"f<6<Oo</9F<7
gsbKF+N Windows G9/HCWr}D#0Nf
<6<,o</9F<7gsKaCF"smC/9k
H"AccessAgent O0Nf<6<NG9/HCW&;C
7gsKZjX("GeKTolF$??9/rF+9
k#
Wl<s9!P!= (presence detector). 3NGP$9
r3sTe<?<K_V9kH"f<6<,3sTe<
?<r%l?3H,!P5lkh&KJk#3NGP$
9Khj";~V3sTe<?<+i%lkH-K"3
sTe<?<rj0GmC/9k,W,J/Jk#
WmS8gKs0 API (Provisioning API). IBM
Security Access Manager for Enterprise Single Sign-On
,f<6<NWmS8gKs0&79F`H}gG-k
h&K9k$s?<U'<9#
WmS8gKs0&79F` (provisioning system). (
s?<Wi$:bN"Wj1<7gs&f<6<N ID
i$U&5$/kI}rs!7"=liNf<6<Nq
JpsrI}9k79F`#
WmS8gKs0&VjC8 (provisioning bridge).
SOAP \3rHQ9k API i$Vij<rHQ7F"
5<I&Q<F#<&WmS8gKs0&79F`Kh
k IMS Server qJpsN[[Wm;9r+0=9k#
WmS8gs (provision). 5<S9"3s]<Ms
H""Wj1<7gs"^?Oj=<9rs!"GWm
$"*hSIW9k3H#
WmS8gsr| (deprovision). 5<S9^?O3s
]<MsHro|9k3H#c(P""+&sHNWm
S8gsr|Oj=<9+iN"+&sHNo|rU#
9k#
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
,6 IMS Server (distributed IMS Server).
Server O"#tNOhKGWm$5lk#
IMS
XkW&G9/rd (Help desk role). IBM Security
Access Manager for Enterprise Single Sign-On f<6<
NCjN0k<WrI}9k"Brj-TKU?9kr
d#XkW&G9/N?9/H7FO"Q9o<INj
;CH"vD3<IN/T"f<6<N"/;9"Nh
jC7JI,"k#
]<?k (portal). +9?^$:*hSDL_jGk"5^6^Jps""Wj1<7gs"*hSDMK
"/;99k?aN1lNB4J]$sH#
[9H> (host name). $s?<MCHL.K*$F"
3sTe<?<K?(ilk>0#[9H>O"04$
~Ia$s&M<` (c:
mycomputer.city.company.com) "k$OCjN5VM<
` (c: mycomputer) rXjG-k#
[CH&-< (hot key). [Jk"Wj1<7gsV"
^?O"Wj1<7gsN[Jk!=VG`nr7UH
9k?aKHQ5lk-<&7<1s9#
]j7< (policy). IBM Security Access Manager for
Enterprise Single Sign-On Enterprise N?QrI}9k?
aNbN#
]j7<&FsWl<H (policy template). f<6<,
Gj]j7<WGHDQ]j7<WGrXj9k3HK
hj]j7<rjAG-k"v0jAN]j7<&U)
<`#3lKO"^7s&]j7<&FsWl<H"f
<6<&]j7<&FsWl<H"*hS79F`&]
j7<&FsWl<H,"k#
^7sP?/5$s"CW (machine registration / sign
up). 5<S9rHQ9k?aK^7sr ISAM ESSO
KP?9kWm;9#
5~KhkDN1L (RFID) (Radio Frequency
Identification (RFID)). =JN7j"kVfr"?0+
i9-cJ<X"M,p~9k3HJ/Aw9k5~F
/Nm8<#
bP$k'Z (mobile authentication). bP$k&f<
6<,"MCHo</NI3+iGbkHNj=<9K
B4K5$s*sG-kh&K9k'ZWG#IBM
Security Access Manager for Enterprise Single Sign-On
GO"Wallet *hS=N>N(s?<Wi$:&"Wj
1<7gsQN*W7gsN'ZWG,s!5lk#c
(P"SMS d7g<H&aC;<8s0&5<S9r
L8F"IBM Security Access Manager for Enterprise
Single Sign-On ActiveCode ,bP$k&GP$9Kw.
5lk#
f<6<&WmS8gKs0 (user provisioning). IBM
Security Access Manager for Enterprise Single Sign-On
rHQ9k?aKf<6<r5$s"CW9k3H#
f<6<&WmS8gsr| (user deprovisioning).
IBM Security Access Manager for Enterprise Single
Sign-On +if<6<&"+&sHro|9k3H#
f<6<qJps (user credential). f<6<"0k<
WX"U1"^?O=N>N;-ejF#<X"N1L
0-r-R9kps#'ZfKh@5l""BU?"F
:"Q$JIN5<S9rBT9k?aKHQ5lk#
c(P"f<6< ID HQ9o<IO"MCHo</*
hS79F`&j=<9XN"/;9rD=K9kqJ
psG"k#
f<6<P?/5$s"CW (user registration / sign
up). 5<S9rHQ9k?aKf<6<r79F`K
P?9kWm;9#
f<6<NJWZjX( (fast user switching). "Wj
1<7gsr*;7Fm0"&H7J/Fb"1lNo
</9F<7gseG#tNf<6<&"+&sHrZ
jX(k3HNG-k!=#
f<6<rd (user role). 5$s*s+0=N?a
AccessAgent rHQ9kNK,WJrd#3NrdO"
IBM Security Access Manager for Enterprise Single
Sign-On 79F`K*$F"3 D"kv0jAQ_N
IBM Security Access Manager for Enterprise Single
Sign-On rdNlDG"k#
-zOO (scope). IBM Security Access Manager for
Enterprise Single Sign-On GO"]j7<,,Q5lk
OOrX9#79F`"f<6<"^?O^7s&lY
kK_jG-k#
is@`&Q9o<I (random passwords). 8.5l
kQ9o<IG"/i$"sHH5<P<VN'Z;ejF#<r/=9k#is@`&Q9o<INQ9H
O"/i$"sHH5<P<VN"/;9&3<Iri
s@`J8zsrHQ7FQ99kWm;9G"k#
3NQ9O"/i$"sHH5<P<,;-e"J;C
7gsr&-7F$klgKN_BTG-k#!s/i
$"sH,5<P<K"/;99k,W,"kH-O"
77$is@`&Q9o<IrHQ7F";-e"J;
C7gsrFN)G-k#
jb<H&G9/HCW&WmH3k (RDP) (Remote
Desktop Protocol (RDP)). Windows Y<9N5<P
<&"Wj1<7gsNjb<H=(*hS~OrMC
Ho</\3rp7FFWKT&3H,G-kh&K9
kWmH3k#RDP O"5^6^JMCHo</&H
]m8<H"#tN\3r5]<H7F$k#
Ql8
73
k<H'ZI (CA) (root certificate authority (CA)).
'ZI,XNGetN'ZI#Z@qj-TN ID N5
?-rZ@9k#
K AccessProfile bKda~^lk"VBscript ^?O
Javascript Gn.5l?9/jWHNGR#AccessProfile
N!=rH_~_Hj,<*hS"/7gsr6(FH
%9k?aKHQ5lk#
l89Hj< (registry). ^7s&]j7<O"Lo
AccessAdmin G=.5lk,",WG"lP Windows
l89Hj<G=.9k3HbG-k#CK
pid_machine_policy_override_enabled ]j7<,VO$W
K_j5lF$klgO3N=.rHQ9k#VO$W
O"I}T, Windows l89Hj<rHQ7F^7
s&]j7<rQ97J1lPJiJ$3HrU#9
k#
AccessProfiles. AccessAgent O"3N XML EMrH
Q7F"7s0k&5$s*sH+0=rBTG-k"
Wj1<7gshLr1L9k#
l89Hj<&O$V (registry hive). Windows 79
F`G"l89Hj<K]I5lF$kG<?N=$#
AccessStudio. I}T, AccessProfile Nn.H]iN
?aKHQ9k"Wj1<7gs#
".psh}8` (FIPS) (Federal Information
Processing Standard (FIPS)). Fq".ps&;QI,
n.7?8`,J#
Active Directory (AD). MCHo</4NNB4J8f
I}rD=K9k,XG#l/Hj<&5<S9#
Microsoft Windows WiCHU)<`Nf4=.WGG
"k#
m<I&Pis5< (load balancer). MCHo</^
?O"Wj1<7gsNHiU#C/r?tN5<P<
K,69kO<I&'"^?O=UH&'"#
AccessAssistant. f<6<,+,NQ9o<Irj;C
H7?j"Wj1<7gsNqJpsrh@7?j9k
?aKr)D"Web Y<9N$s?<U'<9#
Active Directory qJps (Active Directory
credentials). Active Directory f<6<>*hSQ9o
<I#
m<I&Pis7s0 (load balancing). "Wj1<7
gs&5<P<NbK?<"*hS5<P<eNo</
m<II}#1 DN5<P<,=No</m<Ir6(
kH"hj=ONb$LN5<P<KWa,>w5l
k#
Active Directory Q9o<IN1| (Active Directory
password synchronization). ISAM ESSO Q9o<IH
Active Directory Q9o<Ir1|5;k IBM Security
Access Manager for Enterprise Single Sign-On N!=#
os?$`&Q9o<I (OTP) (One-Time Password
(OTP)). 'Z$YsHN?aK8.5lk"1 sBjN
Q9o<I#/i$"sHH5<P<NVG";-e"
JAcMkrp7FA#5lk3H,"k#
ActiveCode. IBM Security Access Manager for
Enterprise Single Sign-On G8.*hS!Z5lk"l
~*J'Z3<I# ActiveCode KO"Mobile
ActiveCode H Predictive ActiveCode N 2 o`,"k#
1 !'ZWG (primary authentication factor). IBM
Security Access Manager for Enterprise Single Sign-On
NQ9o<I"^?OG#l/Hj<&5<P<NqJ
ps#
2 WG'Z (two-factor authentication). f<6<'Z
~K 2 WGrHQ9k3H#c(P"AccessAgent XN
m0*s~KQ9o<IH RFID +<IrHQ9k3
H#
AccessAdmin. I}THXkW&G9/4vT, IMS
Server NI}"*hSf<6<H]j7<NI}N?a
KHQ9k"Web Y<9NI}3s=<k#
AccessAgent. f<6< ID NI}"f<6<N'Z"
*hS7s0k&5$s*s/5$s*UN+0=rT&
/i$"sH&=UH&'"#
AccessAgent Wi0$s (AccessAgent plug-in). roN
+9?`!:^?O+9?`&"/7gsNBTN?a
74
Mobile ActiveCode O"IBM Security Access Manager
for Enterprise Single Sign-On G8.5l"f<6<NH
SEC^?O E a<k&"+&sHKG#9QCA5
lk#Predictive ActiveCode (os?$`&Q9o<I)
O"f<6<,\?sr!7?H-K OTP H</s+
i8.5lk#
eXAcMk^?OGP$9Hkg9kH"ActiveCodes
O-zJh 2 'ZWGrs!9k#
Clinical Context Object Workgroup (CCOW) (Clinical
Context Object Workgroup (CCOW)). r/I}H&K
*$FW2"Wj1<7gsVGpsrr99k?a
N"Ys@<KM87J$8`#
DB2®. jl<7gJk&G<?Y<9I}QN IBM
i$;s9&Wm0i`&U!_j<#
Enterprise Single Sign-On (ESSO). f<6<>*hS
X"9kqJps (Q9o<IJI) r 1 sXj9k@
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
1G"(s?<Wi$:KGWm$5l?9YFN"W
j1<7gsKm0*sG-ka+K:`#
ESSO GINA. J0O"Encentuate GINA (EnGINA) H
FPlF$?#IBM Security Access Manager for
Enterprise Single Sign-On GINA KO"'ZWGK}g
5l?f<6<&$s?<U'<9H"Q9o<INj
;CH&*W7gs*hSh 2 WGNP$Q9&*W
7gs,"k#
ESSO F:m0 (ESSO audit logs). 79F`&$Ys
H*hS~zNl3<I,^^lkm0&U!$k#
ESSO F:m0O IMS G<?Y<9K]I5lk#
ESSO qJps (ESSO credentials).
6<>*hSQ9o<I#
ISAM ESSO f<
ESSO qJpsWmP$@< (ESSO Credential
Provider). 3lO"Windows Vista H Windows 7 QN
IBM Security Access Manager for Enterprise Single
Sign-On GINA G"k#J0O"Encentuate qJpsW
mP$@< (EnCredentialProvider) HFPlF$?#
ESSO MCHo</&WmP$@< (ESSO Network
Provider). J0O"Encentuate MCHo</&WmP$
@< (EnNetworkProvider) HFPlF$?# Active
Directory 5<P<NqJpsr}87"=liNqJp
srHQ7Ff<6<r+0*K Wallet Km0*s5
;k AccessAgent b8e<k#
ESSO Q9o<I (ESSO password). f<6< Wallet
XN"/;9r]n9kQ9o<I#
IBM HTTP Server. Web 5<P<#IBM O"IBM
HTTP Server H$&>0N Web 5<P<rs!7F$
k#3N Web5<P<O"/i$"sH+iNWar
u1~lF""Wj1<7gs&5<P<K>w9k#
ID Wallet (identity wallet). f<6<N"/;9qJp
s*hSX"9kps (f<6< ID"Q9o<I"Z
@q"Ef0JI) r]I9k"]n5l?G<?&9
H"#Wallet HO"ID Wallet G"k#
IMS Server. (s?<Wi$:N;-e"&"/;9
I}Nf4@rs!9k ISAM ESSO N}gI}79
F`#3lKhj"f<6< ID"AccessProfiles"'Z
]j7<Nf{I},D=KJj"(s?<Wi$:N
;:I}"Z@qI}"*hSF:I}rT(k#
IMS Server Z@q (IMS Server Certificate). IBM
Security Access Manager for Enterprise Single Sign-On
GHQ5lk#IMS Server Z@qrHQ9kH"/i
$"sHO"IMS Server r1L7F'Z9k3H,G
-k#
IMS =.&#6<I (IMS Configuration Wizard). $
s9H<k~"I}TO3N&#6<IrHQ7F IMS
Server r=.9k#
IMS =.f<F#jF#< (IMS Configuration Utility)
. I}T, IMS Server N<LlYk=._jrI}G
-kh&K9k"IMS Server Nf<F#jF#<#
IMS 3M/?< (IMS Connector). IMS™ r0t79
F`K\37F"bP$k&"/F#V&3<IraC
;<8s0&2<H&'$KG#9QCA9k?aNb
8e<k#
IMS G<?&=<9 (IMS data source). IMS G<?
Y<9K"/;99k?aNljHQia<?<rjA
7? Websphere Application Server N=.*V8'/
H#
IMS G<?Y<9 (IMS Database). IMS Server ,
ESSO 79F`"^7s"*hSf<6<KX9kG<
?HF:m0r9YF]I9kjl<7gJk&G<?
Y<9#
IMS VjC8 (IMS Bridge). WmS8gKs0JIr
\*H7F IMS API rFSP9?aK"5<I&Q<
F#<=N"Wj1<7gsd79F`Kda~^lk
b8e<k#
IMS k<H CA (IMS Root CA). AccessAgent H IMS
Server VNHiU#C/r]n9k?aNZ@qKp>
9kk<H'ZI#
IP "Il9 (IP address). $s?<MCH&WmH3
kN8`,JrHQ9k"MCHo</eNGP$9^
?O@}uVNG-N"Il9#
iTag. 9YFNL?~jPC8^?ODMQ*V8'/
Hr"a\?GP$9 (/OJ'ZN?aKHQD=)
KQ9G-k"CvPjfNF/Nm8<#
Java Management Extensions (JMX). Java F/Nm8
<rp7F Java F/Nm8<NI}rT&jJN3
H#JMX O"I}QN Java Wm0i_s0@lNfK
P<5k+D*<WsJH%!=G"j"I},,WH
5lk9YFNH&GGWm$G-k#
Java >[^7s (JVM) (Java Virtual Machine
(JVM)). 3sQ$k5l? Java 3<I ("WlCH*
hS"Wj1<7gs) rBT9kWm;C5<N=U
H&'"Bu#
Java is?$`D- (JRE) (Java Runtime
Environment (JRE)). 8`*J Java WiCHU)<`
r=.9kfKNBTD=Wm0i`*hSU!$kr
^` Java Developer Kit N5V;CH# JRE KO"
Ql8
75
Java >[^7s (JVM)"3"&/i9"*hS5]<
H&U!$k,H_~^lF$k#
Lightweight Directory Access Protocol (LDAP).
TCP/IP rHQ7F X.500 bGkr5]<H9kG#l
/Hj<K"/;9G-kh&K9k*<Ws&WmH
3k#LDAP rHQ7F"$s?<MCH^?O$sH
iMCH&G#l/Hj<bNDM"H%"=N>Nj
=<9r+D1k3H,G-k#
Microsoft Cryptographic Application Programming
Interface (CAPI). 9^<H&+<IXN"/;9,D
=G"j"Ef!=rw(?b8e<kQN"Microsoft
Khk$s?<U'<9EM#
Mobile ActiveCode (MAC). Web Workplace d
AccessAssistant JIN"Wj1<7gsG 2 WG'Z
N?aKf<6<,HQ9kos?$`&Q9o<I#
3N OTP O"is@`K8.5l"SMS ^?O E a
<krL8Ff<6<KG#9QCA5lk#
OTP H</s. G8?k&79F`^?O*}q:
("k$O=N>}) XN"/;9rvD9k?aKjT,}CF$k".?GHS-K%l?O<I&'"&
GP$9#
SSO `\ (SSO-items). AccessAgent ,qJpsr}8
^?O+0~O9k]N"psNh@5NhLeNU#
<kI#Vps`\ (info-items)Wb2H#
Tivoli Common Reporting D<k (Tivoli Common
Reporting Tool). l]<HNn."+9?^$:"*
hSI},D=Jl]<Hn.3s]<MsH#
Tivoli Identity Manager "@W?< (Tivoli Identity
Manager Adapter). IBM Security Access Manager for
Enterprise Single Sign-On , Tivoli Identity Manager H
L.G-kh&K9kgp=UH&'"&3s]<Ms
H#
trust 5<S9&A'<s (trust service chain). 5^6
^Jb<I (!Z"^CW"/TJI) G0n9kb8
e<kNA'<s#
TTY. <v(_el<?<"<v"Wj1<7gs#>
NG#9Wl$&"<-F/Ac<bGSG*<vr(
_el<H9kWm0i`#V<vWH$&QlOL
o"3^sIT7'k^?OF-9H<vN1AlH7
FHolk,"3NQlO0iU#+k&$s?<U'
<9r^`9YFNjb<H<vr=93Hb"k#L
o"0iU#+k&f<6<&$s?<U'<9bN<
v(_el<?<O"<v&#sI&HFPlk#
PKCS#11. RSA &fj,jA7? Public Key
Cryptography Standard 11 O"Ef!=rBT9kGP
$9 (9^<H&+<IJI) KP9k$s?<U'<
9G"k#
Uniform Resource Identifier. j]*^?O*}*Jj
=<9r1L9k?aNJiJ8z9Hjs0#
RADIUS.
Visual Basic (VB). Microsoft ,s!9k$YsH&I
jVs&Wm0i_s0@l*hS}g+/D(IDE)#
Remote Authentication Dial-In User Service#
Secure Sockets Layer (SSL). L.Wi$P7<rs!
9k;-ejF#<&WmH3k# SSL rHQ9k
H"/i$"sH/5<P<&"Wj1<7gsO"p
0"~6s"*hSaC;<86$rI0h&K_W5
l?}!GL.9k3H,G-k#
Simple Mail Transfer Protocol (SMTP). $s?<MC
H&f<6<VGa<kN>wrT&?aN $s?<
MCH&"Wj1<7gs&WmH3k#
Simple Object Access Protocol (SOAP). XML Y<9
NaC;<8r3sTe<?<&MCHo</eGr9
9k?aNWmH3kG"LoO HTTP rHQ9k#
SOAP O"Web 5<S9&9?C/NU!&sG<7
gsXrA.7"hjj]*JXr=[G-kp\*J
aC;<8s0&Ul<`o</rs!9k#
SSL >[Wi$Y<H&MCHo</ (SSL VPN)
(Secure Sockets Layer virtual private network (SSL
VPN)). 8`N Web Vi&6<GHQG-kA0N
VPN#
76
Wallet. f<6<N"/;9qJps*hSX"ps
(f<6< ID"Q9o<I"Z@q"Ef0JI) r]
I9k ID Wallet#=l>l,"f<6<NDMQa?
G#l/Hj<H7F!=9k#qAKO"ID Wallet"
f<6< Wallet"^7s Wallet"qJps Wallet JI
,-\5lF$k#
Wallet -cC7s0 (Wallet caching). "Wj1<7
gsKP7F7s0k&5$s*srBT9klg"
AccessAgent O"f<6<qJps Wallet +im0*
sqJpsrh@9k#f<6<qJps Wallet O"
f<6<&^7sN-cC7eKJ<5lkH&K"
IMS Server KbB4K]I5lk#=N?a"f<6
<O"eGLN^7s+i IBM Security Access
Manager for Enterprise Single Sign-On Km0*s7?H
-Gb"+,N Wallet K"/;9G-k#
Wallet Q9o<I (Wallet Password).
/;9r]n9kQ9o<I#
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
Wallet XN"
Wallet ^M<8c< (Wallet manager). f<6<,D
MQ ID Wallet G"Wj1<7gsqJpsrI}Gkh&K9k IBM Security Access Manager for
Enterprise Single Sign-On GUI 3s]<MsH#
WS-Trust. Hi9H&bGkNUl<`o</rjA
7F Web5<S9VNHi9HrN)9k"Web 5<
S9&;-ejF#<EM#
Web Workplace. "Wj1<7gs4HKQ9o<I
r~O7J/Fb"js/r/jC/9k@1G(s?
<Wi$: Web "Wj1<7gsKm0*sG-k
Web Y<9N$s?<U'<9#3N$s?<U'<
9O"f<6<N{8N]<?k^?O SSL VPN H}
gG-k#
Web 5<P< (web server). Hypertext Transfer
Protocol (HTTP) WarI}G-k=UH&'"&Wm
0i`#IBM O"Apache rY<9H7? IBM HTTP
Server HFPlk Web 5<P<rs!7F$k#
Web 5<S9 (web service). b"?$WN+J-R?
b8ei<&"Wj1<7gsG"j"8`NMCHo
</&WmH3krHQ9k3HKhjMCHo</r
p7Fx+"!P"*hS/0G-k#Lo"G<?
O"XML rHQ7F?0U15lk#G<?r>w9
kH-O"SOAP ,HQ5lk#HQD=J5<S9K
D$F-R9kH-O WSDL ,HQ5l"HQD=J
5<S9rj9H9kH-O UDDI ,HQ5lk#
WebSphere Application Server. e-S8M9&"Wj1
<7gsNGWm$"}g"BT"*hSI},D=
J"Web 5<P<eGT/9k=UH&'"#
WebSphere Application Server WmU!$k
(WebSphere Application Server profile). WebSphere
Application Server NI}TNf<6<>HWmU!$
k#is?$`D-rjA9k#
WebSphere I}3s=<k (WebSphere Administrative
console). I}5<P<bNj=<9 Bean KP9ka
=CIFSP7rn.7FIa$sbNj=<9XN"
/;9^?Oj=<9NQ9rT&"0iU#+kJI
}Q Java "Wj1<7gs&/i$"sH#
Windows Terminal Services. jb<H&3sTe<?
<eN"Wj1<7gsHG<?KMCHo</P3G
"/;99k?aKf<6<,HQ9k Microsoft
Windows 3s]<MsH#
Windows M$F#VNf<6<NJWZjX(
(Windows native fast user switching). #tNf<6
<&"+&sHrW.KZjX(k3H,G-k
Windows XP N!=#
Windows m0*shL"Windows m0*s UI b<I
(Windows logon screen, Windows logon UI mode).
Windows G9/HCWKm0*s9k?aK"f<6<
,+,Nf<6<>HQ9o<Ir~O9khL#
Ql8
77
78
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
wz
|\l, tz, Qz, Cl8zN
gK[s5lF$^9#J*, y
;H>y;O6;H1yK7ol
F$^9#
N5TO
79F`&]j7<
qNN,'
qA vi
N^TO
"/;9"*si$s
m8
N"TO
"/;7SjF#< ix
*si$sqA
"/;9 ix
^7s
17
x
ix
p`
!w
14
16
?0
15
^7s&]j7<&FsWl<H
ix
N?TO
G#l/Hj<>"=-
o|
n.
12
13
_j
17
^Ke"k
2H' qA
xi
^Ke"kN4m8
N+TO
+9?`&$YsH
D-Qt"=- xi
ix
NJTO
30
F:l]<H 29
5]<H5lk@l 61
l]<H&?$W 61
l]<H&U)<^CH 61
Tivoli Common Reporting NHQ 61
F:m0 29
$YsH&3<I*hSkL3<IN
Q9 55
I}TN$YsH&m0*hSb@
55
79F`&m0 55
}8 29
HqkL 55
=( 30
XkW&G9/N$YsH&m0*h
Sb@ 55
f<6<N$YsH&m0*hSb@
55
m0Nw. 55
m0N?$W 55
m0N]I 55
description 29
I}?9/ 1
,'
qN x
vD3<I 24
&$
2H' Tivoli ;Q&$
&$"Tivoli ;Q ix
3sTe<?<&]j7<&FsWl<H
djvF 13
© Copyright IBM Corp. 2002, 2012
NdTO
'ZWG 19
:z 26
rd"djvF
f<6<
NOTO
Q9>"=- xi
Q9o<I&]j7<
=D-Qt
3
:z 4
f<6<&0k<W"Tivoli
19
xi
qN xi
Q9> xi
VC/
2H' qA
XkW&G9/
+0djvF 6
f<6<"djvF 4
Qt"=- xi
]j7<
"Wj1<7gs (application)
97 37
79F` 17
Xf 23
h 2 'ZWG 20
,Q 12
'Z5<S9 (authentication
service) 18
Q9o<I 19
Q9
8.0.1 +i 8.2 47
8.1 +i 8.2 39
RFID 23
Wallet 26
Wallet 'Z 26
]j7<&FsWl<H 7
o| 12
;CH"CW 8
ix
f<6<&WmU!$k"=( 5
f<6<&]j7<&FsWl<H
o| 12
n.
9
+0djvF
,Q 10
11
NiTO
18
l]<H"Tivoli Common Reporting D<
k
P<8gs 1.2 30
P<8gs 2.1 32
A
AccessAdmin
rd 3
m0*s 2
ActiveCodes
o| 25
HQD== 25
mC/ 25
I
IMS =.f<F#jF#<
35
79
T
Tivoli $sU)a<7gs&;s?<
Tivoli ;Q&$ ix
Tivoli f<6<&0k<W
ix
ix
W
Wallet
]j7< 26
mC/ 27
80
IBM® Security Access Manager for Enterprise Single Sign-On: I}T,$I
Printed in Japan
SC88-5930-02
Fly UP