TivoliAccessManager for EnterpriseSingleSign-On培训讲义：安装

<shapetype id="_x0000_t75" stroked="f" filled="f" path="m@4@5l@4@11@9@11@9@5xe" o:preferrelative="t" o:spt="75" coordsize="21600,21600"><stroke joinstyle="miter"></stroke><formulas><f eqn="if lineDrawn pixelLineWidth 0"></f><f eqn="sum @0 1 0"></f><f eqn="sum 0 0 @1"></f><f eqn="prod @2 1 2"></f><f eqn="prod @3 21600 pixelWidth"></f><f eqn="prod @3 21600 pixelHeight"></f><f eqn="sum @0 0 1"></f><f eqn="prod @6 1 2"></f><f eqn="prod @7 21600 pixelWidth"></f><f eqn="sum @8 21600 0"></f><f eqn="prod @7 21600 pixelHeight"></f><f eqn="sum @10 21600 0"></f></formulas><path o:connecttype="rect" gradientshapeok="t" o:extrusionok="f"></path><lock aspectratio="t" v:ext="edit"></lock></shapetype><shape id="_x0000_i1025" style="WIDTH: 146.25pt; HEIGHT: 41.25pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image001.emz"></imagedata></shape>

Introduction

This lab guide walks you through the setup of <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> E-SSO Provisioning Adapter with <stockticker><span lang="EN-US" twffan="done">IBM</span></stockticker> Tivoli Identity Manager Express 4.6 on a Windows 2003 Server system. Once you complete the steps outlined in this lab guide, you’ll have a fully functional environment which you can use to demonstrate the capabilities of ITAM E-SSO and ITIMx.

The lab is presented in three sections. In Part 1, you will install and configure <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> E-SSO to use Microsoft <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> as the repository for user credentials and configuration information.

Active Directory Application Mode (<stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker>) is a part of Microsoft’s integrated directory services available with Windows Server 2003, and is built specifically to address directory-enabled application scenarios. <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> runs as a non-operating-system service, and, as such, it does not require deployment on a domain controller.

In Part 2 of the lab, you will install the TAME-SSO Provisioning Adapter (future addition)

Finally, in Part 3 and Part 4 of the lab you will configure the provisioning adapter to integrate with ITIM Express 4.6. Then you will work through a demo scenario that shows the integration of the two products and the value it provides to customers looking to deploy an Identity Management and Desktop Single Sign on solution. (future addition)

ＰART ONE _______________________________________________________

Installing Microsoft Active Directory Application Mode Service

You are starting with a VMware image that is running Windows 2003 Server, FP 1. On this server, Identity Manager Express has already been installed. Details of this server are:

Hostname: ITIMServer

Adminstrator Name: Adminstrator

Password: <city><place><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">tivoli</span></strong></place></city>

Domain: ondemandinc.com

ITIMx URL: http://itimserver/itim/identity

Home Page: http://itimserver:81/homepage.html (running <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">IBM</span></strong></stockticker> HTTP server)

All installation files are located in the directory C:/Studentfiles/Install.

If it is not running, start the ITIMServer VMware image. Log into the server as Administrator.

Installing <stockticker><span lang="EN-US" style="FONT-STYLE: normal" twffan="done">ADAM</span></stockticker>

Microsoft recommends that <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> instances should not be installed on domain controllers. ITIMServer is a stand alone Windows 2003 Server.

1. Navigate to the C:/Studentfiles/Install/<stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> directory and launch the program ADAMSP1_x86_English.exe

Note: <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> is available as a free download from Microsoft’s download site. It is also part of Windows 2003 Server R2 and can be installed by accessing Windows Control Panel -> Add/Remove Programs.

2. The installation program begins. Click Next> to continue.

3. Accept the License Agreement. Click Next> to continue.

4. The installation program progresses…

5. Click Finish to complete the installation.

The <stockticker><span lang="EN-US" style="mso-bidi-font-weight: bold; mso-bidi-font-style: italic" twffan="done">ADAM</span></stockticker> program group has now been added to your system. You will now create an <stockticker><span lang="EN-US" style="mso-bidi-font-weight: bold; mso-bidi-font-style: italic" twffan="done">ADAM</span></stockticker> instance that will be used by TAMES.

6. Click on Programs -> <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">ADAM</span></strong></stockticker> -> Create an <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">ADAM</span></strong></stockticker> instance.

7. The setup wizard starts. Click Next > to continue.

8. Select the radio button for creating a unique instance. Click Next > to continue.

9. Provide an instance name. Use TAMES as the instance name. Click Next > to continue.

10. The first available ports are selected as the defaults. Port 50001 is selected as we have an instance of LDAP listening on port 389 already. The SSL port will not be used for this lab. Click Next > to continue.

11. You will create an application directory partition for the SSO data. Name the partition OU=SSOPartition,dc=ondemandinc,dc=com

Click Next > to continue.

<shape id="_x0000_i1038" style="WIDTH: 280.5pt; HEIGHT: 214.5pt" type="#_x0000_t75" o:borderrightcolor="this" o:borderbottomcolor="this" o:borderleftcolor="this" o:bordertopcolor="this"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image027.png"></imagedata><bordertop type="threeDEmboss" width="12"></bordertop><borderleft type="threeDEmboss" width="12"></borderleft><borderbottom type="threeDEmboss" width="12"></borderbottom><borderright type="threeDEmboss" width="12"></borderright></shape>

12. Use the defaults for the location of the data files and the recovery files. Click Next > to continue.

13. Accept the default for using the Network service account to perform <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> operations. Click Next > to continue.

The following pop-up will appear.

14. Click Yes to continue as we will not be using replication with other <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> instances in this lab.

15. Accept the default to use the currently logged on user for <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> administration. Click Next > to continue.

16. You do not need to import any LDIF information so click Next > to continue.

17. Click Next > to complete the instance installation.

18. Click Finish to complete the installation.

Configuring the <stockticker><span lang="EN-US" style="FONT-STYLE: normal" twffan="done">ADAM</span></stockticker> Instance

First we will create two Windows groups that will be used in this lab for the SSO configuration.

1. <shape id="_x0000_s1027" style="MARGIN-TOP: 0px; Z-INDEX: -6; LEFT: 0px; MARGIN-LEFT: 0px; WIDTH: 78pt; POSITION: absolute; HEIGHT: 59.25pt; TEXT-ALIGN: left; mso-position-horizontal: left" type="#_x0000_t75" wrapcoords="-208 0 -208 21327 21600 21327 21600 0 -208 0"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image041.png"></imagedata><wrap type="tight"></wrap></shape>Click on the shortcut on your desktop to launch the Users and Groups MMC plugin.

2. Right click on Groups container and select New Group…

3. Create two new groups, SSO Admins and SSO Users. Any user that is going to use <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> E-SSO will need to be a member of this windows group.

4. At this time, also add the Administrator account to the SSO Users group, so you will be able to use this account as and end-user account to test with. Right click on the Administrator User account to display the properties for the user. Then add SSO Users to the Member of tab.

5. You are ready to move on to the next task customizing <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker>. Close the User and Group management window.

ADAM can be managed using the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> ADSI Editor. Next you will create a connection to your <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> instance.

6. Start the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> ADSI editor by selecting Programs => <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">ADAM</span></strong></stockticker> => <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">ADAM</span></strong></stockticker> ADSI Edit

7. Right click on the <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">ADAM</span></strong></stockticker> ADSI Edit container and select Connect to…

8. Complete the Connection Settings Window as follows:

<shape id="_x0000_s1026" style="MARGIN-TOP: 13.1pt; Z-INDEX: 1; MARGIN-LEFT: 225pt; WIDTH: 3in; POSITION: absolute; HEIGHT: 223.5pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image055.png"><font face="Times New Roman" size="3"></font></imagedata></shape>Connection Name: TAMES <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker>

Connection

Server Name: itimserver

Port: 50001

Naming context: Configuration

Credentials: the account of the

Currently logged on

User.

Then, click OK to continue.

9. Expand the containers so your window looks like the above. Click on the CN=Partitions container. Notice the container we specified when we created the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> instance; it is the first entry in the list. Right click on the OU=SSOPartition entry.

<shape id="_x0000_i1052" style="WIDTH: 6in; HEIGHT: 81.75pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image059.png"><font face="Times New Roman" size="3"></font></imagedata></shape>

10. Select New Connection to Naming Context.

11. Expand the new container entry created. Your window should now look like this.

Next you will specify rights available to new Windows groups you just created within the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> instance. You will use the two Windows groups you created, SSO Admins and SSO Users.

12. Click on CN=Roles in the upper part of the tree.

13. Right click on the CN=Administrators group and bring up the Properties window.

14. Select the member attribute then click the Edit button.

15. Next click the Add Windows Account button.

16. Click the OK button.

Your results should look like this.

17. On this window and the next window, then click OK to return to the ADSI Edit window.

Still in the top part of the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> ADSI Edit tree, you will add the SSO Users group to both the CN=Readers and CN=Users groups. Follow the steps you just did for the SSO Admin group.

18. Click on CN=Readers in the CN=Roles container in the top part of the tree. Double-click to bring up the properties page. Select the member attribute, then click the Edit button.

19. Click on the Add Windows account button. Add the SSO Users group to this attribute.

20. Your window should look like the above. Click OK to close the window. Click OK again to close the Properties window.

21. Click on the role CN=Users. Add the group SSO Users to the member attribute as done is the previous step.

22. Now click on the CN=Roles container in the bottom portion of the tree.

Complete the following:

1. Add SSO Admins group to CN=Administrators group membership.
2. Add SSO Users group to CN=Readers group membership.
3. Add SSO Users grop to CN=Users group membership.

This completes the configuration of <stockticker><span class="Char1" twffan="done"><span lang="EN-US" style='FONT-WEIGHT: normal; FONT-STYLE: normal; FONT-FAMILY: "Times New Roman"; mso-ansi-font-size: 12.0pt; mso-bidi-font-size: 12.0pt' twffan="done">ADAM</span></span></stockticker> using the <stockticker><span class="Char1" twffan="done"><span lang="EN-US" style='FONT-WEIGHT: normal; FONT-STYLE: normal; FONT-FAMILY: "Times New Roman"; mso-ansi-font-size: 12.0pt; mso-bidi-font-size: 12.0pt' twffan="done">ADAM</span></span></stockticker> ADSI Editor. You can close the application.

The installation and configuration of <stockticker><span class="Char1" twffan="done"><span lang="EN-US" style='FONT-WEIGHT: normal; FONT-STYLE: normal; FONT-FAMILY: "Times New Roman"; mso-ansi-font-size: 12.0pt; mso-bidi-font-size: 12.0pt' twffan="done">ADAM</span></span></stockticker> is now complete. So far you have

created an <stockticker><span lang="EN-US" style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: EN-US" twffan="done">ADAM</span></stockticker> instance and container for <stockticker><span lang="EN-US" style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: EN-US" twffan="done">TAM</span></stockticker>-ESSO to store information. All of the <stockticker><span lang="EN-US" style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: EN-US" twffan="done">TAM</span></stockticker>-ESSO data will be stored inside the <stockticker><span lang="EN-US" style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: EN-US" twffan="done">ADAM</span></stockticker> directory just created. You are now going to install the <stockticker><span lang="EN-US" style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: EN-US" twffan="done">TAM</span></stockticker>-ESSO application. _______________________________________________________

Installing and Configuring <stockticker><span class="Char1" twffan="done"><span lang="EN-US" style="FONT-SIZE: 14pt; FONT-STYLE: normal; mso-bidi-font-style: italic" twffan="done">TAM</span></span></stockticker> E-SSO

Now that the repository is created that will store the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> E-SSO data, the following tasks must be completed to build our demonstration environment:

Ø Install the <stockticker><span lang="PT-BR" style="mso-ansi-language: PT-BR" twffan="done">TAM</span></stockticker> ESSO Console

Ø Configure the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> ESSO Console to use the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> repository

Ø Install the TAME ESSO Client

Ø Configure the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> Synchronizer

Ø Run the First Time Setup for the Client

Ø Verify the communications between the client and the repository.

This section provides you with step by step instructions to complete each of these tasks.

Installing the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> E-SSO Administrative Console

1. Navigate to the directory c:/Studentfiles/Install/TAMES.

2. Launch the program <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">IBM</span></strong></stockticker> Tivoli Access Manager for Enterprise Single Sign-On Admin Console.exe

3. Choose your language and click OK…

4. Click Next to continue…

5. Accept the license agreement and click Next to continue…

6. Select ∙Complete and click Next to continue…

<shape id="_x0000_i1070" style="WIDTH: 225pt; HEIGHT: 168pt" type="#_x0000_t75" o:borderrightcolor="silver" o:borderbottomcolor="silver" o:borderleftcolor="silver" o:bordertopcolor="silver"><font size="3"><font face="Times New Roman"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image095.png"></imagedata><bordertop type="single" width="18"></bordertop><borderleft type="single" width="18"></borderleft><borderbottom type="single" width="18"></borderbottom><borderright type="single" width="18"></borderright></font></font></shape>

7. Then click the Install button.

8. Click Finish to complete the installation.

Configuring the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> E-SSO Console to Use the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> Repository

This task will prepare the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> repository to properly store the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> E-SSO data. The steps in this section will add the attributes and objectclasses need for <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> E-SSO

1. Start the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> E-SSO Console.

Start → Programs → <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="PT-BR" style="mso-ansi-language: PT-BR" twffan="done">IBM</span></strong></stockticker> → <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="PT-BR" style="mso-ansi-language: PT-BR" twffan="done">TAM</span></strong></stockticker> E-SSO → <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="PT-BR" style="mso-ansi-language: PT-BR" twffan="done">TAM</span></strong></stockticker> E-SSO Console

2. Click on Repository → Extend Schema

3. Complete the connection details as follows:

Server Name: itimserver

Repository Type: Microsoft <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker>

Port: 50001

De-select the checkbox for SSL – we will NOT use SSL for our demo

Username: Administrator

Password: <city><place><span lang="EN-US" twffan="done">tivoli</span></place></city>

Then click OK to continue…

<shape id="_x0000_i1075" style="WIDTH: 168pt; HEIGHT: 151.5pt" type="#_x0000_t75" o:borderrightcolor="silver" o:borderbottomcolor="silver" o:borderleftcolor="silver" o:bordertopcolor="silver"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image105.png"></imagedata><bordertop type="single" width="18"></bordertop><borderleft type="single" width="18"></borderleft><borderbottom type="single" width="18"></borderbottom><borderright type="single" width="18"></borderright></shape> The task should complete SUCCESSFUL.

4. Click Close to continue …

5. Click on Repository at the bottom of the left pane and then the Click here to connect link.

6. Complete the connection details, then click OK.

7. In the right pane on the screen, navigate to the OU=<place><city><span lang="EN-US" twffan="done">SSPartition</span></city><span lang="EN-US" twffan="done">,</span><state><span lang="EN-US" twffan="done">DC</span></state></place>=ondemandinc,DC=com object. Right click on the object and select Configure E-SSO Support.

8. Choose Administrative Console button, then choose Standard mode. Click Next to continue…

9. Take the default, ∙Do Not send apps and click Next to continue. Then click Finish.

<shape id="_x0000_i1083" style="WIDTH: 6in; HEIGHT: 204.75pt" type="#_x0000_t75" o:borderrightcolor="silver" o:borderbottomcolor="silver" o:borderleftcolor="silver" o:bordertopcolor="silver"><font size="3"><font face="Times New Roman"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image121.png"></imagedata><bordertop type="single" width="18"></bordertop><borderleft type="single" width="18"></borderleft><borderbottom type="single" width="18"></borderbottom><borderright type="single" width="18"></borderright></font></font></shape>

The result will be that the OU=People container will be created under the

OU=SSOPartition,DC=ondemandinc,DC=com container. The OU=People container will be where our users store their username/password credentials.

<shape id="_x0000_i1084" style="WIDTH: 348pt; HEIGHT: 127.5pt" type="#_x0000_t75" o:borderrightcolor="silver" o:borderbottomcolor="silver" o:borderleftcolor="silver" o:bordertopcolor="silver"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image123.png"></imagedata><bordertop type="single" width="18"></bordertop><borderleft type="single" width="18"></borderleft><borderbottom type="single" width="18"></borderbottom><borderright type="single" width="18"></borderright></shape>

Note, to view the containers, make sure that both the Show User Credential Containers and the Show Users items are checked under the Repository menu as shown above.

10. Click on the container OU=<place><city><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">SSOPartition</span></strong></city><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">,</span></strong><state><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">DC</span></strong></state></place>=ondemandinc,DC=com to highlight it.

Right click on the container and select New Container from the drop down menu.

11. Create a container named SSOConfig. This is where the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> ESSO application templates will be stored. Click OK to create the container.

You now have two containers created to store the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> ESSO data. Next you will install the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> ESSO Client and configure synchronization. You can minimize the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> ESSO console while you perform the steps in the next section.

Installing the TAMESSO Client

Next you will install the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> ESSO client which will communicate with the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> repository. You need to do a custom installation to make sure the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> synchronizer gets selected.

Navigate to the c:/Studentfiles/Install/TAMES directory.

1. Launch the program <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">IBM</span></strong></stockticker> Tivoli Access Manager for <city><place><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">Enterprise</span></strong></place></city> Single Sign-Onv5.0MLE.exe. Complete the following installation steps…

then, select the language…

then select Next to continue…

then accept the license...

2. Select a Custom installation. This is required to select the correct synchronizer

<shape id="_x0000_i1090" style="WIDTH: 282pt; HEIGHT: 213.75pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image141.png"><font face="Times New Roman" size="3"></font></imagedata></shape>

3. Expand the Logon Methods folder. Make sure Windows Logon is selected.

4. Next, expand the Extensions folder and then the Synchronization Manager folder. Select the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> Synchronizer menu and select This feature will be installed on the local hard drive from the list. This will change the <shape id="_x0000_i1092" style="WIDTH: 20.25pt; HEIGHT: 11.25pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image145.png"></imagedata></shape>to <shape id="_x0000_i1093" style="WIDTH: 25.5pt; HEIGHT: 12pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image147.png"></imagedata></shape>and install the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> synchronizer.

　Click Next to continue with the installation.

　　

Click the Install button to

　　start the installation.

　　Click Finish to complete the installation.

Ｃonfigure the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> Synchronizer

In this section you will configure the Global Agent settings for theADAM synchronizer with the connection parameters to our <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> directory.

Return to the TAME ESSO Administration Console. You will need to close and restart the console to pick up the new registry information.

<shape id="_x0000_i1094" style="WIDTH: 352.5pt; HEIGHT: 172.5pt" type="#_x0000_t75" o:borderrightcolor="silver" o:borderbottomcolor="silver" o:borderleftcolor="silver" o:bordertopcolor="silver"><font size="3"><font face="Times New Roman"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image153.png"></imagedata><bordertop type="single" width="18"></bordertop><borderleft type="single" width="18"></borderleft><borderbottom type="single" width="18"></borderbottom><borderright type="single" width="18"></borderright></font></font></shape>

1. Click on the object Global Agent Settings.

2. Right click and from the menu and select Import → From Live HKLM. What you have just done is to load the local machine’s necessary registry settings into the SSO Admin console. The next step is to configure the Global Agent/Registry settings using the SSO Administrative Console.

3. Expand the Global Agent Settings → Live keys and expand Synchronization as shown above.

There are three (3) things that you need to have configured at a minimum to allow the agent to properly communicate with the <stockticker><span lang="EN-US" style="mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: EN-US" twffan="done">ADAM</span></stockticker> instance:

<shape id="_x0000_i1097" style="WIDTH: 6in; HEIGHT: 334.5pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image159.png"><font face="Times New Roman" size="3"></font></imagedata></shape>

4. Click on Synchronization to display the Synchronization properties. Enable role/group security (select the check box) and select Use role/group security from the list.

Next, select Required under the ADAMSyncExt object.

<shape id="_x0000_i1098" style="WIDTH: 6in; HEIGHT: 311.25pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image161.png"><font face="Times New Roman" size="3"></font></imagedata></shape>

Next, you need to specify the server where the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> directory is running.

5. Click on the check box for Servers and then click on the icon <shape id="_x0000_i1099" style="WIDTH: 24pt; HEIGHT: 24pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image163.png"></imagedata></shape>to get the input popup window. In the window, type the server name and the port number that <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> is listening on. Enter itimserver:50001 in the input box and click OK to continue.

6. Next, select Tools →Write Global Agent Settings to HKLM to save the configuration.

Next you will test that the synchronization is working and users are able to write their credentials to the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> repository.

You will now go through the first time SSO Adapter setup.

1. Select Programs → <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="PT-BR" style="mso-ansi-language: PT-BR" twffan="done">IBM</span></strong></stockticker> → <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="PT-BR" style="mso-ansi-language: PT-BR" twffan="done">TAM</span></strong></stockticker> E-SSO → <stockticker><strong style="mso-bidi-font-weight: normal"><span lang="PT-BR" style="mso-ansi-language: PT-BR" twffan="done">TAM</span></strong></stockticker> E-SSO. This will start the First Time User Setup Wizard.

<shape id="_x0000_i1102" style="WIDTH: 198.75pt; HEIGHT: 156.75pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image169.png"></imagedata></shape> Click Next to continue...

<shape id="_x0000_i1103" style="WIDTH: 197.25pt; HEIGHT: 156pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image171.png"></imagedata></shape> Click Next to continue again...

2. Windows Logon is the defaults to the primary login authentication method. Click Next to continue.

3. Enter the Administrator’s password, which is <city><place><em style="mso-bidi-font-style: normal"><span lang="EN-US" twffan="done">tivoli</span></em></place></city>

4. Click Finish to complete the client setup.

Now return to the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> ESSO Console. Let’s verify that the user’s credentials were written to the <stockticker><span lang="EN-US" twffan="done">ADAM</span></stockticker> repository in the containers created earlier

5. Connect to the repository.

6. Expand the ou=<place><city><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">SSOConfig</span></strong></city><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">,</span></strong><state><strong style="mso-bidi-font-weight: normal"><span lang="EN-US" twffan="done">DC</span></strong></state></place>=ondemandinc,DC=com container, then the OU=People container

<shape id="_x0000_i1108" style="WIDTH: 356.25pt; HEIGHT: 212.25pt" type="#_x0000_t75" o:borderrightcolor="silver" o:borderbottomcolor="silver" o:borderleftcolor="silver" o:bordertopcolor="silver"><font size="3"><font face="Times New Roman"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image181.png"></imagedata><bordertop type="single" width="18"></bordertop><borderleft type="single" width="18"></borderleft><borderbottom type="single" width="18"></borderbottom><borderright type="single" width="18"></borderright></font></font></shape>

Note that the credentials have been store for the user Administrator.

The next objective is to publish application templates and policies to the Repository. The steps in this section will allow you to centrally manage application templates, authentication policies, and TAMESSO settings.

The steps in this section are implemented whenever adding or changing application templates or policies in the user repository. The SSO Adapter will periodically pull this information from the repository in order to keep a local cache of the end user’s credentials and supported application templates in the user’s desktop.

Now let’s create an application template and verify the synchronizer is working.

<shape id="_x0000_i1109" style="WIDTH: 351.75pt; HEIGHT: 274.5pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image183.png"><font face="Times New Roman" size="3"></font></imagedata></shape>

7. In the console, navigate to the Applications container. Then click on the Add button to add a new application.

8. Choose Adobe Acrobat Reader from the Application drop down list. At this point we are simply interested in testing that the synchronization works. As a rule of thumb, using a simple application that doesn’t require any authentication should suffice and Acrobat Reader is perfect for this purpose.

9. 3. After pressing the Finish button, you will now see an object called Adobe Acrobat Reader in the left-hand pane of the Console.

<shape id="_x0000_i1112" style="WIDTH: 327.75pt; HEIGHT: 137.25pt" type="#_x0000_t75" o:borderrightcolor="silver" o:borderbottomcolor="silver" o:borderleftcolor="silver" o:bordertopcolor="silver"><font size="3"><font face="Times New Roman"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image189.png"></imagedata><bordertop type="single" width="18"></bordertop><borderleft type="single" width="18"></borderleft><borderbottom type="single" width="18"></borderbottom><borderright type="single" width="18"></borderright></font></font></shape>

10. Naviagate to the Repository view, and in the right-hand pane, right-click the new container object OU=SSOConfig and select Configure E-SSO Support from the pop-up menu.

11. Select the Administrative Console button, then Advanced mode and click Next to continue

12. Click the Add All button in the Applications section. Adobe Reader appears in the list. Click Next to continue.

<shape id="_x0000_i1116" style="WIDTH: 199.5pt; HEIGHT: 243.75pt" type="#_x0000_t75" o:borderrightcolor="silver" o:borderbottomcolor="silver" o:borderleftcolor="silver" o:bordertopcolor="silver"><font size="3"><font face="Times New Roman"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image197.png"></imagedata><bordertop type="single" width="18"></bordertop><borderleft type="single" width="18"></borderleft><borderbottom type="single" width="18"></borderbottom><borderright type="single" width="18"></borderright></font></font></shape>

13. Now click the Finish button to complete the operation. When the Wizard completes, the Administrative Console should display a new Adobe Acrobat Reader under the OU=SSOConfig container as shown below.

14. At this point you should also save the settings back to the registry. Click on Tools →Write Global Agent Settings to HKLM to save the configuration.

15. Return to the <stockticker><span lang="EN-US" twffan="done">TAM</span></stockticker> E-SSO client and open the Logon Manager.

<shape id="_x0000_i1118" style="WIDTH: 189pt; HEIGHT: 84.75pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image201.png"><font face="Times New Roman" size="3"></font></imagedata></shape>

<shape id="_x0000_i1119" style="WIDTH: 327pt; HEIGHT: 183pt" type="#_x0000_t75"><imagedata o:title="" src="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image203.png"><font face="Times New Roman" size="3"></font></imagedata></shape>

16. Click the Refresh button first to synchronize with the repository, then click the Add, Add a log on button

17. In the application list, you should see Adobe Acrobat reader if the synchronizer is working. Cancel out of this window as this was only to test the client / server synchronization.

PART TWO _______________________________________________________

Installing the <stockticker><span class="Char1" twffan="done"><span lang="EN-US" style="FONT-SIZE: 14pt; FONT-STYLE: normal; mso-bidi-font-style: italic" twffan="done">TAM</span></span></stockticker> E-SSO Provisioning Adapter

(To be completed when 6.0 is GA)

PART THREE _______________________________________________________

Integrating the <stockticker><span class="Char1" twffan="done"><span lang="EN-US" style="FONT-SIZE: 14pt; FONT-STYLE: normal; mso-bidi-font-style: italic" twffan="done">TAM</span></span></stockticker> E-SSO Provisioning Adapter with ITIM Express 4.6

(To be completed when 6.0 is GA)

PART Four _______________________________________________________

Demonstrating the Provisioning Adapter with ITIM Express 4.6

(To be completed when 6.0 is GA)