Configuring ISAM ESSO with ISIM.

Configuring ISAM ESSO with ISIM.

1) As ISAM ESSO is a TDI based adapter, make sure only one instance of TDI is running on the box where you are configuring ISAM ESSO. In my case, there were two instances which results in communication error.

2) Also as part of configuration, in the ISAM ESSO Adapter document he has mentioned configuring the SSL between the Dispatcher and IMS is an optional step. But without the SSL configuration, you cannot integrate ISAM ESSO with ISIM.

Following are the steps to be followed while configuring ISAM ESSO with ISIM.

1) Copy SAMESSOConnector.jar file from the installation package to the TivoliDirectory Integrator directory. The location depends on your operating system. For Windows: ITDI_HOME\jars\connectors

2) Configure the IBM Security Access Manager Enterprise Single Sign-On IMS Server.

a) Start the IMS Configuration Utility.

b) Click IMS Bridges on the left side under Advanced settings.

c) Select IMS Bridge from the Add configuration group drop-down box and Click Configure.

d) Define a name and an IMS Bridge password, a shared secret, in the available test input boxes.

e) Enter an IMS Bridge IP address value. This address is the IP address of the systems on which Tivoli Directory Integrator is installed.

f) Click Add. Set the value for IMS Bridge Type to Provisioning.

g) Click Add.. Log on to IBM Security Access Manager Enterprise Single Sign-On AccessAdmin.

h) Navigate to System Policies > Sign up Policies > Option for specifying secret. Choose Secret not required.

i) Click Update.

j) At the WebSphere console, restart the IMS Server application for the changes to take effect.

3) Configure the SSL connection between Dispatcher and the IMS Server

a) Go to https://SAM_ESSO_server/. The SAM_ESSO_server is the IMS Server hostname.

b) View the certificate. Click SSL lock. If your browser reports that revocation information is not available, click View Certificate. Click Certification Path. Select the CA Root certificate. Export the certificate into a file encoded in the Base64 format.

c)  If the Dispatcher already has a configured keystore, use the keytool.exe program to import the IMS Server certificate. If the keystore is not configured, create it by running the following command from a command prompt. Type the command on a single line.

keytool -import -alias ims -file c:\TAMESSO.cer -keystore c:\truststore.jks –storepass passw0rd

d) Edit ITDI_HOME/timsol/solution.properties file to specify truststore and keystore information.

è javax.net.ssl.trustStore=truststore.jks

è javax.net.ssl.trustStorePassword=passw0rd

è javax.net.ssl.trustStoreclass=jks

e) After modifying the solution.properties file, restart the RMI Dispatcher. And then Import the adapter profile into the IBM Security Identity Manager server.