Introduction
This lab guide walks you through the setup of TAM E-SSO Provisioning Adapter with IBM Tivoli Identity Manager Express 4.6 on a Windows 2003 Server system. Once you complete the steps outlined in this lab guide, you’ll have a fully functional environment which you can use to demonstrate the capabilities of ITAM E-SSO and ITIMx.
The lab is presented in three sections. In Part 1, you will install and configure TAM E-SSO to use Microsoft ADAM as the repository for user credentials and configuration information.
Active Directory Application Mode ( ADAM ) is a part of Microsoft’s integrated directory services available with Windows Server 2003, and is built specifically to address directory-enabled application scenarios. ADAM runs as a non-operating-system service, and, as such, it does not require deployment on a domain controller.
In Part 2 of the lab, you will install the TAME-SSO Provisioning Adapter (future addition)
Finally, in Part 3 and Part 4 of the lab you will configure the provisioning adapter to integrate with ITIM Express 4.6. Then you will work through a demo scenario that shows the integration of the two products and the value it provides to customers looking to deploy an Identity Management and Desktop Single Sign on solution. (future addition)
PART ONE _______________________________________________________
Installing Microsoft Active Directory Application Mode Service
You are starting with a VMware image that is running Windows 2003 Server, FP 1. On this server, Identity Manager Express has already been installed. Details of this server are:
Hostname: ITIMServer
Adminstrator Name: Adminstrator
Password: tivoli
Domain: ondemandinc.com
ITIMx URL: http://itimserver/itim/identity
Home Page: http://itimserver:81/homepage.html (running IBM HTTP server)
All installation files are located in the directory C:/Studentfiles/Install.
If it is not running, start the ITIMServer VMware image. Log into the server as Administrator.
Installing ADAM
Microsoft recommends that ADAM instances should not be installed on domain controllers. ITIMServer is a stand alone Windows 2003 Server.
1. Navigate to the C:/Studentfiles/Install/ ADAM directory and launch the program ADAMSP1_x86_English.exe
Note: ADAM is available as a free download from Microsoft’s download site. It is also part of Windows 2003 Server R2 and can be installed by accessing Windows Control Panel -> Add/Remove Programs.
2. The installation program begins. Click Next> to continue.
3. Accept the License Agreement. Click Next> to continue.
4. The installation program progresses…
5. Click Finish to complete the installation.
The ADAM program group has now been added to your system. You will now create an ADAM instance that will be used by TAMES.
6. Click on Programs -> ADAM -> Create an ADAM instance.
7. The setup wizard starts. Click Next > to continue.
8. Select the radio button for creating a unique instance. Click Next > to continue.
9. Provide an instance name. Use TAMES as the instance name. Click Next > to continue.
10. The first available ports are selected as the defaults. Port 50001 is selected as we have an instance of LDAP listening on port 389 already. The SSL port will not be used for this lab. Click Next > to continue.
11. You will create an application directory partition for the SSO data. Name the partition OU=SSOPartition,dc=ondemandinc,dc=com
Click Next > to continue.
12. Use the defaults for the location of the data files and the recovery files. Click Next > to continue.
13. Accept the default for using the Network service account to perform ADAM operations. Click Next > to continue.
The following pop-up will appear.
14. Click Yes to continue as we will not be using replication with other ADAM instances in this lab.
15. Accept the default to use the currently logged on user for ADAM administration. Click Next > to continue.
16. You do not need to import any LDIF information so click Next > to continue.
17. Click Next > to