Configuring Strong Authentication With IBM Tivoli Access Manager For .
Front coverConfiguring Strong Authenticationwith IBM Tivoli Access Managerfor Enterprise Single Sign-OnDetails on external authentication factors forsmartcards, Mobile ActiveCode, and RFID cardsDetails on biometric authentication forfingerprint recognitionHands-on details on completeconfigurationAxel BueckerAbdul BakiMatthew Boultibm.com/redbooksRedpaper
International Technical Support OrganizationConfiguring Strong Authentication with IBM TivoliAccess Manager for Enterprise Single Sign-OnDecember 2011REDP-4808-00
Note: Before using this information and the product it supports, read the information in “Notices” on page v.First Edition (December 2011)This edition applies to IBM Tivoli Access Manager for Enterprise Single Sign-On V8.1.This document created or updated on December 15, 2011. Copyright International Business Machines Corporation 2011. All rights reserved.Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP ScheduleContract with IBM Corp.
ContentsNotices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .vTrademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiThe team who wrote this paper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiNow you can become a published author, too! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiComments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiStay connected to IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiChapter 1. Configuring authentication to use smart cards. . . . . . . . . . . . . . . . . . . . . . . 11.1 Prerequisite environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.2 Testing smart card compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.3 Configuring the certificate authority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.4 Importing the CA root certificate to the IBM HTTP Server truststore, part 1 . . . . . . . . . . 71.5 Importing the CA root certificate to the IBM HTTP Server trust store, part 2 . . . . . . . . . 91.6 Enabling two-way SSL on IBM HTTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161.7 Creating IMS policies for smart card use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171.8 Assigning the new template to the client workstation . . . . . . . . . . . . . . . . . . . . . . . . . . 201.9 Modifying user default template to accept smart cards for authentication . . . . . . . . . . 201.10 Issuing a certificate to a smart card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221.11 Registering a smart card to user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Chapter 2. Configuring authentication to use radio frequency identification cards .2.1 Prerequisite environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.2 Creating and assigning the RFID machine policy template. . . . . . . . . . . . . . . . . . . . . .2.3 Creating an authentication code for the user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.4 Registering the RFID card to the user. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3132323536Chapter 3. Configuring authentication to use fingerprint recognition. . . . . . . . . . . . .3.1 Prerequisite environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.2 Configuring the IMS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.3 Creating and assigning fingerprint machine policy template . . . . . . . . . . . . . . . . . . . . .3.4 Updating the user template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.5 Enrolling the user’s fingerprint for authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394040414548Chapter 4. Configuring authentication to use Mobile ActiveCode as aone-time password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.1 Prerequisite environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.2 Creating the messaging connector for email. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.3 Configuring the AccessAssistant to use MAC as second factor authentication . . . . . .4.4 Configuring the user account for MAC use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.5 Logging on with MAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51525258626566Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .IBM Redbooks publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67676767 Copyright IBM Corp. 2011. All rights reserved.iii
ivConfiguring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
NoticesThis information was developed for products and services offered in the U.S.A.IBM may not offer the products, services, or features discussed in this document in other countries. Consultyour local IBM representative for information on the products and services currently available in your area. Anyreference to an IBM product, program, or service is not intended to state or imply that only that IBM product,program, or service may be used. Any functionally equivalent product, program, or service that does notinfringe any IBM intellectual property right may be used instead. However, it is the user's responsibility toevaluate and verify the operation of any non-IBM product, program, or service.IBM may have patents or pending patent applications covering subject matter described in this document. Thefurnishing of this document does not give you any license to these patents. You can send license inquiries, inwriting, to:IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785 U.S.A.The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATIONPROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS ORIMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer ofexpress or implied warranties in certain transactions, therefore, this statement may not apply to you.This information could include technical inaccuracies or typographical errors. Changes are periodically madeto the information herein; these changes will be incorporated in new editions of the publication. IBM may makeimprovements and/or changes in the product(s) and/or the program(s) described in this publication at any timewithout notice.Any references in this information to non-IBM websites are provided for convenience only and do not in anymanner serve as an endorsement of those websites. The materials at those websites are not part of thematerials for this IBM product and use of those websites is at your own risk.IBM may use or distribute any of the information you supply in any way it believes appropriate without incurringany obligation to you.Information concerning non-IBM products was obtained from the suppliers of those products, their publishedannouncements or other publicly available sources. IBM has not tested those products and cannot confirm theaccuracy of performance, compatibility or any other claims related to non-IBM products. Questions on thecapabilities of non-IBM products should be addressed to the suppliers of those products.This information contains examples of data and reports used in daily business operations. To illustrate themas completely as possible, the examples include the names of individuals, companies, brands, and products.All of these names are fictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.COPYRIGHT LICENSE:This information contains sample application programs in source language, which illustrate programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programs inany form without payment to IBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operating platform for which the sampleprograms are written. These examples have not been thoroughly tested under all conditions. IBM, therefore,cannot guarantee or imply reliability, serviceability, or function of these programs. Copyright IBM Corp. 2011. All rights reserved.v
TrademarksIBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business MachinesCorporation in the United States, other countries, or both. These and other IBM trademarked terms aremarked on their first occurrence in this information with the appropriate symbol ( or ), indicating USregistered or common law trademarks owned by IBM at the time this information was published. Suchtrademarks may also be registered or common law trademarks in other countries. A current list of IBMtrademarks is available on the Web at http://www.ibm.com/legal/copytrade.shtmlThe following terms are trademarks of the International Business Machines Corporation in the United States,other countries, or both:DB2 IBM IMS Redbooks Redpaper Redpapers Redbooks (logo)Tivoli WebSphere The following terms are trademarks of other companies:Microsoft, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States,other countries, or both.Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, IntelSpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or itssubsidiaries in the United States and other countries.Other company, product, or service names may be trademarks or service marks of others.viConfiguring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
PrefaceIBM Tivoli Access Manager for Enterprise Single Sign-On automates sign-on and accessto enterprise applications, eliminating the need to remember and manage user names andpasswords. Users log on to Tivoli Access Manager for Enterprise Single Sign-On with aspecial user ID and password, and then, when they access their secured applications, theTivoli Access Manager for Enterprise Single Sign-On agent enters their stored credentialsautomatically without the users needing to do so. Tivoli Access Manager for Enterprise SingleSign-On provides the usual features associated with password security, for example,password length, aging policy, and so forth.This IBM Redpapers publication is based on a set of exercises that was produced for theEuropean Tivoli Technical Conference 2010. It shows how to configure Tivoli AccessManager for Enterprise Single Sign-On to use additional or alternative methods ofauthentication when users log on to provide a greater degree of security (strongerauthentication).This paper is intended to complement the product documentation and should be read inconjunction with it. In particular, you should refer to the Setup Guide.The team who wrote this paperThis paper was produced by a team of specialists from around the world working at theInternational Technical Support Organization, Austin Center.Axel Buecker is a Certified Consulting Software IT Specialist at the International TechnicalSupport Organization, Austin Center. He writes extensively and teaches IBM classesworldwide on areas of Software Security Architecture and Network Computing Technologies.He holds a degree in computer science from the University of Bremen, Germany. He has 25years of experience in a variety of areas related to Workstation and Systems Management,Network Computing, and e-business Solutions. Before joining the ITSO in March 2000, Axelworked for IBM in Germany as a Senior IT Specialist in Software Security Architecture.Abdul Baki is an IT Specialist who works with customers using early versions of IBM Securityproducts as part of his role managing worldwide Beta Programs. He holds a degree inComputer Communication and Networks from the University of Westminster, U.K., and is amember of the British Computer Society. Abdul works at the IBM Hursley developmentlaboratory in Hursley, U.K.Matthew Boult is a Product Introduction Specialist in the IBM SWG Early Programsorganization. He is based in Hursley in the U.K. and runs worldwide early programs for Tivoliproducts, generating feedback to development, creating reference accounts, and promotingsales enablement through early education and the production of intellectual capital. He hasmore than 30 years of experience in the IT industry and has been working with Tivoli sincethe acquisition of the company by IBM, initially providing post-sales technical support andlater designing and implementing solutions for outsourced customers. He has been workingwith Tivoli Access Manager for Enterprise Single Sign-On since running the beta program forv8.1 in 2009.Many thanks to Sven Gossel at charismathics gmbh for providing the smart card middleware,smart cards, and card readers used in producing this IBM Redpaper . Copyright IBM Corp. 2011. All rights reserved.vii
Now you can become a published author, too!Here’s an opportunity to spotlight your skills, grow your career, and become a publishedauthor—all at the same time! Join an ITSO residency project and help write a book in yourarea of expertise, while honing your experience using leading-edge technologies. Your effortswill help to increase product acceptance and customer satisfaction, as you expand yournetwork of technical contacts and relationships. Residencies run from two to six weeks inlength, and you can participate either in person or as a remote resident working from yourhome base.Find out more about the residency program, browse the residency index, and apply online at:ibm.com/redbooks/residencies.htmlComments welcomeYour comments are important to us!We want our papers to be as helpful as possible. Send us your comments about this paper orother IBM Redbooks publications in one of the following ways: Use the online Contact us review Redbooks form found at:ibm.com/redbooks Send your comments in an email to:redbooks@us.ibm.com Mail your comments to:IBM Corporation, International Technical Support OrganizationDept. HYTD Mail Station P0992455 South RoadPoughkeepsie, NY 12601-5400Stay connected to IBM Redbooks Find us on Facebook:http://www.facebook.com/IBMRedbooks Follow us on Twitter:http://twitter.com/ibmredbooks Look for us on LinkedIn:http://www.linkedin.com/groups?home &gid 2130806 Explore new Redbooks publications, residencies, and workshops with the IBM Redbooksweekly sf/subscribe?OpenForm Stay current on recent Redbooks publications with RSS iguring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
1Chapter 1.Configuring authentication touse smart cardsThis chapter explains how to configure an existing Tivoli Access Manager for EnterpriseSingle Sign-On environment to use smart cards as additional authentication factors.Note: You can use a USB token instead of a smart card and reader.This chapter includes the following topics: “Prerequisite environment” on page 2“Testing smart card compatibility” on page 2“Configuring the certificate authority” on page 4“Importing the CA root certificate to the IBM HTTP Server truststore, part 1” on page 7“Importing the CA root certificate to the IBM HTTP Server trust store, part 2” on page 9“Enabling two-way SSL on IBM HTTP Server” on page 16“Creating IMS policies for smart card use” on page 17Assigning the new template to the client workstation“Modifying user default template to accept smart cards for authentication” on page 20“Issuing a certificate to a smart card” on page 22“Registering a smart card to user” on page 28 Copyright IBM Corp. 2011. All rights reserved.1
1.1 Prerequisite environmentTo run this exercise, you need the following resources. Refer to the Tivoli Access Manager forEnterprise Single Sign-On product documentation for platform requirements andconfiguration instructions. Integrated Management System Server (IBM IMS Server)– Microsoft Certificate Server– Internet Information Services– Tivoli Access Manager for Enterprise Single Sign-On 8.1 IMS prerequisites IBM WebSphere Application Server IBM HTTP Server A supported database (for example IBM DB2 )– Smart card middlewareNote: This scenario uses the Charismathics Smart Security Interface (CSSI). Client––––Tivoli Access Manager for Enterprise Single Sign-On 8.1 AccessAgentSmart card middlewareInitialized smart card and reader or USB tokenDrivers for reader or token Active Directory– Domain containing computers and user accounts1.2 Testing smart card compatibilityThe Smart Card Compatibility Tool is supplied with Tivoli Access Manager for EnterpriseSingle Sign-On V8.1 installation files. The tool is installed in the SCardCompatTool versiondirectory.You can test smart card compatibility in the following way:1. Create a mycsp.ini configuration file that contains details of the location of the smart cardmiddleware driver, using the supplied example.ini file for guidance.2. Run the following command from the command line:SCardCompatTool.exe -i mycsp.ini -o output file nameThe following prompt appears:Insert the smart card that you wish to test. Press Enter to proceed.2Configuring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
3. Insert the smart card into the reader, and press Enter. Then, enter the PIN whenprompted. Figure 1-1 shows the tests.Figure 1-1 Smart card compatibility tool4. Verify that the test was successful by examining the output file. If the test is successful,continue to the next section.Note: You must initialize the smart card or USB token first. This process is outside thescope of this paper. Refer to the smart card middleware documentation for informationabout how to enable new smart cards.Chapter 1. Configuring authentication to use smart cards3
1.3 Configuring the certificate authorityNext, configure the certificate authority (CA) on the IMS Server:1. Launch the Microsoft Certification Authority by navigating to Start AdministrativeTools Certification Authority, as shown in Figure 1-2.Figure 1-2 Launching the Microsoft Certification Authority4Configuring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
2. A window opens that displays details about the CA. In the left pane, select the CA server,and then select the Certificate Templates directory. The available certificate templatesare displayed in the right pane, as shown in Figure 1-3.Figure 1-3 Available certificate templates3. To install the necessary templates (for example, the Smartcard User and SmartcardLogon templates), right-click in the right pane, and select New Certificate Template toIssue, as shown in Figure 1-4.Figure 1-4 New certificateChapter 1. Configuring authentication to use smart cards5
4. A list of available certificate templates appears. Scroll down, and select the SmartcardLogon and Smartcard User templates, as shown in Figure 1-5. (You can select multiplecertificate templates using the Ctrl key.) Click OK.Figure 1-5 Selecting the templatesThe smart card templates are added to the Certificate Template list, and the server is ready toissue certificates, as shown in Figure 1-6.Figure 1-6 Smart card certificates6Configuring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
1.4 Importing the CA root certificate to the IBM HTTP Servertruststore, part 1Now, obtain the CA root certificate by clicking Start Administrative Tools ActiveDirectory Users and Computers. The window shown in Figure 1-7 appears.This scenario uses the Microsoft Certificate Server to obtain the domain name.Figure 1-7 Opening the Active DirectoryNext, you need to obtain the Internet Information Services (IIS) server port number. Bydefault, the IIS port number is 80. However, because the IBM HTTP Server already requiresport 80, you need to modify the IIS port during installation.Chapter 1. Configuring authentication to use smart cards7
To find the IIS server port number, follow these steps:1. Go to Start Administrative Tools Internet Information Services (IIS) Manager, asshown in Figure 1-8.Figure 1-8 Opening the IIS Manager8Configuring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
2. Click the plus sign ( ) for the server from the left pane.3. Open the Web Sites directory, and right-click Default Web Site. If there is more than onewebsite, right-click the one that is available, not the one that is stopped.4. Select Properties. The window shown in Figure 1-9 opens. Several parameters appear,one of which is the TCP port. Note the value of the TCP port. (If the value is 80, change itto 81.Figure 1-9 TCP port value1.5 Importing the CA root certificate to the IBM HTTP Servertrust store, part 2Now that you have determined the domain name and the IIS port number, enter the followingaddress for the certificate server into the browser:http://domain name:IIS port number/certsrvThis opens the CA server page and allows certificates to be issued.Chapter 1. Configuring authentication to use smart cards9
Next, follow these steps:1. Click the Download a CA certificate, certificate chain, or CRL link, as shown inFigure 1-10.Figure 1-10 Downloading a certificate2. Enter the administrator's user ID and password at the prompt.3. At the next page, you are prompted to select an encoding method. The followingstandards are supported:– DER– Base 64This scenario uses the Base 64 standard. Select the Base 64 option, and click DownloadCA certificate, as shown in Figure 1-11.Figure 1-11 Downloading the Base 64 CA certificate10Configuring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
4. In the confirmation box, click Save, and select the location where you want to save thecertificate. Assign a name to the certificate, as shown in Figure 1-12.Figure 1-12 Saving the certificate5. After you obtain the root CA certificate, import it into the IBM HTTP Server trust store:Navigate to Start IBM WebSphere Application Server v7.0 Profiles AppSrv01 Administrative Console. On the left pane, expand Servers and then expand Server Types. On the right pane,under “Web servers,” select the desired server, as shown in Figure 1-13.Note: At the Administrative Console, you need to enter the WebSphere ApplicationServer administrator credentials.Figure 1-13 Administrative ConsoleChapter 1. Configuring authentication to use smart cards11
6. Under the Configuration tab, in the Additional Properties section, click Plug-in properties,as shown in Figure 1-14.Figure 1-14 Selecting Plug-in properties12Configuring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
7. Click Manage keys and certificates, as shown in Figure 1-15.Figure 1-15 Selecting Manage keys and certificatesChapter 1. Configuring authentication to use smart cards13
8. Then, click Signer certificates, as shown in Figure 1-16.Figure 1-16 Selecting signer certificates9. On the right pane of the next panel, complete the following information:– Alias: An alias name of your choice– File Name: Full path of the CA certificate that you created earlier10.Click OK, as shown in Figure 1-17. Save the changes when prompted to do so.Figure 1-17 Copying certificate to web server14Configuring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
11.On the left pane of the WAS Administrative Console, expand Servers and then expandServer Types. Select Web servers.On the right pane, select the desired web server, and then, under “Plug-in Properties,”click Copy to web server key store directory, as shown in Figure 1-18. The root CAcertificate is imported into the IBM HTTP Server trust store.Figure 1-18 Copying to key store12.Finally, restart the IBM HTTP Server. On the left pane of the WAS Administrative Console,expand Servers and then expand Server Types. Select Web servers On the right pane, select the webserver1 link, and click Stop. After webserver1 stops,select the link again, and click Start.Chapter 1. Configuring authentication to use smart cards15
1.6 Enabling two-way SSL on IBM HTTP ServerTo enable secure communications on the IBM HTTP Server, follow these steps:1. Log on to the WebSphere Application Server Administrative Console.2. Then, go to Server Server Types Web servers web server Configurationfile, as shown in Figure 1-19.Figure 1-19 Configuration file16Configuring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
3. Insert the following text between SSLProtocolDisable SSLv2 and SSLServerCert default,as shown in Figure 1-20:SSLClientAuth optionalFigure 1-20 Entering text4. Click OK. Then, on the next page, click OK again, and click Save.1.7 Creating IMS policies for smart card useTo create IMS policies for smart card use, follow these steps:1. Open a browser, and enter the IMS Server location. On the IMS Server page, select theAccessAdmin option.2. Enter the login details for the administrator for the IMS Server.3. On the left pane of the AccessAdmin panel, under Machine Policy Templates, click NewTemplate.Chapter 1. Configuring authentication to use smart cards17
4. On the “Create new policy template” panel, shown in Figure 1-21, enter the followinginformation:– Name: Name of the template. Assign a meaningful name.– Criteria: Indication that this template is for specific machines on your domain. Use thedefault option.– Authentication Policies: Smart card designation. Enter this into the text box.5. Click Add.Figure 1-21 Entering the new template information18Configuring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
6. Next, scroll further down on the “Create new policy template” panel, expand AccessAgentPolicies, and click Smart card policies.7. When prompted, select Yes to enable Windows smart card logon, and then click Add, asshown in Figure 1-22.Figure 1-22 Adding smart card policiesChapter 1. Configuring authentication to use smart cards19
1.8 Assigning the new template to the client workstationTo assign the new template to the client workstation, go to Machines Search. Enter anasterisk (*) in the “Search for” field and select Host name in the “Search by” drop-down.Make sure to select All templates in the “Search in template” drop-down list. Then, clickSearch to list the workstations that are connected to the IMS Server using AccessAgent, asshown in Figure 1-23.Figure 1-23 Listing the workstations connected to the IMS Server using AccessAgentSelect the desired workstation. Then, from Machine Template Assignment, select theSmart Card policy, and click Assign.1.9 Modifying user default template to accept smart cards forauthenticationTo modify the user default template to accept smart cards for authentication, follow thesesteps:1. Under the “Apply user policy templates” heading, select Default user template.2. On the new panel, click Authentication Policies. Then, enable the Smart card boxoption, and click Update.3. Under the “Search users” heading, click the Search link. Then, fill in the required fields tonarrow down your search and click Search.20Configuring Strong Authentication with IBM Tivoli Access Manager for Enterprise Single Sign-On
4. Select the users who require smart card use. Under the Apply user policy templateheading, select Default user template from the drop-down menu, and click Apply toselected results.5. At the confirmation prompt, click OK, as shown in Figure 1-24.Figure 1-24 Confirming modification to templateChapter 1. Configuring authentication to use smart cards21
6. A status bar displays the progress of applying the user template. When the task iscomplete, restart WebSphere Application Server, as shown in Figure 1-25.To stop WebSphere, select Start All Programs IBM WebSphere ApplicationServer Network Deployment V7.0 Profiles - AppSrv01 Stop the server.To restart WebSphere select Start All Programs IBM WebSphere ApplicationServer Network Deployment V7.0 Profiles AppSrv01 Start the server.Figure 1-25 Restarting WebSphere Application Server7. The AccessAgent icon on the client system displays a message for the computer to berestarte
IBM Tivoli Access Manager for Enterprise Single Sign-On automates sign-on and access to enterprise applications, eliminating the need to remember and manage user names and passwords. Users log on to Tivoli Access Manager for Enterprise Single Sign-On with a special user ID and password, and then, when they access their secured applications, the
Block Diagram System Functional Di erence Equation System Function Unit-Sample Response Delay Delay. strong X Y /strong . strong Y X /strong H (R ) 1 1 RR. 2. strong y /strong [ strong n /strong ] strong x /strong [ strong n /strong ] strong y /strong [ strong n /strong 1] strong y /strong [ strong n /strong 2] H (z) /p div class "b_factrow b_twofr" div class "b_vlist2col" ul li div strong File Size: /strong 796KB /div /li /ul ul li div strong Page Count: /strong 52 /div /li /ul /div /div /div
strong Volume /strong 26, strong Issue /strong 1 strong Summer /strong 2020 strong Stormbuster /strong INSIDE THIS strong ISSUE /strong Meet a Meteorologist 1- strong 2 /strong 25th Anniversary of the Great arrington Tornado strong 2 /strong -3 NWS Albany Spring Partners Meeting 4 Two May 2020 Tornadoes in Eastern New York 4- strong 6 /strong Spring Skywarn Sessions 7 hood friends didn strong Summer /strong Safety 7 Word Search & Word Scramble 8-9 Word Search & Word Scramble .
Insurance For The strong Summer /strong Road Trip. Introducing The "At-Home Version" Of Insurance Key Issues. Click here for PDF Archives. Back Issues: strong Volume 2 /strong - strong Issue /strong 20 - October 30, 2013. strong Volume 2 /strong - strong Issue /strong 21 - November 13, 2013: strong Volume 2 /strong - strong Issue /strong 22 - November 27, 2013: strong Volume 2 /strong - strong Issue /strong 23 -
strong SUMMER /strong 2014 NEWSLETTER - strong VOLUME /strong 35 strong ISSUE /strong 3 PAGE strong 2 /strong . LucindaClark(continued)!! . strong SUMMER /strong 2014 NEWSLETTER - strong VOLUME /strong 35 strong ISSUE /strong 3 PAGE strong 6 /strong . Policy on Local Poetry Groups Adopted by GPS Board ! The Georgia Poetry Society Board, in a effort to improve outreach to the community and to
Player Set Card strong # /strong Team Minor League Diego Cartaya Auto - Base PD-27 strong Dodgers /strong AZL strong Dodgers /strong Jacob Amaya Auto - Base PD-12 strong Dodgers /strong Rancho Cucamonga Quakes Josiah Gray Auto - Base PD-97 strong Dodgers /strong Tulsa Drillers Keibert Ruiz Auto - Base PD-189 strong Dodgers /strong Oklahoma strong City Dodgers /strong Keibert Ruiz Relic - Jumbo Patch JPR-KR strong Dodgers /strong Oklahoma strong City Dodgers /strong
strong Issue /strong at a Glance strong Volume /strong 14, strong Issue /strong 1 strong Summer /strong 2017. strong 2 Supervisory Insights Summer /strong 2017 Letter from the Director T he FDIC strives to make information available to our readers to help them navigate changes in laws, regulations, and the economic climate. This strong issue /strong
A PUBLICATION OF e.REPUBLIC strong ISSUE /strong 3 strong VOLUME /strong 12 EMERGENCYMGMT.COM strong STRATEGY AND LEADERSHIP IN CRITICAL TIMES Summer /strong 2017 A PUBLIC ATIO N OF e.REPUBLIC strong ISSUE /strong 3 strong VOLUME /strong 12 EMERGENCYMGMT.COM strong Summer /strong r 2017 EM07_cov.indd strong 2 6 /strong /20/17 3:25 PM 100 Blue Ravine Road Folsom, CA 95630 916-932-1300 www.erepublic.com Page #
CBER: strong Center /strong for Biologics Evaluation and strong Research /strong , FDA CC: NIH Clinical strong Center /strong CCR: strong Center for Cancer Research /strong , NCI CDC: Centers for Disease Control and Prevention CIT: strong Center /strong for Information Technology DCEG: Division of strong Cancer /strong Epidemiology and Genetics, NCI DOE: Department of Energy FAES: Foundation for Advanced Education in the Sciences
